Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Jede Woche min. ein Fund bei Malware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 17.10.2013, 19:01   #1
nowak555
 
Jede Woche min. ein Fund bei Malware - Standard

Jede Woche min. ein Fund bei Malware



Hallo liebe Helfer,

ich habe seit ungefähr 3 Wochen mind. ein Fund bei Anti-Malware.
Gerade eben hat sich der PC heruntergefahren. Ein blaues Bildschirm ist aufgegangen mit Windows delect...

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Gerald at 2013-10-17 19:18:51
Running from C:\Users\Gerald\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (x32)
64 Bit HP CIO Components Installer (Version: 7.2.8)
AAVUpdateManager (x32 Version: 18.00.0000)
Acer Arcade Deluxe (x32 Version: 4.0.7501)
Acer Arcade Movie (x32 Version: 9.0.6302)
Acer Backup Manager (x32 Version: 2.0.0.60)
Acer Crystal Eye webcam (x32 Version: 1.0.2.0)
Acer eRecovery Management (x32 Version: 4.05.3007)
Acer GameZone Console (x32 Version: 6.1.0.2)
Acer PowerSmart Manager (x32 Version: 5.01.3002)
Acer Registration (x32 Version: 1.02.3006)
Acer ScreenSaver (x32 Version: 1.1.0120.2010)
Acer Updater (x32 Version: 1.01.3017)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.169)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Advanced System Protector (x32 Version: 2.1.1000.12150)
Alcor Micro USB Card Reader (x32 Version: 1.3.17.05006)
Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18)
Amazonia (x32)
Anno 1602 (x32)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.24)
Avira Free Antivirus (x32 Version: 14.0.0.383)
B110 (x32 Version: 140.0.283.000)
Backup Manager Basic (x32 Version: 2.0.0.60)
Bonanza Deals (remove only) (x32 Version: 5.0.1.0)
BufferChm (x32 Version: 140.0.212.000)
Cake Mania (x32)
CCleaner (Version: 4.00)
Chicken Invaders 2 (x32)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Dairy Dash (x32)
Destinations (x32 Version: 140.0.77.000)
DeviceDiscovery (x32 Version: 140.0.212.000)
DHTML Editing Component (x32 Version: 6.02.0001)
Doko Chrome Toolbar (x32)
Doko toolbar (x32 Version: 1.8.26.9)
Dream Day First Home (x32)
ElsterFormular (x32 Version: 14.4.12044)
ESET Online Scanner v3 (x32)
eSobi v2 (x32 Version: 2.0.4.000274)
Farm Frenzy 2 (x32)
Free Audio CD Burner version 1.4 (x32)
Free Audio Converter version 5.0.6.221 (x32 Version: 5.0.6.221)
Free YouTube to MP3 Converter version 3.11.32.918 (x32 Version: 3.11.32.918)
FUSSBALL MANAGER 12 (x32 Version: 1.0.0.3)
Galapago (x32)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.153)
Granny In Paradise (x32)
Haali Media Splitter (x32)
Heroes of Hellas (x32)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet 4620 series - Grundlegende Software für das Gerät (Version: 26.0.784.0)
HP Officejet 4620 series Hilfe (x32 Version: 6.0.0)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)
HP Product Detection (x32 Version: 11.14.0001)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Update (x32 Version: 5.003.000.004)
HPAppStudio (x32 Version: 140.0.95.000)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPPhotoGadget (x32 Version: 140.0.524.000)
HPSSupply (x32 Version: 140.0.211.000)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
Identity Card (x32 Version: 1.00.3003)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.5.6.1001)
Internet-TV für Windows Media Center (x32 Version: 4.2.2.0)
Java 7 Update 17 (x32 Version: 7.0.170)
Java Auto Updater (x32 Version: 2.1.9.0)
Junk Mail filter update (x32 Version: 14.0.8089.726)
jZip (HKCU Version: 2.0.0.131826)
Launch Manager (x32 Version: 4.0.5)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MediaShow Espresso (x32 Version: 5.5.1403_23691)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Language Pack 2007 - German/Deutsch (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32)
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.126.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MyPC Backup (Version: )
MyWinLocker (x32 Version: 3.1.206.0)
MyWinLocker Suite (x32 Version: 3.1.206.0)
Network64 (Version: 140.0.215.000)
Network64 (Version: 140.0.221.000)
Norton Online Backup (x32 Version: 1.2.0.36)
NTI Backup Now 5 (x32 Version: 5.1.2.628)
NTI Backup Now Standard (x32 Version: 5.1.2.628)
NTI Media Maker 8 (x32 Version: 8.0.12.6630)
NVIDIA 3D Vision Treiber 314.22 (Version: 314.22)
NVIDIA Grafiktreiber 314.22 (Version: 314.22)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1)
NVIDIA Install Application (Version: 2.1002.115.743)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422)
NVIDIA Systemsteuerung 314.22 (Version: 314.22)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
Open It! (x32 Version: 1.1.1)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Optical Drive Power Management (x32 Version: 1.01.3006)
PC Connectivity Solution (x32 Version: 10.33.1.0)
Picasa 3 (x32 Version: 3.8)
PS_AIO_07_B110_SW_Min (x32 Version: 140.0.142.000)
QuickTransfer (x32 Version: 140.0.98.000)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6039)
RegClean Pro (x32 Version: 6.21)
Scan (x32 Version: 140.0.80.000)
Search-Results Toolbar (x32 Version: 1.2.0.0)
Shop for HP Supplies (Version: 14.0)
Shredder (Version: 2.0.5.0)
Shredder (x32 Version: 2.0.5.0)
SmartWebPrinting (x32 Version: 140.0.186.000)
Spin & Win (x32)
Status (x32 Version: 140.0.256.000)
Supreme Auction (x32)
Synaptics Pointing Device Driver (Version: 15.0.7.0)
Toolbox (x32 Version: 140.0.428.000)
TrayApp (x32 Version: 140.0.212.000)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6)
Uninstall 1.0.0.1 (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Zip Extractor (HKCU)
WebReg (x32 Version: 140.0.212.017)
Welcome Center (x32 Version: 1.00.3013)
Whilokii 1.0.0 (Version: 1.0.0)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)

==================== Restore Points =========================

01-08-2013 15:23:38 Removed HP Update.
16-08-2013 11:15:33 Windows Update
12-09-2013 14:49:22 Windows Update
12-09-2013 15:15:13 Windows Update
17-09-2013 16:47:02 Windows Update
12-10-2013 09:16:03 Windows Update
13-10-2013 10:59:17 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-04-13 20:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {172D42D0-81CD-49F1-BFF5-18ACA8AAA2CD} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-17] (BonanzaDeals)
Task: {1DABE84F-0DEB-43A4-9AE2-127B99221E08} - System32\Tasks\DigitalSite => C:\Users\Gerald\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: {2590580D-ABCF-496C-80A2-078490342034} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2013-10-04] (Systweak)
Task: {3A035F59-5A05-4D96-BF64-A5B2843BA8CF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3324678813-3512244677-2871082155-1001
Task: {49A87288-BC17-4280-8281-BE57408ECFC7} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-07-22] (Systweak Inc)
Task: {4BE27570-7694-41B5-9EF8-D6AFF8835501} - System32\Tasks\EPUpdater => C:\Users\Gerald\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-09-01] ()
Task: {4C65A7D4-90D9-45A2-9A19-CB9342BC2758} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {53C563FB-2AAA-43D9-83C2-BED0AA0D67EC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {8AD13DF0-E10C-4448-B7FF-CBEF65573C48} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-07-22] (Systweak Inc)
Task: {AE033C09-7005-4E4D-B732-CC0EF2894778} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-17] (BonanzaDeals)
Task: {B3FEA6ED-A22C-446D-8E4E-2C53FC4C17CB} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe [2012-09-17] (Systweak Inc )
Task: {C0256383-7888-4F45-8774-281E9437D93F} - System32\Tasks\BonanzaDealsUpdate => C:\Program
Task: {C20F7415-AFD3-4DAB-8024-E96213207EDB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19] (Google Inc.)
Task: {D9AEAA6E-3EE8-473F-A1EC-214E10A14F39} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-07-22] (Systweak Inc)
Task: {E449CD40-3AFE-4A3E-8E6F-BD2299EFF612} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19] (Google Inc.)
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Gerald\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe

==================== Loaded Modules (whitelisted) =============

2013-09-20 00:37 - 2013-09-20 00:37 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2013-09-20 00:32 - 2013-09-20 00:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2013-04-15 23:09 - 2013-04-15 23:04 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2010-03-09 03:18 - 2010-03-09 03:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-09 03:13 - 2010-03-09 03:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-03-12 05:44 - 2009-12-24 03:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-03-15 12:28 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2013-10-17 19:11 - 2012-07-25 12:03 - 00886272 _____ () C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll
2013-10-17 19:11 - 2013-10-04 18:20 - 01730928 _____ () C:\Program Files (x86)\Advanced System Protector\aspsys.dll
2013-10-17 19:11 - 2012-07-25 12:03 - 00168448 _____ () C:\Program Files (x86)\Advanced System Protector\UNRAR.DLL

