| |
| |||||||
Log-Analyse und Auswertung: Jede Woche min. ein Fund bei MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
17.10.2013, 19:01
| #1 |
 |  Jede Woche min. ein Fund bei Malware Hallo liebe Helfer, ich habe seit ungefähr 3 Wochen mind. ein Fund bei Anti-Malware. Gerade eben hat sich der PC heruntergefahren. Ein blaues Bildschirm ist aufgegangen mit Windows delect... Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013 Ran by Gerald at 2013-10-17 19:18:51 Running from C:\Users\Gerald\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (x32) 64 Bit HP CIO Components Installer (Version: 7.2.8) AAVUpdateManager (x32 Version: 18.00.0000) Acer Arcade Deluxe (x32 Version: 4.0.7501) Acer Arcade Movie (x32 Version: 9.0.6302) Acer Backup Manager (x32 Version: 2.0.0.60) Acer Crystal Eye webcam (x32 Version: 1.0.2.0) Acer eRecovery Management (x32 Version: 4.05.3007) Acer GameZone Console (x32 Version: 6.1.0.2) Acer PowerSmart Manager (x32 Version: 5.01.3002) Acer Registration (x32 Version: 1.02.3006) Acer ScreenSaver (x32 Version: 1.1.0120.2010) Acer Updater (x32 Version: 1.01.3017) Acrobat.com (x32 Version: 1.6.65) Adobe AIR (x32 Version: 1.5.0.7220) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.169) Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05) Advanced System Protector (x32 Version: 2.1.1000.12150) Alcor Micro USB Card Reader (x32 Version: 1.3.17.05006) Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18) Amazonia (x32) Anno 1602 (x32) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.24) Avira Free Antivirus (x32 Version: 14.0.0.383) B110 (x32 Version: 140.0.283.000) Backup Manager Basic (x32 Version: 2.0.0.60) Bonanza Deals (remove only) (x32 Version: 5.0.1.0) BufferChm (x32 Version: 140.0.212.000) Cake Mania (x32) CCleaner (Version: 4.00) Chicken Invaders 2 (x32) Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000) Dairy Dash (x32) Destinations (x32 Version: 140.0.77.000) DeviceDiscovery (x32 Version: 140.0.212.000) DHTML Editing Component (x32 Version: 6.02.0001) Doko Chrome Toolbar (x32) Doko toolbar (x32 Version: 1.8.26.9) Dream Day First Home (x32) ElsterFormular (x32 Version: 14.4.12044) ESET Online Scanner v3 (x32) eSobi v2 (x32 Version: 2.0.4.000274) Farm Frenzy 2 (x32) Free Audio CD Burner version 1.4 (x32) Free Audio Converter version 5.0.6.221 (x32 Version: 5.0.6.221) Free YouTube to MP3 Converter version 3.11.32.918 (x32 Version: 3.11.32.918) FUSSBALL MANAGER 12 (x32 Version: 1.0.0.3) Galapago (x32) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54) Google Update Helper (x32 Version: 1.3.21.153) Granny In Paradise (x32) Haali Media Splitter (x32) Heroes of Hellas (x32) Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000) HP Imaging Device Functions 14.0 (Version: 14.0) HP Officejet 4620 series - Grundlegende Software für das Gerät (Version: 26.0.784.0) HP Officejet 4620 series Hilfe (x32 Version: 6.0.0) HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0) HP Product Detection (x32 Version: 11.14.0001) HP Smart Web Printing 4.60 (Version: 4.60) HP Update (x32 Version: 5.003.000.004) HPAppStudio (x32 Version: 140.0.95.000) HPDiagnosticAlert (x32 Version: 1.00.0000) HPPhotoGadget (x32 Version: 140.0.524.000) HPSSupply (x32 Version: 140.0.211.000) I.R.I.S. OCR (x32 Version: 12.3.4.0) Identity Card (x32 Version: 1.00.3003) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Management Engine Components (x32 Version: 6.0.0.1179) Intel(R) Rapid Storage Technology (x32 Version: 9.5.6.1001) Internet-TV für Windows Media Center (x32 Version: 4.2.2.0) Java 7 Update 17 (x32 Version: 7.0.170) Java Auto Updater (x32 Version: 2.1.9.0) Junk Mail filter update (x32 Version: 14.0.8089.726) jZip (HKCU Version: 2.0.0.131826) Launch Manager (x32 Version: 4.0.5) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) MediaShow Espresso (x32 Version: 5.5.1403_23691) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Choice Guard (x32 Version: 2.0.48.0) Microsoft Office 2007 Service Pack 3 (SP3) (x32) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Language Pack 2007 - German/Deutsch (x32 Version: 12.0.6612.1000) Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1) Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32) Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32) Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Suite Activation Assistant (x32 Version: 2.9) Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Search Enhancement Pack (x32 Version: 3.0.126.