| |
| |||||||
Log-Analyse und Auswertung: Win 8 diverse Funde PUP (Babylon) Win32/installcoreWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
17.09.2013, 21:09
| #1 |
 |  Win 8 diverse Funde PUP (Babylon) Win32/installcore Hallo, seit ein paar Tagen erlebe ich merkwürdige Website-Öffnungen auf meinem PC. AVAST verhindert zwar, dass sich die Seiten öffnen, aber ich will da auf Nummer sicher gehen. darum habe ich einige Scans vorgenommen und dabei bis zu 30 Funde gehabt. Es wäre sehr nett, wenn mir jemand bei der Säuberung helfen könnte. Gruß Andreas [CODE] FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 03
Ran by Lib! (administrator) on LIB-PC on 17-09-2013 16:21:13
Running from C:\Users\Lib!\Downloads
Microsoft Windows 8 Pro with Media Center (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
( ) C:\WINDOWS\system32\lxeecoms.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(IObit) C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe
(IObit) C:\Program Files\IObit\Start Menu 8\StartMenu8.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(IObit) C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe
(IObit) C:\Program Files\IObit\Start Menu 8\InstallServices32.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
() C:\Program Files\Lexmark Pro700 Series\lxeemon.exe
() C:\Program Files\Lexmark Pro700 Series\ezprint.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Secomba GmbH) C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [518040 2013-02-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [lxeemon.exe] - C:\Program Files\Lexmark Pro700 Series\lxeemon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] - C:\Program Files\Lexmark Pro700 Series\ezprint.exe [148280 2011-01-23] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Run: [IObit Malware Fighter] - C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [1549120 2013-08-16] (IObit)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [20097696 2013-06-27] (Google)
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Run: [googletalk] - C:\Program Files\Google\Google Talk\googletalk.exe [3293184 2007-11-21] (Google)
HKCU\...\Run: [Google Update] - C:\Users\Lib!\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-08] (Google Inc.)
HKCU\...\Run: [5D23D3981F5707EB30B576205889E4373F205214._service_run] - C:\Program Files\Google\Chrome\Application\chrome.exe [829392 2013-09-02] (Google Inc.)
HKCU\...\Run: [SansaDispatch] - C:\Users\Lib!\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [79872 2013-03-15] (SanDisk Corporation)
HKCU\...\Run: [SkyDrive] - C:\Users\Lib!\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-07-02] (Microsoft Corporation)
HKCU\...\Run: [icq] - C:\Users\Lib!\AppData\Roaming\ICQM\icq.exe [27598184 2013-06-10] (ICQ)
HKCU\...\Run: [BoxcryptorClassic.exe] - C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe [2239744 2013-07-23] (Secomba GmbH)
HKCU\...\Run: [KSS] - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
HKU\Administrator\...\RunOnce: [DPAPIKeyMig] - C:\Windows\system32\dpapimig.exe [ 2012-07-26] (Microsoft Corporation)
HKU\Administrator\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [ 2012-07-26] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Acer\Acer Bio Protection\PwdFilter
SSODL: EldosMountNotificator-cbfs4 - {C7A85558-0B63-40C8-A822-E19E8756C8C3} - C:\WINDOWS\system32\cbfsMntNtf4.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0510&m=travelmate_5730
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=240E0016EA6BD209&affID=119357&tsp=5004
SearchScopes: HKCU - {45129142-D920-4F60-94BA-D19C4B6EA99A} URL = hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {7B115865-B80C-4EDF-9CF9-3DDFFC1F5263} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~1\BROWER~1\ASCPlugin_Protection.dll (IObit)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Lib!\AppData\Roaming\Mozilla\Firefox\Profiles\538iy8y7.default
FF user.js: detected! => C:\Users\Lib!\AppData\Roaming\Mozilla\Firefox\Profiles\538iy8y7.default\user.js
FF NewTab: hxxp://www.google.com/firefox
FF DefaultSearchEngine: Startpage HTTPS - Deutsch
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Startpage HTTPS - Deutsch
FF Homepage: https://startpage.com/do/mypage.pl?prf=611834e20e5f38f93efe8a7ce2df79e4
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Lib!\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Lib!\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Lib!\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lib!\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lib!\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Lib!\AppData\Roaming\Mozilla\Firefox\Profiles\538iy8y7.default\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Users\Lib!\AppData\Roaming\Mozilla\Firefox\Profiles\538iy8y7.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Lib!\AppData\Roaming\Mozilla\Firefox\Profiles\538iy8y7.default\Extensions\ascsurfingprotection@iobit.com
FF Extension: goParentFolder - C:\Users\Lib!\AppData\Roaming\Mozilla\Firefox\Profiles\538iy8y7.default\Extensions\goParentFolder@alice.xpi
FF Extension: showParentFolder - C:\Users\Lib!\AppData\Roaming\Mozilla\Firefox\Profiles\538iy8y7.default\Extensions\showParentFolder@alice.xpi
FF Extension: No Name - C:\Users\Lib!\AppData\Roaming\Mozilla\Firefox\Profiles\538iy8y7.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
Chrome:
=======
CHR HomePage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=240E0016EA6BD209&affID=119357&tsp=5004
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Lib!\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb\3.2.1_0
CHR Extension: (Google Drive) - C:\Users\Lib!\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Lib!\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Lib!\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (avast! Online Security) - C:\Users\Lib!\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Lib!\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\Lib!\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Lib!\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)
R2 KSS; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
S2 lxeeCATSCustConnectService; C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\\lxeeserv.exe [193192 2010-04-14] (Lexmark International, Inc.)
R2 lxee_device; C:\WINDOWS\system32\lxeecoms.exe [598696 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 StartMenuService; C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe [75584 2013-05-02] (IObit)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-07-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R1 cbfs4; C:\WINDOWS\system32\drivers\cbfs4.sys [322112 2013-07-03] (EldoS Corporation)
S3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [21480 2013-03-23] (IObit)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 NETwNs32; C:\Windows\system32\DRIVERS\NETwNs32.sys [7518208 2012-06-02] (Intel Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [31752 2013-03-26] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [20944 2013-03-26] (IObit.com)
R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [15936 2013-07-03] (EldoS Corporation)
R3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-17 16:21 - 2013-09-17 16:21 - 00000000 ____D C:\FRST
2013-09-17 16:20 - 2013-09-17 16:20 - 01083437 _____ (Farbar) C:\Users\Lib!\Downloads\FRST.exe
2013-09-17 16:17 - 2013-09-17 16:17 - 02347384 _____ (ESET) C:\Users\Lib!\Downloads\esetsmartinstaller_deu.exe
2013-09-17 16:17 - 2013-09-17 16:17 - 00000000 ____D C:\Program Files\ESET
2013-09-17 15:55 - 2013-09-17 15:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-17 15:55 - 2013-09-17 15:55 - 00001093 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-17 15:55 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-09-17 15:14 - 2013-09-17 15:17 - 11678208 _____ C:\Users\Lib!\Downloads\Eroot 1.3.4.exe
2013-09-17 13:54 - 2013-09-17 13:55 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Lib!\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-09-17 13:53 - 2013-09-17 13:53 - 00001298 _____ C:\Users\Lib!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk
2013-09-17 13:52 - 2013-09-17 13:52 - 00001071 _____ C:\Users\Lib!\Desktop\Kaspersky Security Scan.lnk
2013-09-17 13:51 - 2013-09-17 13:51 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-17 13:51 - 2013-09-17 13:51 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-09-17 13:49 - 2013-09-17 13:49 - 00179984 _____ (Kaspersky Lab) C:\Users\Lib!\Downloads\kss12.0.1.117mlg_en-de_ru-de_fr-de_de-de.exe
2013-09-17 13:30 - 2013-09-17 13:30 - 43220992 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2013-09-17 13:30 - 2013-09-17 13:30 - 00442368 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2013-09-17 13:30 - 2013-09-17 13:30 - 00065536 _____ C:\WINDOWS\system32\config\SAM.iobit
2013-09-17 13:30 - 2013-09-17 13:30 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2013-09-17 13:25 - 2013-09-17 13:25 - 23398360 _____ (IObit ) C:\Users\Lib!\Downloads\asc-setup.exe
2013-09-17 13:24 - 2013-09-17 13:24 - 00001168 _____ C:\Users\Public\Desktop\Uninstaller.lnk
2013-09-17 13:24 - 2013-09-17 13:24 - 00001156 _____ C:\Users\Lib!\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-09-17 13:24 - 2013-09-17 13:24 - 00001111 _____ C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
2013-09-17 12:31 - 2013-09-17 13:22 - 00000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
2013-09-17 12:25 - 2013-09-17 12:29 - 00001764 _____ C:\WINDOWS\setupact.log
2013-09-17 12:25 - 2013-09-17 12:25 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-09-13 13:36 - 2013-09-16 13:42 - 00016864 _____ C:\Users\Lib!\Documents\Vodafone.odt
2013-09-13 13:09 - 2013-09-17 13:09 - 00000093 _____ C:\Users\Lib!\AppData\Roaming\WB.CFG
2013-09-13 13:09 - 2013-09-17 13:09 - 00000005 _____ C:\Users\Lib!\AppData\Roaming\WBPU-TTL.DAT
2013-09-13 13:01 - 2013-09-17 16:14 - 00009634 _____ C:\WINDOWS\PFRO.log
2013-09-13 12:06 - 2013-09-17 15:09 - 00000304 _____ C:\WINDOWS\Tasks\DSite.job
2013-09-13 12:06 - 2013-09-13 12:06 - 00000000 ____D C:\Users\Lib!\AppData\Roaming\DSite
2013-09-13 12:06 - 2013-09-13 12:06 - 00000000 ____D C:\Users\Lib!\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-09-13 12:06 - 2013-09-13 12:06 - 00000000 ____D C:\Users\Lib!\AppData\Local\avgchrome
2013-09-13 12:06 - 2013-09-13 12:06 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-13 12:06 - 2013-09-13 12:06 - 00000000 ____D C:\ProgramData\Babylon
2013-09-13 12:01 - 2013-09-13 12:01 - 00001117 _____ C:\Users\Lib!\Desktop\Nexus Root Toolkit.lnk
2013-09-13 12:01 - 2013-09-13 12:01 - 00000000 ____D C:\Users\Lib!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wugs Nexus Root Tookit
2013-09-13 12:01 - 2013-09-13 12:01 - 00000000 ____D C:\Users\Lib!\.android
2013-09-13 12:01 - 2013-09-13 12:01 - 00000000 ____D C:\Program Files\WugFresh Development
2013-09-13 11:57 - 2013-09-13 11:58 - 67797630 _____ C:\Users\Lib!\Downloads\NRT_v1.7.2.sfx(1).exe
2013-09-13 11:35 - 2013-09-13 11:35 - 00310032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-12 16:36 - 2013-09-17 12:39 - 00124187 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-12 14:39 - 2013-09-12 14:39 - 00001839 _____ C:\Users\Public\Desktop\PrivaZer.lnk
2013-09-12 14:38 - 2013-09-12 16:58 - 00000000 ____D C:\Users\Lib!\AppData\Local\PrivaZer
2013-09-12 14:38 - 2013-09-12 14:39 - 00000000 ____D C:\Program Files\PrivaZer
2013-09-12 14:38 - 2013-09-12 14:38 - 00001869 _____ C:\Users\Lib!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
2013-09-12 14:38 - 2013-09-12 14:38 - 00000000 ____D C:\Users\Lib!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer
2013-09-12 14:36 - 2013-09-12 14:36 - 05085320 _____ (Goversoft LLC) C:\Users\Lib!\Downloads\privazer_free_2.2.exe
2013-09-12 14:35 - 2013-09-12 14:35 - 00001890 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2013-09-12 14:18 - 2013-09-12 14:18 - 00000000 ____D C:\Users\Lib!\AppData\Local\Secunia PSI
2013-09-12 14:18 - 2013-09-12 14:18 - 00000000 ____D C:\Program Files\Secunia
2013-09-12 14:17 - 2013-09-12 14:17 - 03272136 _____ (Secunia) C:\Users\Lib!\Downloads\PSISetup711.exe
2013-09-12 14:14 - 2013-09-12 14:14 - 00001032 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-12 14:11 - 2013-09-12 14:12 - 23003252 _____ C:\Users\Lib!\Downloads\vlc-2.0.8-win32.exe
2013-09-12 14:11 - 2013-09-12 14:12 - 00000000 ____D C:\ProgramData\Oracle
2013-09-12 14:11 - 2013-09-12 14:11 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-09-12 14:11 - 2013-09-12 14:11 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-09-12 14:11 - 2013-09-12 14:11 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-09-12 14:11 - 2013-09-12 14:11 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-09-12 14:11 - 2013-09-12 14:11 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-12 14:09 - 2013-09-12 14:09 - 00913832 _____ (Oracle Corporation) C:\Users\Lib!\Downloads\jre-7u40-windows-i586-iftw.exe