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/14/2013 07:07:40 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Manager12.exe, Version: 1.0.0.3, Zeitstempel: 0x4ee1398a
Name des fehlerhaften Moduls: GfxCore.dll, Version: 0.0.0.0, Zeitstempel: 0x4ee138a5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0033312a
ID des fehlerhaften Prozesses: 0x9a8
Startzeit der fehlerhaften Anwendung: 0xManager12.exe0
Pfad der fehlerhaften Anwendung: Manager12.exe1
Pfad des fehlerhaften Moduls: Manager12.exe2
Berichtskennung: Manager12.exe3

Error: (10/13/2013 08:19:23 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: hpqddcmn.dll, Version: 140.0.212.0, Zeitstempel: 0x4b03e56c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000edf7
ID des fehlerhaften Prozesses: 0x40c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3

Error: (10/05/2013 06:26:07 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x10ec
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (09/28/2013 05:40:29 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x9c4
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (09/27/2013 03:15:18 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x109c
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (09/26/2013 06:17:43 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16506 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 12b8

Startzeit: 01cebad3cd5ce893

Endzeit: 63

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (09/23/2013 08:30:32 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x104c
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (09/18/2013 08:06:03 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: hpqddcmn.dll, Version: 140.0.212.0, Zeitstempel: 0x4b03e56c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000edf7
ID des fehlerhaften Prozesses: 0x7dc
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3

Error: (09/18/2013 08:05:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x10cc
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (09/12/2013 07:00:02 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.exe, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1acc

Startzeit: 01ceafd963761a1a

Endzeit: 10

Anwendungspfad: C:\Windows\Explorer.exe

Berichts-ID: c1b0270e-1bcc-11e3-9adb-c80aa950cd05


System errors:
=============
Error: (10/17/2013 06:09:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/16/2013 03:00:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/15/2013 05:31:20 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (10/15/2013 04:14:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/15/2013 04:14:20 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (10/15/2013 04:14:19 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (10/15/2013 04:13:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (10/15/2013 04:13:50 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Rapid Storage Technology erreicht.

Error: (10/15/2013 04:13:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/14/2013 07:02:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-04-13 20:05:40.205
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2013-04-13 20:05:40.142
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2013-04-07 12:14:20.961
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-04-07 12:14:08.826
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-04-07 12:13:47.560
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-04-06 19:45:49.414
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-04-05 14:38:37.959
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-01-02 20:34:50.339
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2012-10-18 17:47:12.711
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2012-08-05 09:57:46.355
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 4030.77 MB
Available physical RAM: 1874.43 MB
Total Pagefile: 8059.71 MB
Available Pagefile: 5512.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:584.07 GB) (Free:508.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 8C00A8E0)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=584 GB) - (Type=07 NTFS)

==================== End Of Log ============================

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:14 on 17/10/2013 (Gerald)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Gerald (administrator) on GERALD-PC on 17-10-2013 19:17:10
Running from C:\Users\Gerald\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\Gerald\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe
(Whilokii) C:\Program Files (x86)\Whilokii\updateWhilokii.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-02-05] (Alcor Micro Corp.)
HKLM\...\Run: [ODDPwr] - C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [222240 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2046760 2010-02-05] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-03-10] (Acer Incorporated)
HKLM-x32\...\Runonce: [Del3722417] - cmd.exe /Q /D /c del "C:\Users\Gerald\AppData\Local\Temp\0.del" [x]
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Gerald\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-05-02] ()
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-12] (Google Inc.)
HKCU\...\Run: [HP Officejet 4620 series (NET)] - C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2548072 2011-12-18] (Hewlett-Packard Co.)
HKCU\...\Runonce: [Del3722417] - cmd.exe /Q /D /c del "C:\Users\Gerald\AppData\Local\Temp\0.del"
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1289296 2010-02-25] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-03-02] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
Startup: C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.doko-search.com/?babsrc=HP_ss&mntrId=C8E0F67BCB599596&affID=125836&tsp=5038
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C8E0F67BCB599596&affID=125836&tsp=5038
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C8E0F67BCB599596&affID=125836&tsp=5038
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Whilokii - {204df522-9a96-4a72-abb0-60f7a216d6d2} - C:\Program Files (x86)\Whilokii\Whilokiibho.dll (Whilokii)
BHO-x32: dokotoolbar Helper Object - {3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82} - C:\Program Files (x86)\Doko-Toolbar\dokotoolbar\1.8.26.9\bh\dokotoolbar.dll (Doko-Toolbar)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - dokotoolbar Toolbar - {339E1B37-76D3-4A64-A988-E81425DF831C} - C:\Program Files (x86)\Doko-Toolbar\dokotoolbar\1.8.26.9\dokotoolbarTlbr.dll (Doko-Toolbar)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (BonanzaDeals) - C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0
CHR HKLM-x32\...\Chrome\Extension: [edcikfknpchdehdlmjpbofgkoaonaijg] - C:\Users\Gerald\AppData\Roaming\BabSolution\CR\Doko.crx

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-20] (Just Develop It)
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-17] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-17] (BonanzaDeals)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-03-10] (Acer Incorporated)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-02-05] (Acer Incorporated)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()
R2 Update Whilokii; C:\Program Files (x86)\Whilokii\updateWhilokii.exe [65304 2013-10-05] (Whilokii)
S2 SeaPort; "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 nmwcdcx64; system32\drivers\ccdcmbox64.sys [x]
S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [x]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltx64j.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-17 19:16 - 2013-10-17 19:16 - 01954124 _____ (Farbar) C:\Users\Gerald\Desktop\FRST64.exe
2013-10-17 19:16 - 2013-10-17 19:16 - 00000000 ____D C:\FRST
2013-10-17 19:14 - 2013-10-17 19:14 - 00000474 _____ C:\Users\Gerald\Desktop\defogger_disable.log
2013-10-17 19:14 - 2013-10-17 19:14 - 00000000 _____ C:\Users\Gerald\defogger_reenable
2013-10-17 19:12 - 2013-10-17 19:12 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-10-17 19:12 - 2013-10-17 19:12 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-10-17 19:11 - 2013-10-17 19:16 - 00000926 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-10-17 19:11 - 2013-10-17 19:16 - 00000922 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-10-17 19:11 - 2013-10-17 19:11 - 00003922 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
2013-10-17 19:11 - 2013-10-17 19:11 - 00003670 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
2013-10-17 19:11 - 2013-10-17 19:11 - 00003394 _____ C:\Windows\System32\Tasks\EPUpdater
2013-10-17 19:11 - 2013-10-17 19:11 - 00003388 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate
2013-10-17 19:11 - 2013-10-17 19:11 - 00003326 _____ C:\Windows\System32\Tasks\Advanced System Protector
2013-10-17 19:11 - 2013-10-17 19:11 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-10-17 19:11 - 2013-10-17 19:11 - 00003032 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2013-10-17 19:11 - 2013-10-17 19:11 - 00002876 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2013-10-17 19:11 - 2013-10-17 19:11 - 00000286 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-10-17 19:11 - 2013-10-17 19:11 - 00000278 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\BabSolution
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Users\Gerald\AppData\Local\BonanzaDealsLive
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\ProgramData\Systweak
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\Doko-Toolbar
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-10-17 19:11 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2013-10-17 19:10 - 2013-10-17 19:10 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-10-17 19:10 - 2013-10-17 19:10 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-10-13 15:08 - 2013-10-13 15:08 - 00000000 ____D C:\Users\Gerald\Documents\Angelina
2013-10-13 13:07 - 2013-10-13 13:08 - 00000000 ____D C:\ProgramData\TVersity
2013-10-13 12:54 - 2013-10-17 19:12 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-13 12:53 - 2013-10-17 19:11 - 00003240 _____ C:\Windows\System32\Tasks\DigitalSite
2013-10-13 12:53 - 2013-10-17 19:11 - 00000296 _____ C:\Windows\Tasks\DigitalSite.job
2013-10-13 12:53 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\Whilokii
2013-10-13 12:53 - 2013-10-17 19:10 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\DigitalSite
2013-10-13 12:53 - 2013-10-17 19:10 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-10-13 10:40 - 2013-10-13 10:42 - 00000000 ____D C:\Users\Gerald\AppData\Local\Songbird2
2013-10-13 10:40 - 2013-10-13 10:40 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Songbird2
2013-10-13 10:38 - 2013-10-13 10:38 - 15783080 _____ (POTI, Inc.) C:\Users\Gerald\Downloads\Songbird_2.2.0-2453_windows-i686-msvc8.exe
2013-10-12 11:27 - 2013-09-22 17:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-12 11:27 - 2013-09-22 17:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-12 11:27 - 2013-09-22 16:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-12 11:27 - 2013-09-22 16:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-12 11:27 - 2013-09-22 16:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-12 11:27 - 2013-09-22 16:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-12 11:27 - 2013-09-22 16:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-12 11:27 - 2013-09-22 16:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-12 11:27 - 2013-09-22 16:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-12 11:27 - 2013-09-22 16:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-12 11:27 - 2013-09-22 16:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-12 11:27 - 2013-09-22 16:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-12 11:27 - 2013-09-22 16:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-12 11:27 - 2013-09-22 16:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-12 11:27 - 2013-09-22 16:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-12 11:27 - 2013-09-22 16:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-12 11:27 - 2013-09-22 12:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-12 11:27 - 2013-09-22 12:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-12 11:27 - 2013-09-22 12:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-12 11:27 - 2013-09-22 12:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-12 11:27 - 2013-09-22 12:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-12 11:27 - 2013-09-22 12:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-12 11:27 - 2013-09-22 12:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-12 11:27 - 2013-09-22 12:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-12 11:27 - 2013-09-22 12:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-12 11:27 - 2013-09-22 12:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-12 11:27 - 2013-09-22 12:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-12 11:27 - 2013-09-22 12:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-12 11:27 - 2013-09-22 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-12 11:27 - 2013-09-22 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-12 11:27 - 2013-09-22 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-12 11:27 - 2013-09-22 11:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 13:42 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 13:42 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 13:42 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 13:42 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 13:42 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-11 13:42 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 13:42 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 13:42 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 13:42 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-11 13:42 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 13:42 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 13:42 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 13:42 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 13:42 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 13:42 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 13:42 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 13:42 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-11 13:42 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-11 13:42 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-11 13:42 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 13:42 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-11 13:42 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-11 13:42 - 2012-11-29 00:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-11 13:42 - 2012-11-29 00:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-10-11 13:42 - 2012-11-29 00:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-01 17:50 - 2013-10-01 17:50 - 98609570 _____ C:\Windows\SysWOW64\꣞뾄聤œ
2013-09-26 16:33 - 2013-09-26 16:33 - 97961477 _____ C:\Windows\SysWOW64\Эﮝ聤v
2013-09-23 21:48 - 2013-09-23 21:48 - 00000000 ____D C:\Users\Gerald\Documents\Steuererklärung