2013-09-11 12:44 - 2013-09-05 22:09 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-11 12:44 - 2013-09-05 22:09 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-11 12:15 - 2013-08-16 01:59 - 02156392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2013-09-11 12:15 - 2013-08-16 01:59 - 00052656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-09-11 12:15 - 2013-08-16 01:21 - 00051544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2013-09-11 12:15 - 2013-08-16 01:08 - 00199872 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2013-09-11 12:15 - 2013-08-16 00:43 - 03831808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2013-09-11 12:15 - 2013-08-16 00:43 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00083968 _____ C:\WINDOWS\system32\OEMLicense.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-09-11 12:15 - 2013-08-16 00:43 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2013-09-11 12:15 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2013-09-11 12:15 - 2013-08-16 00:42 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2013-09-11 12:15 - 2013-08-16 00:42 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2013-09-11 12:15 - 2013-08-16 00:42 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-09-11 12:15 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2013-09-11 12:15 - 2013-08-16 00:42 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2013-09-11 12:15 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2013-09-11 12:15 - 2013-08-10 05:58 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2013-09-11 12:15 - 2013-08-02 07:08 - 17561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2013-09-11 12:15 - 2013-08-02 07:08 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-09-11 12:15 - 2013-08-02 07:08 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2013-09-11 12:15 - 2013-08-02 07:06 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-09-11 12:15 - 2013-08-01 10:45 - 01800536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-09-11 12:15 - 2013-07-31 01:29 - 00386923 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-09-11 12:15 - 2013-07-25 01:10 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2013-09-11 12:15 - 2013-07-13 06:23 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2013-09-11 12:15 - 2013-04-10 00:29 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2013-09-11 12:14 - 2013-08-03 07:14 - 00399360 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmon.ocx
2013-09-11 12:14 - 2013-08-03 07:13 - 01245696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2013-09-11 12:14 - 2013-08-03 07:13 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvc.dll
2013-09-11 12:13 - 2013-08-03 06:17 - 03390464 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-09-11 12:12 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-09-11 12:12 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-09-11 12:12 - 2013-08-21 04:06 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-09-11 12:12 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-09-11 12:12 - 2013-08-21 04:06 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-09-11 12:12 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-09-11 12:12 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-09-11 12:12 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-09-11 12:12 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-09-11 12:12 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-09-11 12:12 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-09-11 12:12 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-09-11 12:12 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-09-11 12:12 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-09-11 12:12 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-09-11 12:12 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-09-10 15:09 - 2013-09-10 15:09 - 00000000 ____D C:\Program Files\Classic Shell
2013-09-10 14:59 - 2013-09-10 15:00 - 08437760 _____ (IvoSoft) C:\Users\Lib!\Downloads\ClassicShellSetup_3_6_8.exe
2013-09-05 15:33 - 2013-09-05 15:33 - 00002089 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-05 15:33 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-09-05 15:33 - 2013-08-30 09:48 - 00061680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2013-09-05 15:33 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-09-05 15:33 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-09-05 15:32 - 2013-09-05 15:32 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-05 15:32 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-09-05 15:32 - 2013-08-30 09:48 - 00177864 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-09-05 15:32 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-09-05 15:32 - 2013-08-30 09:48 - 00049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-09-05 15:32 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-09-05 15:32 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-09-05 15:31 - 2013-09-05 15:32 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-05 15:28 - 2013-09-05 15:31 - 131918888 _____ C:\Users\Lib!\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-09-05 15:21 - 2013-09-05 15:21 - 00226356 _____ C:\ProgramData\1378387265.bdinstall.bin
2013-09-05 14:27 - 2013-09-05 15:08 - 00094659 _____ C:\ProgramData\1378384050.5552.bin
2013-09-05 14:27 - 2013-09-05 14:28 - 00022481 _____ C:\ProgramData\1378384050.6928.bin
2013-09-05 14:27 - 2013-09-05 14:28 - 00003004 _____ C:\ProgramData\1378384050.5668.bin
2013-09-05 14:27 - 2013-09-05 14:27 - 00000670 _____ C:\ProgramData\1378384050.7800.bin
2013-09-04 16:19 - 2013-09-04 16:19 - 00526188 _____ C:\ProgramData\1378303864.bdinstall.bin
2013-09-04 15:18 - 2013-09-04 15:37 - 00023337 _____ C:\ProgramData\1378300613.4908.bin
2013-09-04 15:17 - 2013-09-04 15:19 - 00002935 _____ C:\ProgramData\1378300613.7616.bin
2013-09-04 15:17 - 2013-09-04 15:18 - 00000670 _____ C:\ProgramData\1378300613.7944.bin
2013-09-04 15:16 - 2013-09-04 15:36 - 00093654 _____ C:\ProgramData\1378300613.7636.bin
2013-09-03 15:55 - 2013-09-03 15:56 - 38828680 _____ (Intel Corporation) C:\Users\Lib!\Downloads\Win7Vista_151719.exe
2013-09-03 11:44 - 2013-09-03 11:45 - 67797630 _____ C:\Users\Lib!\Downloads\NRT_v1.7.2.sfx.exe
2013-08-26 12:36 - 2013-08-26 12:45 - 00000000 ____D C:\ProgramData\Dumps
2013-08-22 13:17 - 2013-08-22 13:18 - 00000000 ____D C:\Users\Lib!\Downloads\nettool
2013-08-22 13:17 - 2013-08-22 13:17 - 00987741 _____ (A.I.SOFT,INC.) C:\Users\Lib!\Downloads\nettool_1260.EXE
2013-08-22 13:10 - 2013-08-22 13:10 - 00000000 ___RD C:\Users\Lib!\AppData\Roaming\Brother
2013-08-22 13:07 - 2013-08-22 13:13 - 00000432 _____ C:\WINDOWS\BRWMARK.INI
2013-08-22 13:07 - 2013-08-22 13:07 - 00000034 _____ C:\WINDOWS\system32\BD2030.DAT
2013-08-22 11:05 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2013-08-22 11:05 - 2013-07-09 06:16 - 00097112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2013-08-22 11:05 - 2013-07-09 05:58 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2013-08-22 11:05 - 2013-07-09 05:58 - 00317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanadvui.dll
2013-08-22 11:05 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2013-08-22 11:05 - 2013-07-04 04:14 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2013-08-22 11:05 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2013-08-22 11:05 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2013-08-22 11:05 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-08-22 11:05 - 2013-07-03 02:10 - 01075200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-08-22 11:05 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\openfiles.exe
2013-08-22 11:05 - 2013-06-29 06:45 - 00296280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2013-08-22 11:05 - 2013-06-29 06:29 - 00159576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2013-08-22 11:05 - 2013-06-29 06:29 - 00105304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2013-08-22 11:05 - 2013-06-26 04:29 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2013-08-22 11:05 - 2013-06-26 04:27 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys
2013-08-22 11:05 - 2013-06-25 01:10 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2013-08-22 11:05 - 2013-06-25 01:09 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2013-08-22 11:05 - 2013-06-25 01:09 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2013-08-22 11:05 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2013-08-22 11:05 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2013-08-22 11:05 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2013-08-22 11:05 - 2013-06-10 21:52 - 00038656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2013-08-22 11:05 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2013-08-22 11:05 - 2013-06-10 21:10 - 00679936 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2013-08-22 11:05 - 2013-06-10 21:10 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2013-08-22 11:05 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2013-08-22 11:05 - 2013-06-06 08:03 - 00097024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2013-08-21 15:43 - 2013-08-21 15:43 - 11174373 _____ C:\Users\Lib!\Downloads\ncid.Net_2.7.17.zip
2013-08-21 15:41 - 2013-08-21 15:41 - 00247043 _____ C:\Users\Lib!\Downloads\config_A803.bin
2013-08-21 11:37 - 2013-08-21 11:37 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-08-21 11:22 - 2013-08-21 11:22 - 00001937 _____ C:\Users\Public\Desktop\Start Menu 8.lnk
2013-08-21 11:01 - 2013-08-21 11:01 - 00001139 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2013-08-21 10:44 - 2013-08-21 10:44 - 21824552 _____ (IObit ) C:\Users\Lib!\Downloads\imf-setup(1).exe
2013-08-20 13:59 - 2013-08-20 13:59 - 00000633 _____ C:\Users\Lib!\Desktop\JRT.txt
2013-08-20 13:52 - 2013-08-20 13:52 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-20 13:27 - 2013-08-20 13:27 - 00002684 _____ C:\AdwCleaner[S1].txt
2013-08-20 13:26 - 2013-08-20 13:26 - 00002812 _____ C:\AdwCleaner[R2].txt
2013-08-20 13:26 - 2013-08-20 13:26 - 00000103 ____H C:\.~lock.AdwCleaner[R2].txt#
2013-08-20 13:25 - 2013-08-20 13:25 - 00002752 _____ C:\AdwCleaner[R1].txt
2013-08-20 13:12 - 2013-08-20 13:12 - 01018949 _____ (Thisisu) C:\Users\Lib!\Downloads\JRT.exe
2013-08-20 13:11 - 2013-08-20 13:11 - 00666633 _____ C:\Users\Lib!\Downloads\adwcleaner.exe
2013-08-20 13:06 - 2013-08-20 13:06 - 02347384 _____ (ESET) C:\Users\Lib!\Downloads\esetsmartinstaller_enu.exe
2013-08-20 11:34 - 2013-09-13 12:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-20 07:02 - 2013-08-20 07:02 - 00084248 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2013-08-19 11:03 - 2013-08-19 11:03 - 00000830 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2013-08-19 10:54 - 2013-08-19 10:54 - 00001757 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-19 10:53 - 2013-08-19 10:54 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-19 10:53 - 2013-08-19 10:54 - 00000000 ____D C:\Program Files\iTunes
2013-08-19 10:53 - 2013-08-19 10:53 - 00000000 ____D C:\Program Files\iPod
==================== One Month Modified Files and Folders =======
2013-09-17 16:21 - 2013-09-17 16:21 - 00000000 ____D C:\FRST
2013-09-17 16:20 - 2013-09-17 16:20 - 01083437 _____ (Farbar) C:\Users\Lib!\Downloads\FRST.exe
2013-09-17 16:17 - 2013-09-17 16:17 - 02347384 _____ (ESET) C:\Users\Lib!\Downloads\esetsmartinstaller_deu.exe
2013-09-17 16:17 - 2013-09-17 16:17 - 00000000 ____D C:\Program Files\ESET
2013-09-17 16:16 - 2013-01-08 15:28 - 00024106 _____ C:\ProgramData\lxeescan.log
2013-09-17 16:14 - 2013-09-13 13:01 - 00009634 _____ C:\WINDOWS\PFRO.log
2013-09-17 16:14 - 2013-01-08 13:35 - 00001104 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-17 16:14 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-17 16:13 - 2012-07-26 06:17 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-09-17 16:03 - 2013-01-08 16:46 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-09-17 16:01 - 2013-01-08 13:35 - 00001108 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-17 16:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-09-17 15:56 - 2013-09-17 15:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-17 15:55 - 2013-09-17 15:55 - 00001093 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-17 15:27 - 2013-01-29 15:42 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1169222016-1261099759-1113318950-1003UA.job
2013-09-17 15:17 - 2013-09-17 15:14 - 11678208 _____ C:\Users\Lib!\Downloads\Eroot 1.3.4.exe
2013-09-17 15:09 - 2013-09-13 12:06 - 00000304 _____ C:\WINDOWS\Tasks\DSite.job
2013-09-17 13:55 - 2013-09-17 13:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Lib!\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-09-17 13:53 - 2013-09-17 13:53 - 00001298 _____ C:\Users\Lib!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk
2013-09-17 13:52 - 2013-09-17 13:52 - 00001071 _____ C:\Users\Lib!\Desktop\Kaspersky Security Scan.lnk
2013-09-17 13:51 - 2013-09-17 13:51 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-17 13:51 - 2013-09-17 13:51 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-09-17 13:49 - 2013-09-17 13:49 - 00179984 _____ (Kaspersky Lab) C:\Users\Lib!\Downloads\kss12.0.1.117mlg_en-de_ru-de_fr-de_de-de.exe
2013-09-17 13:30 - 2013-09-17 13:30 - 43220992 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2013-09-17 13:30 - 2013-09-17 13:30 - 00442368 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2013-09-17 13:30 - 2013-09-17 13:30 - 00065536 _____ C:\WINDOWS\system32\config\SAM.iobit
2013-09-17 13:30 - 2013-09-17 13:30 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2013-09-17 13:30 - 2013-01-07 17:08 - 00000000 ____D C:\Users\Lib!
2013-09-17 13:27 - 2013-01-29 15:42 - 00001078 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1169222016-1261099759-1113318950-1003Core.job
2013-09-17 13:25 - 2013-09-17 13:25 - 23398360 _____ (IObit ) C:\Users\Lib!\Downloads\asc-setup.exe
2013-09-17 13:24 - 2013-09-17 13:24 - 00001168 _____ C:\Users\Public\Desktop\Uninstaller.lnk
2013-09-17 13:24 - 2013-09-17 13:24 - 00001156 _____ C:\Users\Lib!\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-09-17 13:24 - 2013-09-17 13:24 - 00001111 _____ C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
2013-09-17 13:22 - 2013-09-17 12:31 - 00000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
2013-09-17 13:09 - 2013-09-13 13:09 - 00000093 _____ C:\Users\Lib!\AppData\Roaming\WB.CFG
2013-09-17 13:09 - 2013-09-13 13:09 - 00000005 _____ C:\Users\Lib!\AppData\Roaming\WBPU-TTL.DAT
2013-09-17 13:04 - 2013-01-09 13:15 - 00071012 _____ C:\ProgramData\lxeeJSW.log
2013-09-17 12:39 - 2013-09-12 16:36 - 00124187 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-17 12:29 - 2013-09-17 12:25 - 00001764 _____ C:\WINDOWS\setupact.log
2013-09-17 12:25 - 2013-09-17 12:25 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-09-17 12:22 - 2013-01-07 17:16 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-09-17 11:46 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-09-16 14:00 - 2010-07-30 13:01 - 00000000 ____D C:\Users\Lib!\Documents\Jülich
2013-09-16 13:42 - 2013-09-13 13:36 - 00016864 _____ C:\Users\Lib!\Documents\Vodafone.odt
2013-09-13 13:13 - 2013-02-19 14:53 - 00000000 ____D C:\Users\Lib!\AppData\Local\Adobe
2013-09-13 12:06 - 2013-09-13 12:06 - 00000000 ____D C:\Users\Lib!\AppData\Roaming\DSite
2013-09-13 12:06 - 2013-09-13 12:06 - 00000000 ____D C:\Users\Lib!\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-09-13 12:06 - 2013-09-13 12:06 - 00000000 ____D C:\Users\Lib!\AppData\Local\avgchrome
2013-09-13 12:06 - 2013-09-13 12:06 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-13 12:06 - 2013-09-13 12:06 - 00000000 ____D C:\ProgramData\Babylon
2013-09-13 12:06 - 2013-08-20 11:34 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-13 12:01 - 2013-09-13 12:01 - 00001117 _____ C:\Users\Lib!\Desktop\Nexus Root Toolkit.lnk
2013-09-13 12:01 - 2013-09-13 12:01 - 00000000 ____D C:\Users\Lib!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wugs Nexus Root Tookit
2013-09-13 12:01 - 2013-09-13 12:01 - 00000000 ____D C:\Users\Lib!\.android
2013-09-13 12:01 - 2013-09-13 12:01 - 00000000 ____D C:\Program Files\WugFresh Development
2013-09-13 11:58 - 2013-09-13 11:57 - 67797630 _____ C:\Users\Lib!\Downloads\NRT_v1.7.2.sfx(1).exe
2013-09-13 11:35 - 2013-09-13 11:35 - 00310032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-12 16:58 - 2013-09-12 14:38 - 00000000 ____D C:\Users\Lib!\AppData\Local\PrivaZer
2013-09-12 15:26 - 2013-01-16 16:45 - 00000000 ____D C:\Users\Lib!\AppData\Local\Paint.NET
2013-09-12 15:22 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2013-09-12 14:39 - 2013-09-12 14:39 - 00001839 _____ C:\Users\Public\Desktop\PrivaZer.lnk
2013-09-12 14:39 - 2013-09-12 14:38 - 00000000 ____D C:\Program Files\PrivaZer
2013-09-12 14:38 - 2013-09-12 14:38 - 00001869 _____ C:\Users\Lib!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
2013-09-12 14:38 - 2013-09-12 14:38 - 00000000 ____D C:\Users\Lib!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer
2013-09-12 14:36 - 2013-09-12 14:36 - 05085320 _____ (Goversoft LLC) C:\Users\Lib!\Downloads\privazer_free_2.2.exe
2013-09-12 14:35 - 2013-09-12 14:35 - 00001890 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2013-09-12 14:32 - 2013-02-05 14:11 - 00000000 ____D C:\Program Files\Java
2013-09-12 14:18 - 2013-09-12 14:18 - 00000000 ____D C:\Users\Lib!\AppData\Local\Secunia PSI
2013-09-12 14:18 - 2013-09-12 14:18 - 00000000 ____D C:\Program Files\Secunia
2013-09-12 14:17 - 2013-09-12 14:17 - 03272136 _____ (Secunia) C:\Users\Lib!\Downloads\PSISetup711.exe
2013-09-12 14:14 - 2013-09-12 14:14 - 00001032 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-12 14:12 - 2013-09-12 14:11 - 23003252 _____ C:\Users\Lib!\Downloads\vlc-2.0.8-win32.exe
2013-09-12 14:12 - 2013-09-12 14:11 - 00000000 ____D C:\ProgramData\Oracle
2013-09-12 14:11 - 2013-09-12 14:11 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-09-12 14:11 - 2013-09-12 14:11 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-09-12 14:11 - 2013-09-12 14:11 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-09-12 14:11 - 2013-09-12 14:11 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-09-12 14:11 - 2013-09-12 14:11 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-12 14:11 - 2013-01-08 14:08 - 00868264 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-09-12 14:11 - 2013-01-08 14:08 - 00790440 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-09-12 14:09 - 2013-09-12 14:09 - 00913832 _____ (Oracle Corporation) C:\Users\Lib!\Downloads\jre-7u40-windows-i586-iftw.exe
2013-09-12 13:50 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-09-12 13:38 - 2013-07-02 13:01 - 00001294 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2013-09-12 13:38 - 2013-01-16 16:47 - 00000000 ____D C:\Program Files\Paint.NET
2013-09-11 14:42 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\rescache
2013-09-11 12:44 - 2013-01-07 17:20 - 00000000 ___RD C:\Users\Lib!\AppData\Local\MicrosoftNT
2013-09-11 12:40 - 2012-07-26 08:53 - 00000000 ___RD C:\WINDOWS\ToastData
2013-09-11 12:40 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\WinStore
2013-09-11 12:40 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\de-DE
2013-09-11 12:21 - 2013-07-11 13:18 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-09-11 12:18 - 2013-01-07 17:44 - 76725432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-09-11 12:06 - 2013-01-08 15:34 - 00000000 ____D C:\ProgramData\lx_Cats
2013-09-10 15:09 - 2013-09-10 15:09 - 00000000 ____D C:\Program Files\Classic Shell
2013-09-10 15:00 - 2013-09-10 14:59 - 08437760 _____ (IvoSoft) C:\Users\Lib!\Downloads\ClassicShellSetup_3_6_8.exe
2013-09-05 22:09 - 2013-09-11 12:44 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-05 22:09 - 2013-09-11 12:44 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-05 15:33 - 2013-09-05 15:33 - 00002089 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-05 15:32 - 2013-09-05 15:32 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-05 15:32 - 2013-09-05 15:31 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-05 15:32 - 2012-07-26 08:53 - 00002577 _____ C:\WINDOWS\system32\config.nt
2013-09-05 15:31 - 2013-09-05 15:28 - 131918888 _____ C:\Users\Lib!\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-09-05 15:23 - 2012-07-26 08:53 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2013-09-05 15:21 - 2013-09-05 15:21 - 00226356 _____ C:\ProgramData\1378387265.bdinstall.bin
2013-09-05 15:21 - 2013-01-08 16:58 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-09-05 15:08 - 2013-09-05 14:27 - 00094659 _____ C:\ProgramData\1378384050.5552.bin
2013-09-05 14:28 - 2013-09-05 14:27 - 00022481 _____ C:\ProgramData\1378384050.6928.bin
2013-09-05 14:28 - 2013-09-05 14:27 - 00003004 _____ C:\ProgramData\1378384050.5668.bin
2013-09-05 14:27 - 2013-09-05 14:27 - 00000670 _____ C:\ProgramData\1378384050.7800.bin
2013-09-04 16:20 - 2012-07-26 06:17 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-09-04 16:19 - 2013-09-04 16:19 - 00526188 _____ C:\ProgramData\1378303864.bdinstall.bin
2013-09-04 15:37 - 2013-09-04 15:18 - 00023337 _____ C:\ProgramData\1378300613.4908.bin
2013-09-04 15:36 - 2013-09-04 15:16 - 00093654 _____ C:\ProgramData\1378300613.7636.bin
2013-09-04 15:19 - 2013-09-04 15:17 - 00002935 _____ C:\ProgramData\1378300613.7616.bin
2013-09-04 15:18 - 2013-09-04 15:17 - 00000670 _____ C:\ProgramData\1378300613.7944.bin
2013-09-03 15:56 - 2013-09-03 15:55 - 38828680 _____ (Intel Corporation) C:\Users\Lib!\Downloads\Win7Vista_151719.exe
2013-09-03 11:45 - 2013-09-03 11:44 - 67797630 _____ C:\Users\Lib!\Downloads\NRT_v1.7.2.sfx.exe
2013-09-02 12:27 - 2013-01-07 17:38 - 00000000 ____D C:\Users\Lib!\AppData\Roaming\Mozilla
2013-08-30 09:48 - 2013-09-05 15:33 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2013-09-05 15:33 - 00061680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2013-09-05 15:33 - 00056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2013-09-05 15:33 - 00029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-08-30 09:48 - 2013-09-05 15:32 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2013-09-05 15:32 - 00177864 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-09-05 15:32 - 00066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2013-09-05 15:32 - 00049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-08-30 09:47 - 2013-09-05 15:32 - 00229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-08-30 09:47 - 2013-09-05 15:32 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-08-26 12:45 - 2013-08-26 12:36 - 00000000 ____D C:\ProgramData\Dumps
2013-08-26 12:38 - 2013-01-08 17:10 - 00000000 ____D C:\ProgramData\BDLogging
2013-08-22 16:12 - 2013-07-02 14:08 - 00000000 ____D C:\Users\Lib!\AppData\Roaming\vlc
2013-08-22 13:18 - 2013-08-22 13:17 - 00000000 ____D C:\Users\Lib!\Downloads\nettool
2013-08-22 13:17 - 2013-08-22 13:17 - 00987741 _____ (A.I.SOFT,INC.) C:\Users\Lib!\Downloads\nettool_1260.EXE
2013-08-22 13:13 - 2013-08-22 13:07 - 00000432 _____ C:\WINDOWS\BRWMARK.INI
2013-08-22 13:10 - 2013-08-22 13:10 - 00000000 ___RD C:\Users\Lib!\AppData\Roaming\Brother
2013-08-22 13:07 - 2013-08-22 13:07 - 00000034 _____ C:\WINDOWS\system32\BD2030.DAT
2013-08-21 15:43 - 2013-08-21 15:43 - 11174373 _____ C:\Users\Lib!\Downloads\ncid.Net_2.7.17.zip
2013-08-21 15:41 - 2013-08-21 15:41 - 00247043 _____ C:\Users\Lib!\Downloads\config_A803.bin
2013-08-21 11:37 - 2013-08-21 11:37 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-08-21 11:22 - 2013-08-21 11:22 - 00001937 _____ C:\Users\Public\Desktop\Start Menu 8.lnk
2013-08-21 11:01 - 2013-08-21 11:01 - 00001139 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2013-08-21 10:44 - 2013-08-21 10:44 - 21824552 _____ (IObit ) C:\Users\Lib!\Downloads\imf-setup(1).exe
2013-08-21 04:06 - 2013-09-11 12:12 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-08-21 04:06 - 2013-09-11 12:12 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-08-21 04:06 - 2013-09-11 12:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-08-21 04:06 - 2013-09-11 12:12 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-08-21 04:06 - 2013-09-11 12:12 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-08-21 04:05 - 2013-09-11 12:12 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-08-21 04:05 - 2013-09-11 12:12 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-08-21 04:05 - 2013-09-11 12:12 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-08-21 04:05 - 2013-09-11 12:12 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-08-21 04:05 - 2013-09-11 12:12 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-08-21 04:05 - 2013-09-11 12:12 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-08-21 04:05 - 2013-09-11 12:12 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-08-21 04:05 - 2013-09-11 12:12 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-08-21 04:05 - 2013-09-11 12:12 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-08-21 04:05 - 2013-09-11 12:12 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-08-21 03:43 - 2013-09-11 12:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-08-20 13:59 - 2013-08-20 13:59 - 00000633 _____ C:\Users\Lib!\Desktop\JRT.txt
2013-08-20 13:52 - 2013-08-20 13:52 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-20 13:27 - 2013-08-20 13:27 - 00002684 _____ C:\AdwCleaner[S1].txt
2013-08-20 13:26 - 2013-08-20 13:26 - 00002812 _____ C:\AdwCleaner[R2].txt
2013-08-20 13:26 - 2013-08-20 13:26 - 00000103 ____H C:\.~lock.AdwCleaner[R2].txt#
2013-08-20 13:25 - 2013-08-20 13:25 - 00002752 _____ C:\AdwCleaner[R1].txt
2013-08-20 13:17 - 2013-01-07 17:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-20 13:12 - 2013-08-20 13:12 - 01018949 _____ (Thisisu) C:\Users\Lib!\Downloads\JRT.exe
2013-08-20 13:11 - 2013-08-20 13:11 - 00666633 _____ C:\Users\Lib!\Downloads\adwcleaner.exe
2013-08-20 13:06 - 2013-08-20 13:06 - 02347384 _____ (ESET) C:\Users\Lib!\Downloads\esetsmartinstaller_enu.exe
2013-08-20 07:02 - 2013-08-20 07:02 - 00084248 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2013-08-19 11:03 - 2013-08-19 11:03 - 00000830 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2013-08-19 10:54 - 2013-08-19 10:54 - 00001757 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-19 10:54 - 2013-08-19 10:53 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-19 10:54 - 2013-08-19 10:53 - 00000000 ____D C:\Program Files\iTunes