==================== One Month Modified Files and Folders =======

2013-10-17 19:16 - 2013-10-17 19:16 - 01954124 _____ (Farbar) C:\Users\Gerald\Desktop\FRST64.exe
2013-10-17 19:16 - 2013-10-17 19:16 - 00000000 ____D C:\FRST
2013-10-17 19:16 - 2013-10-17 19:11 - 00000926 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-10-17 19:16 - 2013-10-17 19:11 - 00000922 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-10-17 19:14 - 2013-10-17 19:14 - 00000474 _____ C:\Users\Gerald\Desktop\defogger_disable.log
2013-10-17 19:14 - 2013-10-17 19:14 - 00000000 _____ C:\Users\Gerald\defogger_reenable
2013-10-17 19:14 - 2010-08-19 19:33 - 00000000 ____D C:\Users\Gerald
2013-10-17 19:12 - 2013-10-17 19:12 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-10-17 19:12 - 2013-10-17 19:12 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-10-17 19:12 - 2013-10-13 12:54 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-17 19:12 - 2010-08-19 19:35 - 00000000 ___RD C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-17 19:11 - 2013-10-17 19:11 - 00003922 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
2013-10-17 19:11 - 2013-10-17 19:11 - 00003670 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
2013-10-17 19:11 - 2013-10-17 19:11 - 00003394 _____ C:\Windows\System32\Tasks\EPUpdater
2013-10-17 19:11 - 2013-10-17 19:11 - 00003388 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate
2013-10-17 19:11 - 2013-10-17 19:11 - 00003326 _____ C:\Windows\System32\Tasks\Advanced System Protector
2013-10-17 19:11 - 2013-10-17 19:11 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-10-17 19:11 - 2013-10-17 19:11 - 00003032 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2013-10-17 19:11 - 2013-10-17 19:11 - 00002876 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2013-10-17 19:11 - 2013-10-17 19:11 - 00000286 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-10-17 19:11 - 2013-10-17 19:11 - 00000278 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\BabSolution
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Users\Gerald\AppData\Local\BonanzaDealsLive
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\ProgramData\Systweak
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\Doko-Toolbar
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-10-17 19:11 - 2013-10-13 12:53 - 00003240 _____ C:\Windows\System32\Tasks\DigitalSite
2013-10-17 19:11 - 2013-10-13 12:53 - 00000296 _____ C:\Windows\Tasks\DigitalSite.job
2013-10-17 19:11 - 2013-10-13 12:53 - 00000000 ____D C:\Program Files (x86)\Whilokii
2013-10-17 19:11 - 2012-07-08 23:02 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Systweak
2013-10-17 19:10 - 2013-10-17 19:10 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-10-17 19:10 - 2013-10-17 19:10 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-10-17 19:10 - 2013-10-13 12:53 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\DigitalSite
2013-10-17 19:10 - 2013-10-13 12:53 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-10-17 18:53 - 2010-03-31 01:26 - 02050654 _____ C:\Windows\WindowsUpdate.log
2013-10-17 18:25 - 2010-08-19 19:45 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-17 18:17 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-17 18:17 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-17 18:12 - 2009-07-14 04:34 - 00000545 _____ C:\Windows\win.ini
2013-10-17 18:09 - 2013-04-13 18:26 - 00013518 _____ C:\Windows\setupact.log
2013-10-17 18:09 - 2010-08-19 19:45 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-17 18:09 - 2010-03-31 01:30 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-17 18:09 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-14 19:02 - 2013-04-13 18:26 - 00025626 _____ C:\Windows\PFRO.log
2013-10-14 16:26 - 2013-05-31 07:04 - 00001093 _____ C:\Users\Gerald\Desktop\Rechnungsverwalter.lnk
2013-10-13 15:08 - 2013-10-13 15:08 - 00000000 ____D C:\Users\Gerald\Documents\Angelina
2013-10-13 15:08 - 2013-05-30 19:10 - 00000000 ___RD C:\Users\Gerald\Documents\LR
2013-10-13 15:06 - 2012-02-09 23:04 - 00000000 ____D C:\Users\Gerald\Documents\Texte
2013-10-13 13:08 - 2013-10-13 13:07 - 00000000 ____D C:\ProgramData\TVersity
2013-10-13 12:53 - 2010-08-19 19:38 - 00000000 ____D C:\Users\Gerald\AppData\Local\Google
2013-10-13 12:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-13 11:21 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-10-13 10:42 - 2013-10-13 10:40 - 00000000 ____D C:\Users\Gerald\AppData\Local\Songbird2
2013-10-13 10:40 - 2013-10-13 10:40 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Songbird2
2013-10-13 10:40 - 2010-08-19 21:51 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Mozilla
2013-10-13 10:38 - 2013-10-13 10:38 - 15783080 _____ (POTI, Inc.) C:\Users\Gerald\Downloads\Songbird_2.2.0-2453_windows-i686-msvc8.exe
2013-10-12 20:29 - 2009-07-14 06:45 - 00368512 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-12 11:30 - 2010-03-12 06:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-12 11:24 - 2010-03-31 11:17 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-10-12 11:24 - 2010-03-31 11:17 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-10-12 11:24 - 2009-07-14 07:13 - 01519874 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-12 11:23 - 2013-08-16 13:20 - 00000000 ____D C:\Windows\system32\MRT
2013-10-12 11:19 - 2011-03-17 17:08 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-07 12:01 - 2013-05-07 17:49 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-07 12:01 - 2013-04-15 23:09 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-07 12:01 - 2013-04-15 23:09 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-07 12:01 - 2013-04-15 23:09 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-01 17:50 - 2013-10-01 17:50 - 98609570 _____ C:\Windows\SysWOW64\꣞뾄聤œ
2013-09-30 18:50 - 2013-05-10 16:49 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2013-09-30 18:48 - 2013-05-10 17:23 - 00000000 ____D C:\Users\Gerald\AppData\Local\.elfohilfe
2013-09-26 18:13 - 2013-04-13 19:16 - 00000000 ____D C:\ProgramData\Wincert
2013-09-26 16:33 - 2013-09-26 16:33 - 97961477 _____ C:\Windows\SysWOW64\Эﮝ聤v
2013-09-23 21:48 - 2013-09-23 21:48 - 00000000 ____D C:\Users\Gerald\Documents\Steuererklärung
2013-09-22 17:43 - 2013-10-12 11:27 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 17:01 - 2013-10-12 11:27 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-22 16:42 - 2013-10-12 11:27 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-22 16:36 - 2013-10-12 11:27 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-22 16:33 - 2013-10-12 11:27 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-22 16:33 - 2013-10-12 11:27 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-22 16:30 - 2013-10-12 11:27 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-22 16:27 - 2013-10-12 11:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-22 16:23 - 2013-10-12 11:27 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-22 16:22 - 2013-10-12 11:27 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-22 16:21 - 2013-10-12 11:27 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-22 16:19 - 2013-10-12 11:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-22 16:19 - 2013-10-12 11:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 16:16 - 2013-10-12 11:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-22 16:15 - 2013-10-12 11:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-22 16:07 - 2013-10-12 11:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-22 12:29 - 2013-10-12 11:27 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-22 12:22 - 2013-10-12 11:27 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-22 12:22 - 2013-10-12 11:27 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-22 12:14 - 2013-10-12 11:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-22 12:13 - 2013-10-12 11:27 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-22 12:13 - 2013-10-12 11:27 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-22 12:12 - 2013-10-12 11:27 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-22 12:09 - 2013-10-12 11:27 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-22 12:08 - 2013-10-12 11:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-22 12:07 - 2013-10-12 11:27 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-22 12:06 - 2013-10-12 11:27 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-22 12:05 - 2013-10-12 11:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-22 12:03 - 2013-10-12 11:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-22 12:03 - 2013-10-12 11:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-22 12:03 - 2013-10-12 11:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-22 11:59 - 2013-10-12 11:27 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