2013-08-19 10:53 - 2013-08-19 10:53 - 00000000 ____D C:\Program Files\iPod
2013-08-19 10:53 - 2013-03-11 17:22 - 00000000 ____D C:\ProgramData\Apple Computer
2013-08-19 10:53 - 2013-03-11 17:19 - 00000000 ____D C:\Program Files\Common Files\Apple
Some content of TEMP:
====================
C:\Users\Lib!\AppData\Local\Temp\Quarantine.exe
C:\Users\Lib!\AppData\Local\Temp\uninst1.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-09 12:39
==================== End Of Log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:28 on 17/09/2013 (Lib!)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-09-2013 03 Ran by Lib! at 2013-09-17 16:22:15 Running from C:\Users\Lib!\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-PDF Maker Version 1.2.0 (Build 119) (Version: 7-PDF Maker - Version 1.2.0 (Build 119)) 7-PDF Split & Merge Version 2.0.4 (Build 112) (Version: 7-PDF Split & Merge - Version 2.0.4 (Build 112)) 7-Zip 9.20 ActiveTrader 5.4.4_b3 Adobe Flash Player 11 Plugin (Version: 11.8.800.168) Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04) Adobe Shockwave Player 12.0 (Version: 12.0.4.144) Advanced SystemCare 6 (Version: 6.3) ALPS Touch Pad Driver (Version: 8.0.2020.112) Amazon MP3-Downloader 1.0.17 (Version: 1.0.17) Apple Application Support (Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) avast! Free Antivirus (Version: 8.0.1497.0) Bonjour (Version: 3.0.0.10) Boxcryptor Classic 1.6 (Version: 1.6.400.65) CCleaner (Version: 4.03) CDBurnerXP (Version: 4.5.2.4214) Classic Shell (Version: 3.6.8) D3DX10 (Version: 15.4.2368.0902) ElsterFormular (Version: 14.1.11318) ESET Online Scanner v3 FileZilla Client 3.7.3 (Version: 3.7.3) Fotogalerie (Version: 16.4.3508.0205) Google Chrome (Version: 29.0.1547.66) Google Drive (Version: 1.11.4865.2530) Google Talk (remove only) Google Talk Plugin (Version: 4.5.3.14917) Google Update Helper (Version: 1.3.21.153) ICQ 8.0 (build 6019) (HKCU Version: 8.0.6019.0) Inkscape 0.48.4 (Version: 0.48.4) IObit Malware Fighter (Version: 2.1) iTunes (Version: 11.0.5.5) Java 7 Update 40 (Version: 7.0.400) Java Auto Updater (Version: 2.1.9.8) Java SE Development Kit 7 Update 25 (Version: 1.7.0.250) Junk Mail filter update (Version: 16.4.3508.0205) Kaspersky Security Scan (Version: 12.0.1.340) Lexmark Pro700 Series Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft IntelliPoint 8.2 (Version: 8.20.468.0) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SkyDrive (HKCU Version: 17.0.2011.0627) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Movie Maker (Version: 16.4.3508.0205) MozBackup 1.5.1 Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1) Mozilla Maintenance Service (Version: 23.0.1) Mp3tag v2.54 (Version: v2.54) MSVCRT (Version: 15.4.2862.0708) MSVCRT110 (Version: 16.4.1108.0727) Music Manager MyFreeCodec OpenOffice 4.0.0 (Version: 4.00.9702) Paint.NET v3.5.11 (Version: 3.61.0) PDF Split And Merge Basic (Version: 2.2.2) PDF24 Creator 5.2.0 Photo Common (Version: 16.4.3508.0205) Photo Gallery (Version: 16.4.3508.0205) Picasa 3 (Version: 3.9) PrivaZer (HKCU Version: 2.2.0.0) QuickTime (Version: 7.74.80.86) Samsung Kies (Version: 2.5.1.12123_2) Sansa Updater (HKCU Version: 1.313) Secunia PSI (3.0.0.7011) (Version: 3.0.0.7011) Secure Banking Version 1.5.2 (Version: 1.5.2) Smart Defrag 2 (Version: 2.8) Sony Ericsson Update Engine (Version: 2.13.6.201305161305) Sony PC Companion 2.10.165 (Version: 2.10.165) Start Menu 8 (Version: 1.1.0.0) swMSM (Version: 12.0.0.1) System Requirements Lab for Intel (Version: 4.5.13.0) VLC media player 2.0.8 (Version: 2.0.8) Winamp (Version: 5.63 ) Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1) Windows Live Communications Platform (Version: 16.4.3508.0205) Windows Live Essentials (Version: 16.4.3508.0205) Windows Live Installer (Version: 16.4.3508.0205) Windows Live Mail (Version: 16.4.3508.0205) Windows Live MIME IFilter (Version: 16.4.3508.0205) Windows Live Photo Common (Version: 16.4.3508.0205) Windows Live PIMT Platform (Version: 16.4.3508.0205) Windows Live SOXE (Version: 16.4.3508.0205) Windows Live SOXE Definitions (Version: 16.4.3508.0205) Windows Live UX Platform (Version: 16.4.3508.0205) Windows Live UX Platform Language Pack (Version: 16.4.3508.0205) Windows Live Writer (Version: 16.4.3508.0205) Windows Live Writer Resources (Version: 16.4.3508.0205) Zip Opener Packages ==================== Restore Points ========================= 30-08-2013 09:19:03 Geplanter Prüfpunkt 05-09-2013 13:31:42 avast! Free Antivirus Setup 10-09-2013 13:07:57 Installed Classic Shell 12-09-2013 11:35:41 Paint.NET v3.5.11 16-09-2013 14:58:49 Windows Update ==================== Hosts content: ========================== 2012-07-26 06:17 - 2012-07-26 06:17 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {035F06C9-5A2B-4A80-B68C-F5CEA299D636} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall Task: {05948387-3636-4D29-89FD-1BEC9E55C476} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall Task: {0E78FEE0-C387-4530-AC36-4D46887FBFD5} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem Task: {0FB9F3EA-4F42-41A0-B8CE-06CDEF09B849} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation) Task: {159DA30B-9B91-4267-A71F-5B7ACC15230D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime Task: {174644D4-4E5F-4B13-893F-DC718163E165} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation) Task: {1E84DCB8-8C84-4436-A108-209A65086823} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\WSClient.dll [2013-08-16] (Microsoft Corporation) Task: {21EBABC3-315E-4262-91EA-833D48E9208B} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update Task: {24AE116F-2111-45A1-8708-E65A49C2C2DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-08] (Google Inc.) Task: {2C11D542-9CEF-4544-AD4E-C8B55A0A985F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {307D6D3E-9D87-4CFD-B668-C60E8C86B0E3} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required Task: {311C4CC9-7320-42AB-B437-C1D02EEB6587} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh Task: {320F7DAC-020D-43A0-AF9F-1971D6400354} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1169222016-1261099759-1113318950-1003 Task: {342D8E10-501F-4B38-A4C0-F2DE193B46E9} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler Task: {363B18FF-B363-4665-B1C4-DD7823139C45} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation) Task: {3799C698-B9E2-4D51-86FC-B9B20E8DEF91} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask Task: {3979CF68-CD08-46D3-A340-CB769AE09013} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy Task: {3B292858-FAAA-4B61-9C76-6902AEB7607B} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance Task: {3EC42D4C-09B0-49D9-A6A8-F2E1A94C0A74} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage Task: {4294B8A6-13BD-4733-8559-C8D558B6F597} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical Task: {44E19131-88E9-4238-9DCD-22306E438BB1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM Task: {452D606E-BBA0-4C29-9605-F0CAD6917B27} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {4E6A710F-F81F-4C39-9783-95C2948DA2FD} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {4F2DA3E8-0B43-47C0-8811-45ECA435391F} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask Task: {545C008C-4471-44F8-AD15-96CB8BB2BB0C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\System32\Windows.Storage.ApplicationData.dll [2012-07-26] (Microsoft Corporation) Task: {56F59500-C4D1-4720-859F-13B4998AA792} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\System32\Startupscan.dll [2012-07-26] (Microsoft Corporation) Task: {5865587F-1441-4F27-A898-E109FEF1E758} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {5B88CA1D-EEEA-4BAC-9E36-D94BA7D5CC37} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance Task: {60DB8D48-6129-4799-AD9C-E574ADC887B9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe Systems Incorporated) Task: {6495D7D8-52C0-4309-9097-247A7B9574CC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance Task: {67FF304D-1A11-4CB0-909A-A92DCFD95294} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator Task: {68070BBC-F2DE-4476-95C6-C2ED1ECE3D0F} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask Task: {74748E76-21FC-465C-ABE1-5E465834A900} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents Task: {753C8596-7415-46D3-AF5E-9EEC299E7D90} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode) Task: {7EBC5A66-ABD2-4B81-872F-BC7CA4AD5D55} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon Task: {803996A9-E4D6-400E-BA40-E85BC6D57C96} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup Task: {80832904-43BB-4FD1-B3B8-2C472CC8A199} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software) Task: {83AEE679-7B1B-469B-96BF-9311D74A85C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-08] (Google Inc.) Task: {8E694376-21AC-46FA-8E80-C453341417E4} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery Task: {973628F1-FAD0-487A-B3EC-A318007483E8} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Task: {99768757-32DC-4E02-BE1E-2FE4783695EE} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2013-08-16] (Microsoft Corporation) Task: {9C3ADA14-4FAF-445F-B971-A69F60A7C497} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation) Task: {9D175E12-DB50-4682-9F62-F923B154AA57} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic Task: {A014EC55-F9EB-479D-9F4C-ACBE30C9E949} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync Task: {AC6BEABC-3804-417C-8851-4FB542D44337} - System32\Tasks\DSite => C:\Users\Lib!\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe Task: {AFE9EACD-AC61-4642-A077-BB06D1147FC5} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask Task: {BB4910D3-79D9-461E-AC1B-915B8E8672A3} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific Task: {BC858B0C-7D0F-436F-B08B-50D51DF74306} - System32\Tasks\Microsoft\Windows\WS\Badge Update Task: {C465A656-3917-43C0-B40A-4EBBE8708BB9} - System32\Tasks\Microsoft\Windows\WS\WSTask Task: {C66B8D31-A32F-4AF7-800E-475B2C2BE27D} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance Task: {C7B00221-71A0-4FB5-84F5-F1A8A2CA1B2A} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses Task: {C886C105-68E9-408F-80BB-83FB720EE225} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => Sc.exe start wuauserv Task: {D1CDD09C-5F29-4A7F-8FB4-897B439CC9A9} - System32\Tasks\Microsoft\Windows\IME\SQM data sender Task: {D3D72742-ECBD-4DAC-A07D-DC73526F2605} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1169222016-1261099759-1113318950-1003Core => C:\Users\Lib!\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-08] (Google Inc.) Task: {D3E765DC-2357-4127-8B05-A151869A0CA1} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {D7F931D9-952D-4793-943C-1123FBF87916} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2012-07-26] (Microsoft Corporation) Task: {DC9F7781-5596-4A94-ABA6-44B52266D795} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {DD811BF8-769E-4B0C-B8F9-D6CB982E6941} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1169222016-1261099759-1113318950-1003UA => C:\Users\Lib!\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-08] (Google Inc.) Task: {E3F2C42C-4547-49CD-A14F-FDDA37794A75} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork Task: {E3FC5136-FFFE-42DA-BB1D-6C62CAEB4585} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks Task: {E579AC60-D52F-45CB-8C3D-806F54A0E6AB} - System32\Tasks\User_Feed_Synchronization-{518D8814-7F9F-40AD-AAE3-802D9D56B8CC} => C:\WINDOWS\system32\msfeedssync.exe [2012-07-26] (Microsoft Corporation) Task: {E60C98D3-B41B-482A-AC61-DD19EDF2841D} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan Task: {EF9592CE-7796-47A6-9CD5-8630640D45BB} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll [2013-05-04] (Microsoft Corporation) Task: {F273F7E8-98FA-47D0-BFE3-8B71C8C3E9A8} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan Task: {F2C227C6-41E7-4A0E-9AB7-05080A0469AA} - System32\Tasks\StartMenuAutoupdate => C:\Program Files\IObit\Start Menu 8\AutoUpdate.exe [2013-05-13] (IObit) Task: {F413C755-E3DC-4075-BB1E-AC60C1CA9AEA} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation) Task: {F69E710E-D481-4685-9A82-C1B0C2369EB5} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance Task: {F6E06073-27B2-48BB-8FA1-AAA8B50066D0} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh Task: {FABCCAC1-567F-4511-AEA8-C292A7A86D84} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\DSite.job => C:\Users\Lib!\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1169222016-1261099759-1113318950-1003Core.job => C:\Users\Lib!\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1169222016-1261099759-1113318950-1003UA.job => C:\Users\Lib!\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-06-29 10:49 - 2013-06-29 10:49 - 01514496 _____ (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll 2012-07-26 03:28 - 2012-07-26 05:18 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\System32\IME\SHARED\IMEROAMING.DLL 2013-07-02 12:09 - 2013-07-02 12:09 - 00222832 _____ (Microsoft Corporation) C:\Users\Lib!\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll 2013-07-02 12:09 - 2013-07-02 12:09 - 00534480 _____ (Microsoft Corporation) C:\Users\Lib!\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\MSVCP110.dll 2013-07-02 12:09 - 2013-07-02 12:09 - 00862664 _____ (Microsoft Corporation) C:\Users\Lib!\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\MSVCR110.dll 2013-07-02 12:09 - 2013-07-02 12:09 - 00543856 _____ (Microsoft Corporation) C:\Users\Lib!\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\Telemetry.dll 2013-07-02 12:09 - 2013-07-02 12:09 - 00039536 _____ (Microsoft Corporation) C:\Users\Lib!\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\logging.dll 2013-08-02 13:20 - 2013-07-03 12:21 - 00156520 _____ (EldoS Corporation) C:\WINDOWS\system32\cbfsMntNtf4.dll 2013-08-21 11:22 - 2013-01-19 17:03 - 00348992 _____ () C:\Program Files\IObit\Start Menu 8\madExcept_.bpl 2013-08-21 11:22 - 2013-01-19 17:02 - 00183616 _____ () C:\Program Files\IObit\Start Menu 8\madBasic_.bpl 2013-08-21 11:22 - 2013-01-19 17:02 - 00051008 _____ () C:\Program Files\IObit\Start Menu 8\madDisAsm_.bpl 2013-01-07 17:48 - 2013-01-07 17:49 - 00146336 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2012-05-17 19:38 - 2013-02-07 14:41 - 00121392 _____ (Alps Electric Co., Ltd.) C:\WINDOWS\system32\VXDIF.DLL 2013-02-19 15:07 - 2009-11-26 04:53 - 00086183 _____ (Lexmark International) C:\Program Files\Lexmark Pro700 Series\lxeecfg.dll 2013-02-19 15:07 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files\Lexmark Pro700 Series\lxeescw.dll 2009-05-27 13:16 - 2009-05-27 13:16 - 00192512 _____ () C:\WINDOWS\system32\spool\drivers\w32x86\3\lxeedatr.dll 2013-02-19 15:07 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files\Lexmark Pro700 Series\lxeeDRS.dll 2013-02-19 15:07 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files\Lexmark Pro700 Series\lxeecaps.dll 2013-02-19 15:07 - 2009-03-05 13:55 - 00059904 _____ (Lexmark International Inc.) C:\Program Files\Lexmark Pro700 Series\lxeecnv4.dll 2013-02-19 15:07 - 2009-03-10 01:41 - 00966656 _____ (Corp.) C:\Program Files\Lexmark Pro700 Series\lxeemonr.dll 2013-02-19 15:07 - 2009-12-09 15:35 - 00802816 _____ ( ) C:\Program Files\Lexmark Pro700 Series\lxeecomc.dll 2009-02-20 09:48 - 2009-02-20 09:48 - 00299008 _____ () C:\WINDOWS\SYSTEM32\lxeesm.dll 2009-04-28 08:56 - 2009-04-28 08:56 - 00024064 _____ () C:\WINDOWS\system32\lxeesmr.dll 2013-02-19 15:07 - 2010-04-05 06:56 - 00716954 _____ () C:\Program Files\Lexmark Pro700 Series\Epwizard.DLL 2013-02-19 15:07 - 2010-04-05 06:55 - 00159890 _____ () C:\Program Files\Lexmark Pro700 Series\customui.dll 2013-02-19 15:07 - 2010-04-05 06:54 - 00123033 _____ () C:\Program Files\Lexmark Pro700 Series\Eputil.DLL 2013-02-19 15:07 - 2010-04-05 06:55 - 00061604 _____ () C:\Program Files\Lexmark Pro700 Series\Epfunct.DLL 2013-02-19 15:07 - 2010-04-05 06:54 - 00143502 _____ () C:\Program Files\Lexmark Pro700 Series\Imagutil.DLL 2013-02-19 15:07 - 2009-06-23 07:09 - 02203648 _____ () C:\Program Files\Lexmark Pro700 Series\EPWizRes.dll 2013-02-19 15:07 - 2009-06-23 07:10 - 00045056 _____ () C:\Program Files\Lexmark Pro700 Series\epstring.dll 2013-02-19 15:07 - 2009-06-23 07:11 - 00102400 _____ () C:\Program Files\Lexmark Pro700 Series\EPOEMDll.dll 2013-02-19 15:07 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files\Lexmark Pro700 Series\iptk.dll 2013-02-19 15:07 - 2010-04-01 13:18 - 00548864 _____ (PDFlib GmbH) C:\Program Files\Lexmark Pro700 Series\PdfLib.dll 2013-02-19 15:07 - 2009-03-02 10:25 - 00151552 _____ () C:\Program Files\Lexmark Pro700 Series\lxeeptp.dll 2013-07-23 13:40 - 2013-07-23 13:40 - 00208896 _____ (EldoS Corporation) C:\Program Files\Boxcryptor Classic\CBFS4Net.dll 2012-12-07 15:15 - 2012-12-07 15:15 - 00102840 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll 2012-12-07 15:14 - 2012-12-07 15:14 - 00012728 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\avpinit.dll 2013-05-28 12:30 - 2013-05-28 12:30 - 00430520 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\avpmain.dll 2012-12-07 15:15 - 2012-12-07 15:15 - 00160184 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\prremote.dll 2012-12-07 15:14 - 2012-12-07 15:14 - 00123320 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\DumpWriter.dll 2012-12-07 15:15 - 2012-12-07 15:15 - 00262584 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\prloader.dll 2012-12-07 15:15 - 2012-12-07 15:15 - 00115128 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\nfio.ppl 2012-12-07 15:15 - 2012-12-07 15:15 - 00021432 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\fsdrvplg.ppl 2012-12-07 15:15 - 2012-12-07 15:15 - 00098744 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\fssync.dll 2012-12-07 15:15 - 2012-12-07 15:15 - 00038328 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\winreg.ppl 2012-12-07 15:15 - 2012-12-07 15:15 - 00377272 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\service.dll 2012-12-07 15:14 - 2012-12-07 15:14 - 01053112 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\eka_meta.dll 2012-12-07 15:15 - 2012-12-07 15:15 - 00324024 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\esmgr.dll 2012-12-07 15:15 - 2012-12-07 15:15 - 00046520 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\pxstub.ppl 2013-05-28 12:30 - 2013-05-28 12:30 - 01135032 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\params.ppl 2013-05-28 12:30 - 2013-05-28 12:30 - 02765240 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\avpgui.ppl 2012-12-07 15:15 - 2012-12-07 15:15 - 02126264 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll 2012-12-07 15:15 - 2012-12-07 15:15 - 07422392 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll 2012-12-07 15:15 - 2012-12-07 15:15 - 02453944 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll 2012-12-07 15:15 - 2012-12-07 15:15 - 01270200 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll 2012-12-07 15:15 - 2012-12-07 15:15 - 00192952 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll 2012-12-07 15:15 - 2012-12-07 15:15 - 00795064 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll 2012-12-07 15:15 - 2012-12-07 15:15 - 00213432 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\metainfo.dll 2013-05-28 12:30 - 2013-05-28 12:30 - 02478520 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\basegui.ppl 2012-12-07 15:15 - 2012-12-07 15:15 - 00041912 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\thpimpl.ppl 2012-12-07 15:15 - 2012-12-07 15:15 - 00074168 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\memmon.dll 2012-12-07 15:15 - 2012-12-07 15:15 - 00594360 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\localization_manager.dll 2013-05-28 12:30 - 2013-05-28 12:30 - 00091648 _____ (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\W8Toaster.dll 2013-08-20 11:35 - 2013-08-20 11:35 - 03551640 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2013-09-17 16:17 - 2013-02-07 12:35 - 03101344 _____ (ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScanner.ocx ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\Users\Lib!\Downloads\7z920.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\adwcleaner.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\ccsetup403_slim.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\ClassicShellSetup_3_6_5.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\ElsterFormular-14.2.20130517p.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\ElsterFormular-14.2.20130517u.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\esetsmartinstaller_enu.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\F-S3000-V12W.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\FileZilla_3.7.0.2_win32-setup.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\icq8_setup_8.0b6019 - CHIP-Downloader.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\imf-setup(1).exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\imf-setup.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\infinst_autol.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\inkscape-0.48.4-1-win32.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\jre-7u21-windows-i586-iftw.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\JRT.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\jxpiinstall(1).exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\jxpiinstall.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\mbam-setup-1.75.0.1300.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\musicmanagerinstaller.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\nettool_1260.EXE:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\NRT_v1.7.2.sfx.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\picasa39.136.19-setup.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\setup152.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\Shockwave_Installer_Slim(1).exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\Shockwave_Installer_Slim(2).exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\tagscan5.1.637setup.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\vlc-2.0.7-win32.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\Win7Vista_151719.exe:BDU AlternateDataStreams: C:\Users\Lib!\Downloads\wlsetup-web(1).exe:BDU ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/17/2013 01:25:59 PM) (Source: Application Hang) (User: ) Description: Programm CCleaner.exe, Version 4.3.0.4151 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1518 Startzeit: 01ceb390febfe267 Endzeit: 1232 Anwendungspfad: C:\Program Files\CCleaner\CCleaner.exe Berichts-ID: e2600a01-1f8b-11e3-afe5-0016ea6bd208 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (09/16/2013 01:43:08 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: senddoc.exe, Version: 0.0.0.0, Zeitstempel: 0x51dd6ab2 Name des fehlerhaften Moduls: smapi.dll, Version: 16.4.3508.205, Zeitstempel: 0x5111fa6e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000886f ID des fehlerhaften Prozesses: 0xa0c Startzeit der fehlerhaften Anwendung: 0xsenddoc.exe0 Pfad der fehlerhaften Anwendung: senddoc.exe1 Pfad des fehlerhaften Moduls: senddoc.exe2 Berichtskennung: senddoc.exe3 Vollständiger Name des fehlerhaften Pakets: senddoc.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: senddoc.exe5 Error: (09/16/2013 01:16:23 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (09/16/2013 01:16:19 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (09/16/2013 01:16:18 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/16/2013 01:14:47 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (09/13/2013 01:07:21 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Produkt: Adobe Reader XI (11.0.04) - Deutsch - Update "Adobe Reader XI (11.0.03)" konnte nicht installiert werden. Fehlercode 1638. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (09/13/2013 01:07:21 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Produkt: Adobe Reader XI (11.0.04) - Deutsch - Update "Adobe Reader XI (11.0.01)" konnte nicht installiert werden. Fehlercode 1638. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (09/13/2013 01:07:21 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Produkt: Adobe Reader XI (11.0.04) - Deutsch - Update "Adobe Reader XI (11.0.02)" konnte nicht installiert werden. Fehlercode 1638. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (09/13/2013 01:07:21 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Produkt: Adobe Reader XI (11.0.04) - Deutsch - Update "Adobe Reader XI (11.0.04)" konnte nicht installiert werden. Fehlercode 1638. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 System errors: ============= Error: (09/17/2013 04:14:47 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "lxeeCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (09/17/2013 04:14:47 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxeeCATSCustConnectService erreicht. Error: (09/17/2013 04:14:30 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (User: NT-AUTORITÄT) Description: Fehler "126" beim Laden der Kennwortbenachrichtigungs-DLL "C:\Program Files\Acer\Acer Bio Protection\PwdFilter". Stellen Sie sicher, dass der in der Registrierung definierte DLL-Pfad "HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages" sich auf einen korrekten und absoluten Pfad (<Laufwerk>:\<Pfad>\<Dateiname>.