Some content of TEMP:
====================
C:\Users\Gerald\AppData\Local\Temp\AskSLib.dll
C:\Users\Gerald\AppData\Local\Temp\avgnt.exe
C:\Users\Gerald\AppData\Local\Temp\BackupSetup.exe
C:\Users\Gerald\AppData\Local\Temp\uninst1.exe
C:\Users\Gerald\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-13 16:04

==================== End Of Log ============================

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-17 19:36:34
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Gerald\AppData\Local\Temp\uwdiapow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff800035b6000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591 fffff800035b602f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75]
.text ... * 2
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75]
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75]
.text ... * 2
.text C:\Users\Gerald\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75]
.text C:\Users\Gerald\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75]
.text ... * 2
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75]
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75]
.text ... * 2
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075872da4 5 bytes JMP 000000016a6f9ed4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007588cbf3 5 bytes JMP 000000016a849186
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007588cfca 5 bytes JMP 000000016a65189b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000758acb0c 5 bytes JMP 000000016a849121
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000758ace64 5 bytes JMP 000000016a8491eb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000758bfbd1 5 bytes JMP 000000016a8490a8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000758bfc9d 5 bytes JMP 000000016a84902f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000758bfcd6 5 bytes JMP 000000016a848fcb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000758bfcfa 5 bytes JMP 000000016a848f67
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075c293ec 5 bytes JMP 000000016a8493a0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007221388e 5 bytes JMP 000000016a849250
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 00000000722b7922 5 bytes JMP 000000016a8492f8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000077462694 1 byte JMP 000000016a849598
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW + 2 0000000077462696 3 bytes {JMP 0xfffffffff33e6f04}
? C:\Windows\system32\mssprxy.dll [8236] entry point in ".rdata" section 00000000733971e6
.text C:\Program Files (x86)\Whilokii\updateWhilokii.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75]
.text C:\Program Files (x86)\Whilokii\updateWhilokii.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077df261d 6 bytes JMP 000000016a718054
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077e02ad3 6 bytes JMP 000000016a6b980d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000075513475 5 bytes JMP 000000016a6b75e3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075868a29 5 bytes JMP 000000016a7203df
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007586d22e 5 bytes JMP 000000016a6c3643
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007587291f 5 bytes JMP 000000016a69ddb3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075872da4 5 bytes JMP 000000016a6f9ed4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075876285 5 bytes JMP 000000016a717ff1
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075877603 5 bytes JMP 000000016a6f25cc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 000000007587b029 5 bytes JMP 000000016a849528
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 000000007587c63e 5 bytes JMP 000000016a849560
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000758850ed 5 bytes JMP 000000016a849c22
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000075885246 5 bytes JMP 000000016a8494b8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!EndDialog 000000007588b99c 5 bytes JMP 000000016a849ef6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007588c701 5 bytes JMP 000000016a849c4a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007588cbf3 5 bytes JMP 000000016a849186
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007588cfca 5 bytes JMP 000000016a65189b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007588eb96 5 bytes JMP 000000016a69dedd
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007588f52b 5 bytes JMP 000000016a73ed14
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!SendInput 000000007588ff4a 5 bytes JMP 000000016a84a4b9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000758910dc 5 bytes JMP 000000016a8494f0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000758914b2 5 bytes JMP 000000016a84a511
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000758a9cfd 5 bytes JMP 000000016a84a592
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000758acb0c 5 bytes JMP 000000016a849121
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000758ace64 5 bytes JMP 000000016a8491eb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000758bfbd1 5 bytes JMP 000000016a8490a8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000758bfc9d 5 bytes JMP 000000016a84902f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000758bfcd6 5 bytes JMP 000000016a848fcb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000758bfcfa 5 bytes JMP 000000016a848f67
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758c02bf 5 bytes JMP 000000016a84a476
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075e86143 5 bytes JMP 000000016a849954
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075bc3e59 5 bytes JMP 000000016a849a4c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075bc3eae 5 bytes JMP 000000016a849aca
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075bc4731 5 bytes JMP 000000016a8499be
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075bc5dee 5 bytes JMP 000000016a849a6a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075c293ec 5 bytes JMP 000000016a8493a0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007221388e 5 bytes JMP 000000016a849250
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 00000000722b7922 5 bytes JMP 000000016a8492f8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000774533a3 5 bytes JMP 000000016a84963c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000077462694 1 byte JMP 000000016a849598
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW + 2 0000000077462696 3 bytes {JMP 0xfffffffff33e6f04}
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 000000007746e8ff 5 bytes JMP 000000016a849708
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077df261d 6 bytes JMP 000000016a718054
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077e02ad3 6 bytes JMP 000000016a6b980d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000075513475 5 bytes JMP 000000016a6b75e3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075868a29 5 bytes JMP 000000016a7203df
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007586d22e 5 bytes JMP 000000016a6c3643
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007587291f 5 bytes JMP 000000016a69ddb3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075872da4 5 bytes JMP 000000016a6f9ed4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075876285 5 bytes JMP 000000016a717ff1
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075877603 5 bytes JMP 000000016a6f25cc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 000000007587b029 5 bytes JMP 000000016a849528
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 000000007587c63e 5 bytes JMP 000000016a849560
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000758850ed 5 bytes JMP 000000016a849c22
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000075885246 5 bytes JMP 000000016a8494b8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!EndDialog 000000007588b99c 5 bytes JMP 000000016a849ef6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007588c701 5 bytes JMP 000000016a849c4a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007588cbf3 5 bytes JMP 000000016a849186
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007588cfca 5 bytes JMP 000000016a65189b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007588eb96 5 bytes JMP 000000016a69dedd
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007588f52b 5 bytes JMP 000000016a73ed14
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!SendInput 000000007588ff4a 5 bytes JMP 000000016a84a4b9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000758910dc 5 bytes JMP 000000016a8494f0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000758914b2 5 bytes JMP 000000016a84a511
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000758a9cfd 5 bytes JMP 000000016a84a592
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000758acb0c 5 bytes JMP 000000016a849121
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000758ace64 5 bytes JMP 000000016a8491eb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000758bfbd1 5 bytes JMP 000000016a8490a8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000758bfc9d 5 bytes JMP 000000016a84902f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000758bfcd6 5 bytes JMP 000000016a848fcb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000758bfcfa 5 bytes JMP 000000016a848f67
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758c02bf 5 bytes JMP 000000016a84a476
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075e86143 5 bytes JMP 000000016a849954
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075bc3e59 5 bytes JMP 000000016a849a4c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075bc3eae 5 bytes JMP 000000016a849aca
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075bc4731 5 bytes JMP 000000016a8499be
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075bc5dee 5 bytes JMP 000000016a849a6a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075c293ec 5 bytes JMP 000000016a8493a0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007221388e 5 bytes JMP 000000016a849250
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 00000000722b7922 5 bytes JMP 000000016a8492f8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000774533a3 5 bytes JMP 000000016a84963c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000077462694 1 byte JMP 000000016a849598
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW + 2 0000000077462696 3 bytes {JMP 0xfffffffff33e6f04}
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 000000007746e8ff 5 bytes JMP 000000016a849708
.text C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe[6536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75]
.text C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe[6536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75]
.text ... * 2

---- EOF - GMER 2.1 ----

Alt 17.10.2013, 19:01   #2
nowak555
 
Jede Woche min. ein Fund bei Malware - Standard

Jede Woche min. ein Fund bei Malware




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Gerald (administrator) on GERALD-PC on 17-10-2013 19:17:10
Running from C:\Users\Gerald\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\Gerald\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe
(Whilokii) C:\Program Files (x86)\Whilokii\updateWhilokii.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-02-05] (Alcor Micro Corp.)
HKLM\...\Run: [ODDPwr] - C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [222240 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2046760 2010-02-05] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-03-10] (Acer Incorporated)
HKLM-x32\...\Runonce: [Del3722417] - cmd.exe /Q /D /c del "C:\Users\Gerald\AppData\Local\Temp\0.del" [x]
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Gerald\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-05-02] ()
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-12] (Google Inc.)
HKCU\...\Run: [HP Officejet 4620 series (NET)] - C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2548072 2011-12-18] (Hewlett-Packard Co.)
HKCU\...\Runonce: [Del3722417] - cmd.exe /Q /D /c del "C:\Users\Gerald\AppData\Local\Temp\0.del"
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1289296 2010-02-25] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-03-02] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
Startup: C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Doko Search
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C8E0F67BCB599596&affID=125836&tsp=5038
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C8E0F67BCB599596&affID=125836&tsp=5038
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Whilokii - {204df522-9a96-4a72-abb0-60f7a216d6d2} - C:\Program Files (x86)\Whilokii\Whilokiibho.dll (Whilokii)
BHO-x32: dokotoolbar Helper Object - {3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82} - C:\Program Files (x86)\Doko-Toolbar\dokotoolbar\1.8.26.9\bh\dokotoolbar.dll (Doko-Toolbar)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - dokotoolbar Toolbar - {339E1B37-76D3-4A64-A988-E81425DF831C} - C:\Program Files (x86)\Doko-Toolbar\dokotoolbar\1.8.26.9\dokotoolbarTlbr.dll (Doko-Toolbar)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (BonanzaDeals) - C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0
CHR HKLM-x32\...\Chrome\Extension: [edcikfknpchdehdlmjpbofgkoaonaijg] - C:\Users\Gerald\AppData\Roaming\BabSolution\CR\Doko.crx