<Erw.>) bezieht und nicht auf einen relativen oder ungültigen Pfad. Wenn der DLL-Pfad falsch ist, stellen Sie sicher, dass sich alle Hilfsdateien im gleichen Verzeichnis befinden und dass das Systemkonto sowohl auf den DLL-Pfad als auch die Hilfsdateien Lesezugriff hat. Wenden Sie sich an den Anbieter der Benachrichtigungs-DLL, um weitere Unterstützung zu erhalten. Weitere Informationen finden Sie im Internet unter "hxxp://go.microsoft.com/fwlink/?LinkId=245898". Error: (09/17/2013 04:14:20 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0xc000014d0 Error: (09/17/2013 01:24:25 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Advanced SystemCare Service 6" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (09/17/2013 11:24:00 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "lxeeCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (09/17/2013 11:24:00 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxeeCATSCustConnectService erreicht. Error: (09/17/2013 11:23:29 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (User: NT-AUTORITÄT) Description: Fehler "126" beim Laden der Kennwortbenachrichtigungs-DLL "C:\Program Files\Acer\Acer Bio Protection\PwdFilter". Stellen Sie sicher, dass der in der Registrierung definierte DLL-Pfad "HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages" sich auf einen korrekten und absoluten Pfad (<Laufwerk>:\<Pfad>\<Dateiname>.<Erw.>) bezieht und nicht auf einen relativen oder ungültigen Pfad. Wenn der DLL-Pfad falsch ist, stellen Sie sicher, dass sich alle Hilfsdateien im gleichen Verzeichnis befinden und dass das Systemkonto sowohl auf den DLL-Pfad als auch die Hilfsdateien Lesezugriff hat. Wenden Sie sich an den Anbieter der Benachrichtigungs-DLL, um weitere Unterstützung zu erhalten. Weitere Informationen finden Sie im Internet unter "hxxp://go.microsoft.com/fwlink/?LinkId=245898". Error: (09/17/2013 11:23:17 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0xc000014d0 Error: (09/16/2013 00:43:33 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "lxeeCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Microsoft Office Sessions: ========================= Error: (09/17/2013 01:25:59 PM) (Source: Application Hang)(User: ) Description: CCleaner.exe4.3.0.4151151801ceb390febfe2671232C:\Program Files\CCleaner\CCleaner.exee2600a01-1f8b-11e3-afe5-0016ea6bd208 Error: (09/16/2013 01:43:08 PM) (Source: Application Error)(User: ) Description: senddoc.exe0.0.0.051dd6ab2smapi.dll16.4.3508.2055111fa6ec00000050000886fa0c01ceb2d1e8ba1cc9C:\Program Files\OpenOffice 4\program\senddoc.exeC:\Program Files\Windows Live\Mail\smapi.dll27acc45e-1ec5-11e3-afe4-001d72cf60c1 Error: (09/16/2013 01:16:23 PM) (Source: SideBySide)(User: ) Description: C:\Program Files\Lexmark Pro700 Series\Drivers\I386\lxeesm.dllC:\Program Files\Lexmark Pro700 Series\Drivers\I386\lxeesm.dll9 Error: (09/16/2013 01:16:19 PM) (Source: SideBySide)(User: ) Description: C:\Lexmark\drivers\Pro700\drivers\win_xp2k\i386\LXEEsm.dllC:\Lexmark\drivers\Pro700\drivers\win_xp2k\i386\LXEEsm.dll9 Error: (09/16/2013 01:16:18 PM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Lexmark\drivers\Pro700\Apps\HRS\LXEEHiResScan.exe Error: (09/16/2013 01:14:47 PM) (Source: SideBySide)(User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Sony\sony pc companion\Drivers\DPInst64.exe Error: (09/13/2013 01:07:21 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Adobe Reader XI (11.0.04) - DeutschAdobe Reader XI (11.0.03)1638(NULL)(NULL)(NULL) Error: (09/13/2013 01:07:21 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Adobe Reader XI (11.0.04) - DeutschAdobe Reader XI (11.0.01)1638(NULL)(NULL)(NULL) Error: (09/13/2013 01:07:21 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Adobe Reader XI (11.0.04) - DeutschAdobe Reader XI (11.0.02)1638(NULL)(NULL)(NULL) Error: (09/13/2013 01:07:21 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Adobe Reader XI (11.0.04) - DeutschAdobe Reader XI (11.0.04)1638(NULL)(NULL)(NULL) ==================== Memory info =========================== Percentage of memory in use: 42% Total physical RAM: 1976.86 MB Available physical RAM: 1140.07 MB Total Pagefile: 3320.86 MB Available Pagefile: 2051.62 MB Total Virtual: 2047.88 MB Available Virtual: 1851.15 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:111.57 GB) (Free:56.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Privat) (Fixed) (Total:111.55 GB) (Free:93.57 GB) NTFS Drive z: (Boxcryptor Classic) (Fixed) (Total:111.55 GB) (Free:93.57 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 233 GB) (Disk ID: BE0D6B2E) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=112 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
17.09.2013, 21:12
| #2 |
| | Win 8 diverse Funde PUP (Babylon) Win32/installcoreCode:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-17 21:58:31
Windows 6.2.9200 \Device\Harddisk0\DR0 -> \Device\00000034 ST9250827AS rev.3.AAA 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Lib!\AppData\Local\Temp\kxtdapog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8E19776E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8C02E80E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8E195C42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8C02FCF6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8E1978EA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8C02E556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8C0301C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8C030066]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8C02E45C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8C02E4CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8C02E2F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8C02FD16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8C02E7A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8C02E742]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePortEx [0x8C03122A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePort [0x8C0358B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8C030506]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8C0307F8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8E197822]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8C03B0DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x8C03326E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8C03AEF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8C03B036]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x8C032E78]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8C03AEAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8C03B122]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8C03AF86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8C03AF42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8C03092C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8C03398C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8C02E6DC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8E195C12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8E1976C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x8C033596]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8C02E676]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8C02FE9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8C03B0B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8C02F800]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8C02F5E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8C03AECE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8E197992]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8C03AE86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8C03B0FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8C03AF64]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8C03AF18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8C02F0E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAlpcSendWaitReceivePort [0x8C031256]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8E1975FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8C02E610]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E1B0E00]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwCallbackReturn + 118 81AD7E24 4 Bytes CALL E4800A2B
.text ntoskrnl.exe!ZwCallbackReturn + 16C 81AD7E78 12 Bytes [56, E5, 02, 8C, C8, 01, 03, ...]
.text ntoskrnl.exe!ZwCallbackReturn + 604 81AD8310 12 Bytes [B8, B0, 03, 8C, 00, F8, 02, ...]
.text ntoskrnl.exe!ZwReplacePartitionUnit + 26B1 81B4DAB5 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 66A 81B5239A 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[272] KERNEL32.DLL!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[432] kernel32.dll!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\WINDOWS\system32\wininit.exe[496] KERNEL32.DLL!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[524] kernel32.dll!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[564] KERNEL32.DLL!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text ...
? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[944] ntdll.dll!NtProtectVirtualMemory 76F55940 5 Bytes JMP 698F1986 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[944] C:\WINDOWS\system32\KERNEL32.DLL time/date stamp mismatch; unknown module: 0.dllunknown module: cryptnet.dllunknown module: 0.dllunknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[944] KERNEL32.DLL!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[944] user32.dll!UserClientDllInitialize + 311 74DBC3EC 4 Bytes [F0, 28, 8F, 69]
.text C:\WINDOWS\system32\dwm.exe[968] KERNEL32.DLL!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[980] KERNEL32.DLL!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1084] KERNEL32.DLL!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Program Files\Classic Shell\ClassicShellService.exe[1220] KERNEL32.DLL!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1264] KERNEL32.DLL!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text ...
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe[1372] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 006103FC
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe[1372] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 006101F8
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe[1372] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 006D0A08
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe[1372] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 006D0804
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe[1372] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 006D03FC
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe[1372] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 006D01F8
.text C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe[1372] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 006D0600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1384] KERNEL32.DLL!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\WINDOWS\system32\lxeecoms.exe[1524] KERNEL32.DLL!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\WINDOWS\System32\spoolsv.exe[1620] KERNEL32.DLL!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1672] KERNEL32.DLL!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1764] KERNEL32.DLL!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text ...
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 015803FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 015801F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] KERNEL32.dll!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 015D0A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 015D0804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 015D03FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 015D01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 015D0600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 00D603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 00D601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] KERNEL32.dll!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 00DA0A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 00DA0804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 00DA03FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 00DA01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 00DA0600
.text C:\Program Files\Secunia\PSI\PSIA.exe[2672] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 007F03FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[2672] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 007F01F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[2672] KERNEL32.dll!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[2672] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 00820A08
.text C:\Program Files\Secunia\PSI\PSIA.exe[2672] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 00820804
.text C:\Program Files\Secunia\PSI\PSIA.exe[2672] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 008203FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[2672] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 008201F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[2672] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 00820600
.text C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe[2764] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 001F03FC
.text C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe[2764] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 001F01F8
.text C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe[2764] user32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 00230A08
.text C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe[2764] user32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 00230804
.text C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe[2764] user32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 002303FC
.text C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe[2764] user32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 002301F8
.text C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe[2764] user32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 00230600
.text C:\WINDOWS\system32\svchost.exe[2828] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 00AE03FC
.text C:\WINDOWS\system32\svchost.exe[2828] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 00AE01F8
.text C:\WINDOWS\system32\svchost.exe[2828] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 00BE0A08
.text C:\WINDOWS\system32\svchost.exe[2828] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 00BE0804
.text C:\WINDOWS\system32\svchost.exe[2828] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 00BE03FC
.text C:\WINDOWS\system32\svchost.exe[2828] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 00BE01F8
.text C:\WINDOWS\system32\svchost.exe[2828] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 00BE0600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 00BC03FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 00BC01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] KERNEL32.dll!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 00C00A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 00C00804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 00C003FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 00C001F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 00C00600
.text C:\Program Files\IObit\Start Menu 8\StartMenu8.exe[2972] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 002003FC
.text C:\Program Files\IObit\Start Menu 8\StartMenu8.exe[2972] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 002001F8
.text C:\Program Files\IObit\Start Menu 8\StartMenu8.exe[2972] user32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 00240A08
.text C:\Program Files\IObit\Start Menu 8\StartMenu8.exe[2972] user32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 00240804
.text C:\Program Files\IObit\Start Menu 8\StartMenu8.exe[2972] user32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 002403FC
.text C:\Program Files\IObit\Start Menu 8\StartMenu8.exe[2972] user32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 002401F8
.text C:\Program Files\IObit\Start Menu 8\StartMenu8.exe[2972] user32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 00240600
.text C:\WINDOWS\system32\svchost.exe[3340] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 011003FC
.text C:\WINDOWS\system32\svchost.exe[3340] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 011001F8
.text C:\WINDOWS\system32\svchost.exe[3340] KERNEL32.dll!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3412] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 00B103FC
.text C:\WINDOWS\system32\svchost.exe[3412] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 00B101F8
.text C:\WINDOWS\system32\svchost.exe[3412] KERNEL32.dll!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3412] user32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 00B30A08
.text C:\WINDOWS\system32\svchost.exe[3412] user32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 00B30804
.text C:\WINDOWS\system32\svchost.exe[3412] user32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 00B303FC
.text C:\WINDOWS\system32\svchost.exe[3412] user32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 00B301F8
.text C:\WINDOWS\system32\svchost.exe[3412] user32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 00B30600
.text C:\Windows\System32\WUDFHost.exe[3492] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 001503FC
.text C:\Windows\System32\WUDFHost.exe[3492] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 001501F8
.text C:\Windows\System32\WUDFHost.exe[3492] KERNEL32.dll!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Windows\System32\WUDFHost.exe[3492] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 00190A08
.text C:\Windows\System32\WUDFHost.exe[3492] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 00190804
.text C:\Windows\System32\WUDFHost.exe[3492] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 001903FC
.text C:\Windows\System32\WUDFHost.exe[3492] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 001901F8
.text C:\Windows\System32\WUDFHost.exe[3492] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 00190600
.text C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 002003FC
.text C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 002001F8
.text C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] KERNEL32.dll!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] user32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 00240A08
.text C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] user32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 00240804
.text C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] user32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 002403FC
.text C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] user32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 002401F8
.text C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] user32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 00240600
.text C:\WINDOWS\system32\SearchIndexer.exe[3608] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 004703FC
.text C:\WINDOWS\system32\SearchIndexer.exe[3608] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 004701F8
.text C:\WINDOWS\system32\SearchIndexer.exe[3608] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 004A0A08
.text C:\WINDOWS\system32\SearchIndexer.exe[3608] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 004A0804
.text C:\WINDOWS\system32\SearchIndexer.exe[3608] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 004A03FC
.text C:\WINDOWS\system32\SearchIndexer.exe[3608] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 004A01F8
.text C:\WINDOWS\system32\SearchIndexer.exe[3608] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 004A0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3860] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 00C003FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3860] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 5BF6F140 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3860] KERNEL32.dll!InterlockedExchange + 11 76A0153B 7 Bytes JMP 5C58FDF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3860] KERNEL32.dll!GetStdHandle + C 76A01B37 7 Bytes JMP 5C58FDD2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3860] KERNEL32.dll!CreateProcessW + 69 76A04798 7 Bytes JMP 5BF72942 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3860] KERNEL32.dll!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3860] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 00C10A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3860] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 00C10804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3860] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 00C103FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3860] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 00C101F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3860] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 00C10600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3860] GDI32.dll!SetWindowOrgEx + 3C7 74A68C9D 7 Bytes JMP 5C58FD53 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 002003FC
.text C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 002001F8
.text C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] KERNEL32.dll!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] user32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 00330A08
.text C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] user32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 00330804
.text C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] user32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 003303FC
.text C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] user32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 003301F8
.text C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] user32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 00330600
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4240] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 006B03FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4240] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 006B01F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4240] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 006F0A08
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4240] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 006F0804
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4240] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 006F03FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4240] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 006F01F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4240] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 006F0600
.text C:\Program Files\Apoint2K\Apoint.exe[4252] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 003003FC
.text C:\Program Files\Apoint2K\Apoint.exe[4252] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 003001F8
.text C:\Program Files\Apoint2K\Apoint.exe[4252] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 00320A08
.text C:\Program Files\Apoint2K\Apoint.exe[4252] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 00320804
.text C:\Program Files\Apoint2K\Apoint.exe[4252] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 003203FC
.text C:\Program Files\Apoint2K\Apoint.exe[4252] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 003201F8
.text C:\Program Files\Apoint2K\Apoint.exe[4252] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 00320600
.text C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 002103FC
.text C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 002101F8
.text C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] KERNEL32.dll!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 00230A08
.text C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 00230804
.text C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 002303FC
.text C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 002301F8
.text C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 00230600
.text C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 002003FC
.text C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 002001F8
.text C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] KERNEL32.dll!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 004A0A08
.text C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 004A0804
.text C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 004A03FC
.text C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 004A01F8
.text C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 004A0600
.text C:\WINDOWS\system32\ctfmon.exe[4312] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 00A803FC
.text C:\WINDOWS\system32\ctfmon.exe[4312] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 00A801F8
.text C:\WINDOWS\system32\ctfmon.exe[4312] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 00AA0A08