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-20] (Just Develop It)
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-17] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-17] (BonanzaDeals)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-03-10] (Acer Incorporated)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-02-05] (Acer Incorporated)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()
R2 Update Whilokii; C:\Program Files (x86)\Whilokii\updateWhilokii.exe [65304 2013-10-05] (Whilokii)
S2 SeaPort; "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 nmwcdcx64; system32\drivers\ccdcmbox64.sys [x]
S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [x]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltx64j.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-17 19:16 - 2013-10-17 19:16 - 01954124 _____ (Farbar) C:\Users\Gerald\Desktop\FRST64.exe
2013-10-17 19:16 - 2013-10-17 19:16 - 00000000 ____D C:\FRST
2013-10-17 19:14 - 2013-10-17 19:14 - 00000474 _____ C:\Users\Gerald\Desktop\defogger_disable.log
2013-10-17 19:14 - 2013-10-17 19:14 - 00000000 _____ C:\Users\Gerald\defogger_reenable
2013-10-17 19:12 - 2013-10-17 19:12 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-10-17 19:12 - 2013-10-17 19:12 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-10-17 19:11 - 2013-10-17 19:16 - 00000926 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-10-17 19:11 - 2013-10-17 19:16 - 00000922 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-10-17 19:11 - 2013-10-17 19:11 - 00003922 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
2013-10-17 19:11 - 2013-10-17 19:11 - 00003670 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
2013-10-17 19:11 - 2013-10-17 19:11 - 00003394 _____ C:\Windows\System32\Tasks\EPUpdater
2013-10-17 19:11 - 2013-10-17 19:11 - 00003388 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate
2013-10-17 19:11 - 2013-10-17 19:11 - 00003326 _____ C:\Windows\System32\Tasks\Advanced System Protector
2013-10-17 19:11 - 2013-10-17 19:11 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-10-17 19:11 - 2013-10-17 19:11 - 00003032 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2013-10-17 19:11 - 2013-10-17 19:11 - 00002876 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2013-10-17 19:11 - 2013-10-17 19:11 - 00000286 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-10-17 19:11 - 2013-10-17 19:11 - 00000278 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\BabSolution
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Users\Gerald\AppData\Local\BonanzaDealsLive
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\ProgramData\Systweak
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\Doko-Toolbar
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-10-17 19:11 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2013-10-17 19:10 - 2013-10-17 19:10 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-10-17 19:10 - 2013-10-17 19:10 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-10-13 15:08 - 2013-10-13 15:08 - 00000000 ____D C:\Users\Gerald\Documents\Angelina
2013-10-13 13:07 - 2013-10-13 13:08 - 00000000 ____D C:\ProgramData\TVersity
2013-10-13 12:54 - 2013-10-17 19:12 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-13 12:53 - 2013-10-17 19:11 - 00003240 _____ C:\Windows\System32\Tasks\DigitalSite
2013-10-13 12:53 - 2013-10-17 19:11 - 00000296 _____ C:\Windows\Tasks\DigitalSite.job
2013-10-13 12:53 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\Whilokii
2013-10-13 12:53 - 2013-10-17 19:10 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\DigitalSite
2013-10-13 12:53 - 2013-10-17 19:10 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-10-13 10:40 - 2013-10-13 10:42 - 00000000 ____D C:\Users\Gerald\AppData\Local\Songbird2
2013-10-13 10:40 - 2013-10-13 10:40 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Songbird2
2013-10-13 10:38 - 2013-10-13 10:38 - 15783080 _____ (POTI, Inc.) C:\Users\Gerald\Downloads\Songbird_2.2.0-2453_windows-i686-msvc8.exe
2013-10-12 11:27 - 2013-09-22 17:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-12 11:27 - 2013-09-22 17:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-12 11:27 - 2013-09-22 16:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-12 11:27 - 2013-09-22 16:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-12 11:27 - 2013-09-22 16:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-12 11:27 - 2013-09-22 16:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-12 11:27 - 2013-09-22 16:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-12 11:27 - 2013-09-22 16:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-12 11:27 - 2013-09-22 16:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-12 11:27 - 2013-09-22 16:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-12 11:27 - 2013-09-22 16:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-12 11:27 - 2013-09-22 16:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-12 11:27 - 2013-09-22 16:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-12 11:27 - 2013-09-22 16:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-12 11:27 - 2013-09-22 16:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-12 11:27 - 2013-09-22 16:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-12 11:27 - 2013-09-22 12:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-12 11:27 - 2013-09-22 12:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-12 11:27 - 2013-09-22 12:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-12 11:27 - 2013-09-22 12:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-12 11:27 - 2013-09-22 12:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-12 11:27 - 2013-09-22 12:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-12 11:27 - 2013-09-22 12:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-12 11:27 - 2013-09-22 12:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-12 11:27 - 2013-09-22 12:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-12 11:27 - 2013-09-22 12:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-12 11:27 - 2013-09-22 12:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-12 11:27 - 2013-09-22 12:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-12 11:27 - 2013-09-22 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-12 11:27 - 2013-09-22 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-12 11:27 - 2013-09-22 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-12 11:27 - 2013-09-22 11:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 13:42 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 13:42 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 13:42 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 13:42 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 13:42 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-11 13:42 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 13:42 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 13:42 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 13:42 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-11 13:42 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 13:42 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 13:42 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 13:42 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 13:42 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 13:42 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 13:42 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 13:42 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-11 13:42 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-11 13:42 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-11 13:42 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 13:42 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-11 13:42 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-11 13:42 - 2012-11-29 00:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-11 13:42 - 2012-11-29 00:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-10-11 13:42 - 2012-11-29 00:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-01 17:50 - 2013-10-01 17:50 - 98609570 _____ C:\Windows\SysWOW64\꣞뾄聤œ
2013-09-26 16:33 - 2013-09-26 16:33 - 97961477 _____ C:\Windows\SysWOW64\Эﮝ聤v
2013-09-23 21:48 - 2013-09-23 21:48 - 00000000 ____D C:\Users\Gerald\Documents\Steuererklärung