.text C:\WINDOWS\system32\ctfmon.exe[4312] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 00AA0804
.text C:\WINDOWS\system32\ctfmon.exe[4312] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 00AA03FC
.text C:\WINDOWS\system32\ctfmon.exe[4312] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 00AA01F8
.text C:\WINDOWS\system32\ctfmon.exe[4312] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 00AA0600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4320] KERNEL32.DLL!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 00B303FC
.text C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 00B301F8
.text C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] KERNEL32.dll!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 00B60A08
.text C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 00B60804
.text C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 00B603FC
.text C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 00B601F8
.text C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 00B60600
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 005603FC
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 005601F8
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] KERNEL32.dll!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 005A0A08
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 005A0804
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 005A03FC
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 005A01F8
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 005A0600
? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] C:\WINDOWS\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] ntdll.dll!NtProtectVirtualMemory 76F55940 5 Bytes JMP 698F1986 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
.text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 001803FC
.text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 001801F8
? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] C:\WINDOWS\system32\KERNEL32.dll time/date stamp mismatch; unknown module: 0.dllunknown module: cryptnet.dllunknown module: 0.dllunknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] user32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 001E0A08
.text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] user32.dll!UserClientDllInitialize + 311 74DBC3EC 4 Bytes [F0, 28, 8F, 69]
.text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] user32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 001E0804
.text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] user32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 001E03FC
.text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] user32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 001E01F8
.text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] user32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 001E0600
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 002003FC
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 002001F8
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] KERNEL32.dll!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 00220A08
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 00220804
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 002203FC
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 002201F8
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 00220600
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4688] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 00CA03FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4688] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 00CA01F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4688] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 00CC0A08
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4688] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 00CC0804
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4688] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 00CC03FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4688] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 00CC01F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4688] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 00CC0600
.text C:\Program Files\Apoint2K\Apntex.exe[4740] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 002003FC
.text C:\Program Files\Apoint2K\Apntex.exe[4740] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 002001F8
.text C:\Program Files\Apoint2K\Apntex.exe[4740] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 00220A08
.text C:\Program Files\Apoint2K\Apntex.exe[4740] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 00220804
.text C:\Program Files\Apoint2K\Apntex.exe[4740] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 002203FC
.text C:\Program Files\Apoint2K\Apntex.exe[4740] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 002201F8
.text C:\Program Files\Apoint2K\Apntex.exe[4740] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 00220600
.text C:\WINDOWS\system32\conhost.exe[4768] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 00D703FC
.text C:\WINDOWS\system32\conhost.exe[4768] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 00D701F8
.text C:\WINDOWS\system32\conhost.exe[4768] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 00D90A08
.text C:\WINDOWS\system32\conhost.exe[4768] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 00D90804
.text C:\WINDOWS\system32\conhost.exe[4768] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 00D903FC
.text C:\WINDOWS\system32\conhost.exe[4768] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 00D901F8
.text C:\WINDOWS\system32\conhost.exe[4768] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 00D90600
.text C:\Users\Lib!\Desktop\gmer_2.1.19163.exe[4816] KERNEL32.DLL!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Program Files\Apoint2K\HidFind.exe[4884] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 002003FC
.text C:\Program Files\Apoint2K\HidFind.exe[4884] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 002001F8
.text C:\Program Files\Apoint2K\HidFind.exe[4884] KERNEL32.dll!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Program Files\Apoint2K\HidFind.exe[4884] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 00220A08
.text C:\Program Files\Apoint2K\HidFind.exe[4884] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 00220804
.text C:\Program Files\Apoint2K\HidFind.exe[4884] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 002203FC
.text C:\Program Files\Apoint2K\HidFind.exe[4884] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 002201F8
.text C:\Program Files\Apoint2K\HidFind.exe[4884] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 00220600
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 002103FC
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 002101F8
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] KERNEL32.dll!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] user32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 00390A08
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] user32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 00390804
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] user32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 003903FC
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] user32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 003901F8
.text C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] user32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 00390600
.text C:\Windows\System32\RuntimeBroker.exe[5104] ntdll.dll!LdrUnloadDll 76F62029 5 Bytes JMP 009903FC
.text C:\Windows\System32\RuntimeBroker.exe[5104] ntdll.dll!LdrLoadDll 76F75D29 5 Bytes JMP 009901F8
.text C:\Windows\System32\RuntimeBroker.exe[5104] KERNEL32.dll!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
.text C:\Windows\System32\RuntimeBroker.exe[5104] USER32.dll!UnhookWindowsHookEx 74DBA37A 5 Bytes JMP 009C0A08
.text C:\Windows\System32\RuntimeBroker.exe[5104] USER32.dll!SetWindowsHookExW 74DBF223 5 Bytes JMP 009C0804
.text C:\Windows\System32\RuntimeBroker.exe[5104] USER32.dll!UnhookWinEvent 74DBFE7F 5 Bytes JMP 009C03FC
.text C:\Windows\System32\RuntimeBroker.exe[5104] USER32.dll!SetWinEventHook 74DC938E 5 Bytes JMP 009C01F8
.text C:\Windows\System32\RuntimeBroker.exe[5104] USER32.dll!SetWindowsHookExA 74DD6F76 5 Bytes JMP 009C0600
.text C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe[5288] KERNEL32.DLL!GetBinaryTypeW + 6F 76A1DDE0 1 Byte [62]
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat cbfs4.sys (Callback File System Driver/EldoS Corporation)
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1136276321
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter C:\Users\Lib!\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7IMQ7W51\pack[1].7z Variante von Win32/bProtector.A Anwendung
C:\Users\Lib!\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QRBR2828\wajam_install[1].exe Win32/Wajam.A Anwendung
C:\Users\Lib!\AppData\Local\Temp\WEM5e3Is.exe.part Variante von Win32/InstallCore.CN Anwendung
C:\Users\Lib!\AppData\Local\Temp\16561674.Uninstall\uninstaller.exe Variante von Win32/InstallCore.AZ Anwendung
C:\Users\Lib!\AppData\Local\Temp\16588241.Uninstall\uninstaller.exe Variante von Win32/InstallCore.AZ Anwendung
C:\Users\Lib!\AppData\Local\Temp\16631079.Uninstall\uninstaller.exe Variante von Win32/InstallCore.AZ Anwendung
C:\Users\Lib!\AppData\Local\Temp\3132765.Uninstall\uninstaller.exe Variante von Win32/InstallCore.AZ Anwendung
C:\Users\Lib!\AppData\Local\Temp\5112230.Uninstall\uninstaller.exe Variante von Win32/InstallCore.AZ Anwendung
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\BabMaint.exe Win32/Toolbar.Babylon.I Anwendung
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\ccp.exe Win32/Toolbar.Babylon.M Anwendung
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\IEHelper.dll Win32/Toolbar.Babylon.E Anwendung
C:\Users\Lib!\AppData\Local\Temp\is357113909\1823777_stp\uninstaller.exe Variante von Win32/InstallCore.AZ Anwendung
C:\Users\Lib!\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe Variante von Win32/InstallCore.AZ Anwendung
C:\Users\Lib!\Downloads\icq8_setup_8.0b6019 - CHIP-Downloader.exe Variante von Win32/DownloadSponsor.A Anwendung
D:\Down\CrystalDiskInfo5_0_2-en.exe Win32/OpenCandy Anwendung
D:\Down\SoftonicDownloader_fuer_unlocker.exe Win32/SoftonicDownloader.E Anwendung
D:\Down\winamp561_full_emusic-7plus_all.exe Win32/OpenCandy Anwendung
D:\Down\winamp5623_full_emusic-7plus_de-de.exe Win32/OpenCandy Anwendung
D:\Down\winamp563_full_emusic-7plus_de-de.exe Win32/OpenCandy Anwendung
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.17.07 Windows 8 x86 NTFS Internet Explorer 10.0.9200.16688 Lib! :: LIB-PC [Administrator] 17.09.2013 15:57:48 mbam-log-2013-09-17 (15-57-48).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 217202 Laufzeit: 9 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 7 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Users\Lib!\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lib!\AppData\Roaming\BABSOLUTION (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lib!\AppData\Roaming\BABSOLUTION\Shared (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 19 C:\ProgramData\DSearchLink\DSearchLink.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. C:\Users\Lib!\AppData\Local\Temp\ZKRge08m.exe.part (PUP.Optional.Bandoo) -> Keine Aktion durchgeführt. C:\Users\Lib!\AppData\Local\Temp\WEM5e3Is.exe.part (PUP.Optional.Installcore) -> Keine Aktion durchgeführt. C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\DSearchLink.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lib!\AppData\Local\Temp\is357113909\1823681_stp.EXE (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lib!\AppData\Local\Temp\is357113909\1823334_stp\DeltaTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lib!\AppData\Local\Temp\is357113909\1823419_stp\wajam_download.exe (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lib!\AppData\Local\Temp\is357113909\1823565_stp\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Temp\Optimizer_Pro.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lib!\Downloads\ZipOpenerSetup.exe (PUP.Optional.Installcore) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lib!\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lib!\AppData\Local\Google\Chrome\User Data\Default\Local Storage\CHROME-EXTENSION_EOONCJEJNPPFJJKLAPAAMHCDMJBILMDE_0.LOCALSTORAGE (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lib!\AppData\Roaming\BABSOLUTION\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