==================== One Month Modified Files and Folders =======

2013-10-17 19:16 - 2013-10-17 19:16 - 01954124 _____ (Farbar) C:\Users\Gerald\Desktop\FRST64.exe
2013-10-17 19:16 - 2013-10-17 19:16 - 00000000 ____D C:\FRST
2013-10-17 19:16 - 2013-10-17 19:11 - 00000926 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-10-17 19:16 - 2013-10-17 19:11 - 00000922 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-10-17 19:14 - 2013-10-17 19:14 - 00000474 _____ C:\Users\Gerald\Desktop\defogger_disable.log
2013-10-17 19:14 - 2013-10-17 19:14 - 00000000 _____ C:\Users\Gerald\defogger_reenable
2013-10-17 19:14 - 2010-08-19 19:33 - 00000000 ____D C:\Users\Gerald
2013-10-17 19:12 - 2013-10-17 19:12 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-10-17 19:12 - 2013-10-17 19:12 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-10-17 19:12 - 2013-10-13 12:54 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-17 19:12 - 2010-08-19 19:35 - 00000000 ___RD C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-17 19:11 - 2013-10-17 19:11 - 00003922 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
2013-10-17 19:11 - 2013-10-17 19:11 - 00003670 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
2013-10-17 19:11 - 2013-10-17 19:11 - 00003394 _____ C:\Windows\System32\Tasks\EPUpdater
2013-10-17 19:11 - 2013-10-17 19:11 - 00003388 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate
2013-10-17 19:11 - 2013-10-17 19:11 - 00003326 _____ C:\Windows\System32\Tasks\Advanced System Protector
2013-10-17 19:11 - 2013-10-17 19:11 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-10-17 19:11 - 2013-10-17 19:11 - 00003032 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2013-10-17 19:11 - 2013-10-17 19:11 - 00002876 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2013-10-17 19:11 - 2013-10-17 19:11 - 00000286 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-10-17 19:11 - 2013-10-17 19:11 - 00000278 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\BabSolution
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Users\Gerald\AppData\Local\BonanzaDealsLive
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\ProgramData\Systweak
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\Doko-Toolbar
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-10-17 19:11 - 2013-10-13 12:53 - 00003240 _____ C:\Windows\System32\Tasks\DigitalSite
2013-10-17 19:11 - 2013-10-13 12:53 - 00000296 _____ C:\Windows\Tasks\DigitalSite.job
2013-10-17 19:11 - 2013-10-13 12:53 - 00000000 ____D C:\Program Files (x86)\Whilokii
2013-10-17 19:11 - 2012-07-08 23:02 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Systweak
2013-10-17 19:10 - 2013-10-17 19:10 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-10-17 19:10 - 2013-10-17 19:10 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-10-17 19:10 - 2013-10-13 12:53 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\DigitalSite
2013-10-17 19:10 - 2013-10-13 12:53 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-10-17 18:53 - 2010-03-31 01:26 - 02050654 _____ C:\Windows\WindowsUpdate.log
2013-10-17 18:25 - 2010-08-19 19:45 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-17 18:17 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-17 18:17 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-17 18:12 - 2009-07-14 04:34 - 00000545 _____ C:\Windows\win.ini
2013-10-17 18:09 - 2013-04-13 18:26 - 00013518 _____ C:\Windows\setupact.log
2013-10-17 18:09 - 2010-08-19 19:45 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-17 18:09 - 2010-03-31 01:30 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-17 18:09 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-14 19:02 - 2013-04-13 18:26 - 00025626 _____ C:\Windows\PFRO.log
2013-10-14 16:26 - 2013-05-31 07:04 - 00001093 _____ C:\Users\Gerald\Desktop\Rechnungsverwalter.lnk
2013-10-13 15:08 - 2013-10-13 15:08 - 00000000 ____D C:\Users\Gerald\Documents\Angelina
2013-10-13 15:08 - 2013-05-30 19:10 - 00000000 ___RD C:\Users\Gerald\Documents\LR
2013-10-13 15:06 - 2012-02-09 23:04 - 00000000 ____D C:\Users\Gerald\Documents\Texte
2013-10-13 13:08 - 2013-10-13 13:07 - 00000000 ____D C:\ProgramData\TVersity
2013-10-13 12:53 - 2010-08-19 19:38 - 00000000 ____D C:\Users\Gerald\AppData\Local\Google
2013-10-13 12:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-13 11:21 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-10-13 10:42 - 2013-10-13 10:40 - 00000000 ____D C:\Users\Gerald\AppData\Local\Songbird2
2013-10-13 10:40 - 2013-10-13 10:40 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Songbird2
2013-10-13 10:40 - 2010-08-19 21:51 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Mozilla
2013-10-13 10:38 - 2013-10-13 10:38 - 15783080 _____ (POTI, Inc.) C:\Users\Gerald\Downloads\Songbird_2.2.0-2453_windows-i686-msvc8.exe
2013-10-12 20:29 - 2009-07-14 06:45 - 00368512 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-12 11:30 - 2010-03-12 06:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-12 11:24 - 2010-03-31 11:17 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-10-12 11:24 - 2010-03-31 11:17 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-10-12 11:24 - 2009-07-14 07:13 - 01519874 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-12 11:23 - 2013-08-16 13:20 - 00000000 ____D C:\Windows\system32\MRT
2013-10-12 11:19 - 2011-03-17 17:08 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-07 12:01 - 2013-05-07 17:49 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-07 12:01 - 2013-04-15 23:09 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-07 12:01 - 2013-04-15 23:09 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-07 12:01 - 2013-04-15 23:09 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-01 17:50 - 2013-10-01 17:50 - 98609570 _____ C:\Windows\SysWOW64\꣞뾄聤œ
2013-09-30 18:50 - 2013-05-10 16:49 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2013-09-30 18:48 - 2013-05-10 17:23 - 00000000 ____D C:\Users\Gerald\AppData\Local\.elfohilfe
2013-09-26 18:13 - 2013-04-13 19:16 - 00000000 ____D C:\ProgramData\Wincert
2013-09-26 16:33 - 2013-09-26 16:33 - 97961477 _____ C:\Windows\SysWOW64\Эﮝ聤v
2013-09-23 21:48 - 2013-09-23 21:48 - 00000000 ____D C:\Users\Gerald\Documents\Steuererklärung
2013-09-22 17:43 - 2013-10-12 11:27 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 17:01 - 2013-10-12 11:27 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-22 16:42 - 2013-10-12 11:27 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-22 16:36 - 2013-10-12 11:27 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-22 16:33 - 2013-10-12 11:27 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-22 16:33 - 2013-10-12 11:27 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-22 16:30 - 2013-10-12 11:27 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-22 16:27 - 2013-10-12 11:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-22 16:23 - 2013-10-12 11:27 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-22 16:22 - 2013-10-12 11:27 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-22 16:21 - 2013-10-12 11:27 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-22 16:19 - 2013-10-12 11:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-22 16:19 - 2013-10-12 11:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 16:16 - 2013-10-12 11:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-22 16:15 - 2013-10-12 11:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-22 16:07 - 2013-10-12 11:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-22 12:29 - 2013-10-12 11:27 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-22 12:22 - 2013-10-12 11:27 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-22 12:22 - 2013-10-12 11:27 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-22 12:14 - 2013-10-12 11:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-22 12:13 - 2013-10-12 11:27 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-22 12:13 - 2013-10-12 11:27 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-22 12:12 - 2013-10-12 11:27 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-22 12:09 - 2013-10-12 11:27 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-22 12:08 - 2013-10-12 11:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-22 12:07 - 2013-10-12 11:27 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-22 12:06 - 2013-10-12 11:27 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-22 12:05 - 2013-10-12 11:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-22 12:03 - 2013-10-12 11:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-22 12:03 - 2013-10-12 11:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-22 12:03 - 2013-10-12 11:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-22 11:59 - 2013-10-12 11:27 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

Some content of TEMP:
====================
C:\Users\Gerald\AppData\Local\Temp\AskSLib.dll
C:\Users\Gerald\AppData\Local\Temp\avgnt.exe
C:\Users\Gerald\AppData\Local\Temp\BackupSetup.exe
C:\Users\Gerald\AppData\Local\Temp\uninst1.exe
C:\Users\Gerald\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-13 16:04

==================== End Of Log ============================
         
--- --- ---
__________________


Alt 17.10.2013, 19:54   #3
aharonov
/// TB-Ausbilder
 
Jede Woche min. ein Fund bei Malware - Standard

Jede Woche min. ein Fund bei Malware



Hallo,

Zitat:
ich habe seit ungefähr 3 Wochen mind. ein Fund bei Anti-Malware.
Was für einen Fund meinst du? => http://www.trojaner-board.de/125889-...en-posten.html


Schritt 1
  • Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
  • Suche und deinstalliere dort der Reihe nach folgende Einträge:
    Advanced System Protector
    Bonanza Deals
    Doko Chrome Toolbar
    Doko toolbar
    MyPC Backup
    Open It!
    RegClean Pro
    Search-Results Toolbar
    Update for Zip Extractor
    Whilokii 1.0.0
  • Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.



Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von FRST
__________________
__________________

Alt 17.10.2013, 20:18   #4
nowak555
 
Jede Woche min. ein Fund bei Malware - Standard

Jede Woche min. ein Fund bei Malware



AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.008 - Bericht erstellt am 17/10/2013 um 21:06:18
# Updated 17/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Gerald - GERALD-PC
# Gestartet von : C:\Users\Gerald\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\ProgramData\Uniblue\DriverScanner
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files (x86)\jZip
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup 
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Gerald\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\Gerald\AppData\Local\jZip
Ordner Gelöscht : C:\Users\Gerald\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Gerald\AppData\LocalLow\jziptoolbargaw
Ordner Gelöscht : C:\Users\Gerald\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Gerald\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\Gerald\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\Gerald\AppData\Roaming\Systweak
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
Datei Gelöscht : C:\Windows\Tasks\digitalsite.job
Datei Gelöscht : C:\Windows\System32\Tasks\digitalsite

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\8e8bd9b03cba12
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_ashampoo-clipfinder-hd_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_ashampoo-clipfinder-hd_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mcafee-labs-stinger_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mcafee-labs-stinger_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ABE12CA-E995-4AB4-9A4E-EF8820A20182}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Blabbers       
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\jZip
Schlüssel Gelöscht : HKCU\Software\jziptoolbargaw
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\jZip
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16514


*************************

AdwCleaner[R0].txt - [5359 octets] - [17/10/2013 21:03:22]
AdwCleaner[S0].txt - [4714 octets] - [17/10/2013 21:06:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4774 octets] ##########
         
--- --- ---
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Gerald (administrator) on GERALD-PC on 17-10-2013 21:11:05
Running from C:\Users\Gerald\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Users\Gerald\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-02-05] (Alcor Micro Corp.)
HKLM\...\Run: [ODDPwr] - C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [222240 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2046760 2010-02-05] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-03-10] (Acer Incorporated)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Gerald\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-05-02] ()
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-12] (Google Inc.)
HKCU\...\Run: [HP Officejet 4620 series (NET)] - C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2548072 2011-12-18] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1289296 2010-02-25] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-03-02] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-03-10] (Acer Incorporated)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-02-05] (Acer Incorporated)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()
S2 SeaPort; "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 nmwcdcx64; system32\drivers\ccdcmbox64.sys [x]
S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [x]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltx64j.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-17 21:02 - 2013-10-17 21:06 - 00000000 ____D C:\AdwCleaner
2013-10-17 21:02 - 2013-10-17 21:02 - 01050644 _____ C:\Users\Gerald\Desktop\adwcleaner.exe
2013-10-17 20:10 - 2013-10-17 20:10 - 00000098 _____ C:\Users\Gerald\AppData\Roaming\WB.CFG
2013-10-17 20:10 - 2013-10-17 20:10 - 00000006 _____ C:\Users\Gerald\AppData\Roaming\WBPU-TTL.DAT
2013-10-17 19:55 - 2013-10-17 19:55 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-10-17 19:45 - 2013-10-17 19:46 - 00292288 _____ C:\Windows\Minidump\101713-37596-01.dmp
2013-10-17 19:36 - 2013-10-17 19:36 - 00034688 _____ C:\Users\Gerald\Desktop\gmer.log
2013-10-17 19:18 - 2013-10-17 19:19 - 00028968 _____ C:\Users\Gerald\Desktop\Addition.txt
2013-10-17 19:16 - 2013-10-17 19:16 - 01954124 _____ (Farbar) C:\Users\Gerald\Desktop\FRST64.exe
2013-10-17 19:16 - 2013-10-17 19:16 - 00000000 ____D C:\FRST
2013-10-17 19:14 - 2013-10-17 19:14 - 00000474 _____ C:\Users\Gerald\Desktop\defogger_disable.log
2013-10-17 19:14 - 2013-10-17 19:14 - 00000000 _____ C:\Users\Gerald\defogger_reenable
2013-10-13 15:08 - 2013-10-13 15:08 - 00000000 ____D C:\Users\Gerald\Documents\Angelina
2013-10-13 13:07 - 2013-10-13 13:08 - 00000000 ____D C:\ProgramData\TVersity
2013-10-13 10:40 - 2013-10-13 10:42 - 00000000 ____D C:\Users\Gerald\AppData\Local\Songbird2
2013-10-13 10:40 - 2013-10-13 10:40 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Songbird2
2013-10-13 10:38 - 2013-10-13 10:38 - 15783080 _____ (POTI, Inc.) C:\Users\Gerald\Downloads\Songbird_2.2.0-2453_windows-i686-msvc8.exe
2013-10-12 11:27 - 2013-09-22 17:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-12 11:27 - 2013-09-22 17:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-12 11:27 - 2013-09-22 16:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-12 11:27 - 2013-09-22 16:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-12 11:27 - 2013-09-22 16:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-12 11:27 - 2013-09-22 16:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-12 11:27 - 2013-09-22 16:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-12 11:27 - 2013-09-22 16:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-12 11:27 - 2013-09-22 16:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-12 11:27 - 2013-09-22 16:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-12 11:27 - 2013-09-22 16:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-12 11:27 - 2013-09-22 16:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-12 11:27 - 2013-09-22 16:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-12 11:27 - 2013-09-22 16:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-12 11:27 - 2013-09-22 16:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-12 11:27 - 2013-09-22 16:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-12 11:27 - 2013-09-22 12:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-12 11:27 - 2013-09-22 12:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-12 11:27 - 2013-09-22 12:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-12 11:27 - 2013-09-22 12:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-12 11:27 - 2013-09-22 12:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-12 11:27 - 2013-09-22 12:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-12 11:27 - 2013-09-22 12:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-12 11:27 - 2013-09-22 12:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-12 11:27 - 2013-09-22 12:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-12 11:27 - 2013-09-22 12:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-12 11:27 - 2013-09-22 12:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-12 11:27 - 2013-09-22 12:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-12 11:27 - 2013-09-22 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-12 11:27 - 2013-09-22 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-12 11:27 - 2013-09-22 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-12 11:27 - 2013-09-22 11:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 13:42 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 13:42 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 13:42 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 13:42 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 13:42 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-11 13:42 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 13:42 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 13:42 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 13:42 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-11 13:42 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 13:42 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 13:42 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 13:42 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 13:42 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 13:42 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 13:42 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 13:42 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-11 13:42 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-11 13:42 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-11 13:42 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 13:42 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-11 13:42 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-11 13:42 - 2012-11-29 00:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-11 13:42 - 2012-11-29 00:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-10-11 13:42 - 2012-11-29 00:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-01 17:50 - 2013-10-01 17:50 - 98609570 _____ C:\Windows\SysWOW64\꣞뾄聤œ
2013-09-26 16:33 - 2013-09-26 16:33 - 97961477 _____ C:\Windows\SysWOW64\Эﮝ聤v
2013-09-23 21:48 - 2013-09-23 21:48 - 00000000 ____D C:\Users\Gerald\Documents\Steuererklärung

==================== One Month Modified Files and Folders =======

2013-10-17 21:10 - 2009-07-14 04:34 - 00000545 _____ C:\Windows\win.ini
2013-10-17 21:07 - 2013-04-13 18:26 - 00013686 _____ C:\Windows\setupact.log
2013-10-17 21:07 - 2010-08-19 19:45 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-17 21:07 - 2010-03-31 01:30 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-17 21:07 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-17 21:06 - 2013-10-17 21:02 - 00000000 ____D C:\AdwCleaner
2013-10-17 21:06 - 2013-03-31 21:05 - 00000000 ____D C:\ProgramData\Uniblue
2013-10-17 21:06 - 2010-03-31 01:26 - 02074338 _____ C:\Windows\WindowsUpdate.log
2013-10-17 21:06 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-17 21:06 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-17 21:02 - 2013-10-17 21:02 - 01050644 _____ C:\Users\Gerald\Desktop\adwcleaner.exe
2013-10-17 20:59 - 2013-04-13 18:26 - 00026900 _____ C:\Windows\PFRO.log
2013-10-17 20:25 - 2010-08-19 19:45 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-17 20:10 - 2013-10-17 20:10 - 00000098 _____ C:\Users\Gerald\AppData\Roaming\WB.CFG
2013-10-17 20:10 - 2013-10-17 20:10 - 00000006 _____ C:\Users\Gerald\AppData\Roaming\WBPU-TTL.DAT
2013-10-17 20:04 - 2010-08-19 19:35 - 00000000 ___RD C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-17 19:55 - 2013-10-17 19:55 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-10-17 19:46 - 2013-10-17 19:45 - 00292288 _____ C:\Windows\Minidump\101713-37596-01.dmp
2013-10-17 19:45 - 2013-08-15 20:43 - 541789891 _____ C:\Windows\MEMORY.DMP
2013-10-17 19:45 - 2010-11-17 12:54 - 00000000 ____D C:\Windows\Minidump
2013-10-17 19:36 - 2013-10-17 19:36 - 00034688 _____ C:\Users\Gerald\Desktop\gmer.log
2013-10-17 19:19 - 2013-10-17 19:18 - 00028968 _____ C:\Users\Gerald\Desktop\Addition.txt
2013-10-17 19:16 - 2013-10-17 19:16 - 01954124 _____ (Farbar) C:\Users\Gerald\Desktop\FRST64.exe
2013-10-17 19:16 - 2013-10-17 19:16 - 00000000 ____D C:\FRST
2013-10-17 19:14 - 2013-10-17 19:14 - 00000474 _____ C:\Users\Gerald\Desktop\defogger_disable.log
2013-10-17 19:14 - 2013-10-17 19:14 - 00000000 _____ C:\Users\Gerald\defogger_reenable
2013-10-17 19:14 - 2010-08-19 19:33 - 00000000 ____D C:\Users\Gerald
2013-10-14 16:26 - 2013-05-31 07:04 - 00001093 _____ C:\Users\Gerald\Desktop\Rechnungsverwalter.lnk
2013-10-13 15:08 - 2013-10-13 15:08 - 00000000 ____D C:\Users\Gerald\Documents\Angelina
2013-10-13 15:08 - 2013-05-30 19:10 - 00000000 ___RD C:\Users\Gerald\Documents\LR
2013-10-13 15:06 - 2012-02-09 23:04 - 00000000 ____D C:\Users\Gerald\Documents\Texte
2013-10-13 13:08 - 2013-10-13 13:07 - 00000000 ____D C:\ProgramData\TVersity
2013-10-13 12:53 - 2010-08-19 19:38 - 00000000 ____D C:\Users\Gerald\AppData\Local\Google
2013-10-13 12:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-13 11:21 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-10-13 10:42 - 2013-10-13 10:40 - 00000000 ____D C:\Users\Gerald\AppData\Local\Songbird2
2013-10-13 10:40 - 2013-10-13 10:40 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Songbird2
2013-10-13 10:40 - 2010-08-19 21:51 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Mozilla
2013-10-13 10:38 - 2013-10-13 10:38 - 15783080 _____ (POTI, Inc.) C:\Users\Gerald\Downloads\Songbird_2.2.0-2453_windows-i686-msvc8.exe
2013-10-12 20:29 - 2009-07-14 06:45 - 00368512 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-12 11:30 - 2010-03-12 06:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-12 11:24 - 2010-03-31 11:17 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-10-12 11:24 - 2010-03-31 11:17 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-10-12 11:24 - 2009-07-14 07:13 - 01519874 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-12 11:23 - 2013-08-16 13:20 - 00000000 ____D C:\Windows\system32\MRT
2013-10-12 11:19 - 2011-03-17 17:08 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-07 12:01 - 2013-05-07 17:49 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-07 12:01 - 2013-04-15 23:09 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-07 12:01 - 2013-04-15 23:09 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-07 12:01 - 2013-04-15 23:09 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-01 17:50 - 2013-10-01 17:50 - 98609570 _____ C:\Windows\SysWOW64\꣞뾄聤œ
2013-09-30 18:50 - 2013-05-10 16:49 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2013-09-30 18:48 - 2013-05-10 17:23 - 00000000 ____D C:\Users\Gerald\AppData\Local\.elfohilfe
2013-09-26 18:13 - 2013-04-13 19:16 - 00000000 ____D C:\ProgramData\Wincert
2013-09-26 16:33 - 2013-09-26 16:33 - 97961477 _____ C:\Windows\SysWOW64\Эﮝ聤v
2013-09-23 21:48 - 2013-09-23 21:48 - 00000000 ____D C:\Users\Gerald\Documents\Steuererklärung
2013-09-22 17:43 - 2013-10-12 11:27 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 17:01 - 2013-10-12 11:27 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-22 16:42 - 2013-10-12 11:27 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-22 16:36 - 2013-10-12 11:27 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-22 16:33 - 2013-10-12 11:27 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-22 16:33 - 2013-10-12 11:27 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-22 16:30 - 2013-10-12 11:27 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-22 16:27 - 2013-10-12 11:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-22 16:23 - 2013-10-12 11:27 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-22 16:22 - 2013-10-12 11:27 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-22 16:21 - 2013-10-12 11:27 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-22 16:19 - 2013-10-12 11:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-22 16:19 - 2013-10-12 11:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 16:16 - 2013-10-12 11:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-22 16:15 - 2013-10-12 11:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-22 16:07 - 2013-10-12 11:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-22 12:29 - 2013-10-12 11:27 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-22 12:22 - 2013-10-12 11:27 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-22 12:22 - 2013-10-12 11:27 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-22 12:14 - 2013-10-12 11:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-22 12:13 - 2013-10-12 11:27 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-22 12:13 - 2013-10-12 11:27 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-22 12:12 - 2013-10-12 11:27 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-22 12:09 - 2013-10-12 11:27 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-22 12:08 - 2013-10-12 11:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-22 12:07 - 2013-10-12 11:27 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-22 12:06 - 2013-10-12 11:27 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-22 12:05 - 2013-10-12 11:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-22 12:03 - 2013-10-12 11:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-22 12:03 - 2013-10-12 11:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-22 12:03 - 2013-10-12 11:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-22 11:59 - 2013-10-12 11:27 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

Some content of TEMP:
====================
C:\Users\Gerald\AppData\Local\Temp\AskSLib.dll
C:\Users\Gerald\AppData\Local\Temp\avgnt.exe
C:\Users\Gerald\AppData\Local\Temp\BackupSetup.exe
C:\Users\Gerald\AppData\Local\Temp\Quarantine.exe
C:\Users\Gerald\AppData\Local\Temp\uninst1.exe
C:\Users\Gerald\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-13 16:04

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.10.14.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Gerald :: GERALD-PC [Administrator]

14.10.2013 17:03:39
mbam-log-2013-10-14 (17-03-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 397773
Laufzeit: 1 Stunde(n), 24 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 5
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0A1M1S1N1H2Q1H0B1O1O -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 8
C:\Users\Gerald\AppData\Roaming\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BonanzaDealsLive\Update (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BonanzaDealsLive\Update\Log (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Gerald\AppData\Local\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Gerald\AppData\Local\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 8
C:\Users\Gerald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4U9NP2J\Allin1Convert.exe (PUP.Optional.FunWebProducts.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Gerald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4Z3UJ4J\ZipExtractorSetup.exe (PUP.Optional.Installcore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Gerald\AppData\Local\Temp\is1590112554\16607019_stp\wajam_validate.exe (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Gerald\AppData\Local\Temp\is1590112554\16607281_stp\rcpsetup_adppi_adppi.exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Gerald\AppData\Local\Temp\is1590112554\16607472_stp\bd.exe (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Gerald\AppData\Roaming\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Gerald\AppData\Roaming\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.09.26.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Gerald :: GERALD-PC [Administrator]

26.09.2013 16:48:43
mbam-log-2013-09-26 (16-48-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 385927
Laufzeit: 1 Stunde(n), 21 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 5
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Systweak\RegClean Pro (PUP.Optional.RegCleanerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 5
C:\Users\Gerald\AppData\Local\Temp\Iminent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Gerald\AppData\Local\Temp\Iminent\Log (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Gerald\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Gerald\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Gerald\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.21.5 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 4
C:\ProgramData\Wincert\win32cert.dll (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Wincert\win64cert.dll (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Wincert\win32prop.dll (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Wincert\win64prop.dll (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.08.02.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Gerald :: GERALD-PC [Administrator]

02.08.2013 15:41:53
mbam-log-2013-08-02 (15-41-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 402251
Laufzeit: 3 Stunde(n), 57 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Gerald\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 2
C:\Users\Gerald\AppData\Local\Temp\0BB4DC02-BAB0-7891-BD91-7F774E8D2C0E\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Gerald\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 17.10.2013, 20:24   #5
aharonov
/// TB-Ausbilder
 
Jede Woche min. ein Fund bei Malware - Standard

Jede Woche min. ein Fund bei Malware



Ja da ist immer mal wieder etwas Adware-Mist aufgetaucht...
Ist jetzt nach dem AdwCleaner-Durchlauf wieder alles in Ordnung?

__________________
cheers,
Leo

Alt 17.10.2013, 20:26   #6
nowak555
 
Jede Woche min. ein Fund bei Malware - Standard

Jede Woche min. ein Fund bei Malware



Der Laptop brauch ganz schön lange zum hochfahren.
Der Aussetzer im Bild war vorhin zum ersten Mal.

Ansonsten bin ich soweit zu frieden.

Alt 22.10.2013, 20:52   #7
aharonov
/// TB-Ausbilder
 
Jede Woche min. ein Fund bei Malware - Standard

Jede Woche min. ein Fund bei Malware



Alles klar. Und ansonsten melde dich nochmals, wenn es noch was zu tun gibt.


Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________
cheers,
Leo

Antwort

Themen zu Jede Woche min. ein Fund bei Malware
.com, antivirus, bildschirm, combofix, device driver, error, farbar, farbar recovery scan tool, flash player, helper, iexplore.exe, malware, ntdll.dll, officejet, pup.optional.babylon.a, pup.optional.bonanzadeals.a, pup.optional.browsefox.a, pup.optional.datamngr.a, pup.optional.delta.a, pup.optional.digitalsite.a, pup.optional.funwebproducts.a, pup.optional.iminent.a, pup.optional.installcore, pup.optional.installcore.a, pup.optional.regcleanerpro, pup.optional.regcleanerpro.a, pup.optional.wajam, svchost.exe, system, systweak, vcredist, windows



Ähnliche Themen: Jede Woche min. ein Fund bei Malware


  1. Malwarebytes Anti-Malware Fund: PUP.Optional.Conduit.A
    Plagegeister aller Art und deren Bekämpfung - 02.08.2015 (9)
  2. MyFreeze Malware Fund
    Plagegeister aller Art und deren Bekämpfung - 17.12.2014 (5)
  3. Malware Fund von Maleware Antimalwarebytes
    Log-Analyse und Auswertung - 26.10.2014 (15)
  4. Trojaner-Fund von Anti-Malware nach Blue Screen
    Log-Analyse und Auswertung - 07.07.2014 (9)
  5. Jede Menge Probleme, jede Menge Logs
    Plagegeister aller Art und deren Bekämpfung - 15.03.2014 (7)
  6. Avira meldet Fund, Malware bestätigt das. Was tun?
    Plagegeister aller Art und deren Bekämpfung - 09.03.2014 (15)
  7. DealPly Windows Defender-Warnung und Fund von Malware durch Malwarebytes
    Plagegeister aller Art und deren Bekämpfung - 15.01.2014 (9)
  8. Windows 8: Malware Fund - ADWARE/InstallCore.Gen + WLAN Probleme
    Plagegeister aller Art und deren Bekämpfung - 21.12.2013 (7)
  9. VirusTotal Fund: PE:Malware.XPACK/RDM!5.1
    Plagegeister aller Art und deren Bekämpfung - 16.12.2013 (3)
  10. Fund bei Suchlauf mit Malwarebytes Anti-Malware
    Plagegeister aller Art und deren Bekämpfung - 15.12.2013 (15)
  11. Malware Fund Windows 7
    Plagegeister aller Art und deren Bekämpfung - 27.11.2013 (17)
  12. Inkasso Mail mit Zip-Anhang geöffnet, Trojaner Fund mit Malware Bytes
    Log-Analyse und Auswertung - 19.05.2013 (25)
  13. Iminent taucht jede Woche neu auf
    Log-Analyse und Auswertung - 17.04.2013 (11)
  14. Rechner fährt sich selbst herunter! Vorher Malware-Fund!
    Plagegeister aller Art und deren Bekämpfung - 18.12.2010 (1)
  15. Malware Fund
    Log-Analyse und Auswertung - 03.11.2010 (29)
  16. Malware-Fund EXP/Pidief.GL während Online Banking
    Log-Analyse und Auswertung - 12.12.2009 (3)
  17. Malware Fund durch AntiVir
    Log-Analyse und Auswertung - 28.03.2009 (0)

Zum Thema Jede Woche min. ein Fund bei Malware - Hallo liebe Helfer, ich habe seit ungefähr 3 Wochen mind. ein Fund bei Anti-Malware. Gerade eben hat sich der PC heruntergefahren. Ein blaues Bildschirm ist aufgegangen mit Windows delect... Additional - Jede Woche min. ein Fund bei Malware...
Archiv
Du betrachtest: Jede Woche min. ein Fund bei Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.