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Works (x32 Version: 9.7.0621) MSVC80_x64_v2 (Version: 1.0.3.0) MSVC80_x86_v2 (x32 Version: 1.0.3.0) MSVC90_x64 (Version: 1.0.1.2) MSVC90_x86 (x32 Version: 1.0.1.2) MSVCRT (x32 Version: 14.0.1468.721) MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0) MyPC Backup (Version: ) MyWinLocker (x32 Version: 3.1.206.0) MyWinLocker Suite (x32 Version: 3.1.206.0) Network64 (Version: 140.0.215.000) Network64 (Version: 140.0.221.000) Norton Online Backup (x32 Version: 1.2.0.36) NTI Backup Now 5 (x32 Version: 5.1.2.628) NTI Backup Now Standard (x32 Version: 5.1.2.628) NTI Media Maker 8 (x32 Version: 8.0.12.6630) NVIDIA 3D Vision Treiber 314.22 (Version: 314.22) NVIDIA Grafiktreiber 314.22 (Version: 314.22) NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1) NVIDIA Install Application (Version: 2.1002.115.743) NVIDIA PhysX (x32 Version: 9.12.1031) NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422) NVIDIA Systemsteuerung 314.22 (Version: 314.22) NVIDIA Update 1.12.12 (Version: 1.12.12) NVIDIA Update Components (Version: 1.12.12) Open It! (x32 Version: 1.1.1) OpenOffice.org 3.3 (x32 Version: 3.3.9567) Optical Drive Power Management (x32 Version: 1.01.3006) PC Connectivity Solution (x32 Version: 10.33.1.0) Picasa 3 (x32 Version: 3.8) PS_AIO_07_B110_SW_Min (x32 Version: 140.0.142.000) QuickTransfer (x32 Version: 140.0.98.000) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6039) RegClean Pro (x32 Version: 6.21) Scan (x32 Version: 140.0.80.000) Search-Results Toolbar (x32 Version: 1.2.0.0) Shop for HP Supplies (Version: 14.0) Shredder (Version: 2.0.5.0) Shredder (x32 Version: 2.0.5.0) SmartWebPrinting (x32 Version: 140.0.186.000) Spin & Win (x32) Status (x32 Version: 140.0.256.000) Supreme Auction (x32) Synaptics Pointing Device Driver (Version: 15.0.7.0) Toolbox (x32 Version: 140.0.428.000) TrayApp (x32 Version: 140.0.212.000) Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6) Uninstall 1.0.0.1 (x32) Update for 2007 Microsoft Office System (KB967642) (x32) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32) Update for Zip Extractor (HKCU) WebReg (x32 Version: 140.0.212.017) Welcome Center (x32 Version: 1.00.3013) Whilokii 1.0.0 (Version: 1.0.0) Windows Live Call (x32 Version: 14.0.8064.0206) Windows Live Communications Platform (x32 Version: 14.0.8064.206) Windows Live Essentials (x32 Version: 14.0.8089.0726) Windows Live Essentials (x32 Version: 14.0.8089.726) Windows Live Fotogalerie (x32 Version: 14.0.8081.709) Windows Live ID Sign-in Assistant (Version: 6.500.3165.0) Windows Live Mail (x32 Version: 14.0.8089.0726) Windows Live Messenger (x32 Version: 14.0.8089.0726) Windows Live Movie Maker (x32 Version: 14.0.8091.0730) Windows Live Sync (x32 Version: 14.0.8089.726) Windows Live Writer (x32 Version: 14.0.8089.0726) Windows Live-Uploadtool (x32 Version: 14.0.8014.1029) Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0) ==================== Restore Points ========================= 01-08-2013 15:23:38 Removed HP Update. 16-08-2013 11:15:33 Windows Update 12-09-2013 14:49:22 Windows Update 12-09-2013 15:15:13 Windows Update 17-09-2013 16:47:02 Windows Update 12-10-2013 09:16:03 Windows Update 13-10-2013 10:59:17 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-04-13 20:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {172D42D0-81CD-49F1-BFF5-18ACA8AAA2CD} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-17] (BonanzaDeals) Task: {1DABE84F-0DEB-43A4-9AE2-127B99221E08} - System32\Tasks\DigitalSite => C:\Users\Gerald\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] () Task: {2590580D-ABCF-496C-80A2-078490342034} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2013-10-04] (Systweak) Task: {3A035F59-5A05-4D96-BF64-A5B2843BA8CF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3324678813-3512244677-2871082155-1001 Task: {49A87288-BC17-4280-8281-BE57408ECFC7} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-07-22] (Systweak Inc) Task: {4BE27570-7694-41B5-9EF8-D6AFF8835501} - System32\Tasks\EPUpdater => C:\Users\Gerald\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-09-01] () Task: {4C65A7D4-90D9-45A2-9A19-CB9342BC2758} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd) Task: {53C563FB-2AAA-43D9-83C2-BED0AA0D67EC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {8AD13DF0-E10C-4448-B7FF-CBEF65573C48} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-07-22] (Systweak Inc) Task: {AE033C09-7005-4E4D-B732-CC0EF2894778} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-17] (BonanzaDeals) Task: {B3FEA6ED-A22C-446D-8E4E-2C53FC4C17CB} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe [2012-09-17] (Systweak Inc ) Task: {C0256383-7888-4F45-8774-281E9437D93F} - System32\Tasks\BonanzaDealsUpdate => C:\Program Task: {C20F7415-AFD3-4DAB-8024-E96213207EDB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19] (Google Inc.) Task: {D9AEAA6E-3EE8-473F-A1EC-214E10A14F39} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-07-22] (Systweak Inc) Task: {E449CD40-3AFE-4A3E-8E6F-BD2299EFF612} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-19] (Google Inc.) Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Gerald\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-20 00:37 - 2013-09-20 00:37 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll 2013-09-20 00:32 - 2013-09-20 00:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll 2013-04-15 23:09 - 2013-04-15 23:04 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2010-03-09 03:18 - 2010-03-09 03:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2010-03-09 03:13 - 2010-03-09 03:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll 2010-03-12 05:44 - 2009-12-24 03:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2010-03-15 12:28 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll 2013-10-17 19:11 - 2012-07-25 12:03 - 00886272 _____ () C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll 2013-10-17 19:11 - 2013-10-04 18:20 - 01730928 _____ () C:\Program Files (x86)\Advanced System Protector\aspsys.dll 2013-10-17 19:11 - 2012-07-25 12:03 - 00168448 _____ () C:\Program Files (x86)\Advanced System Protector\UNRAR.DLL ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" ==================== Faulty Device Manager Devices ============= Name: Photosmart B110 series Description: Photosmart B110 series Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: HP Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Photosmart B110 series Description: Photosmart B110 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (10/14/2013 07:07:40 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: Manager12.exe, Version: 1.0.0.3, Zeitstempel: 0x4ee1398a Name des fehlerhaften Moduls: GfxCore.dll, Version: 0.0.0.0, Zeitstempel: 0x4ee138a5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0033312a ID des fehlerhaften Prozesses: 0x9a8 Startzeit der fehlerhaften Anwendung: 0xManager12.exe0 Pfad der fehlerhaften Anwendung: Manager12.exe1 Pfad des fehlerhaften Moduls: Manager12.exe2 Berichtskennung: Manager12.exe3 Error: (10/13/2013 08:19:23 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: hpqddcmn.dll, Version: 140.0.212.0, Zeitstempel: 0x4b03e56c Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000edf7 ID des fehlerhaften Prozesses: 0x40c Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Error: (10/05/2013 06:26:07 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001487 ID des fehlerhaften Prozesses: 0x10ec Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0 Pfad der fehlerhaften Anwendung: avnotify.exe1 Pfad des fehlerhaften Moduls: avnotify.exe2 Berichtskennung: avnotify.exe3 Error: (09/28/2013 05:40:29 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001487 ID des fehlerhaften Prozesses: 0x9c4 Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0 Pfad der fehlerhaften Anwendung: avnotify.exe1 Pfad des fehlerhaften Moduls: avnotify.exe2 Berichtskennung: avnotify.exe3 Error: (09/27/2013 03:15:18 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001487 ID des fehlerhaften Prozesses: 0x109c Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0 Pfad der fehlerhaften Anwendung: avnotify.exe1 Pfad des fehlerhaften Moduls: avnotify.exe2 Berichtskennung: avnotify.exe3 Error: (09/26/2013 06:17:43 PM) (Source: Application Hang) (User: ) Description: Programm iexplore.exe, Version 9.0.8112.16506 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12b8 Startzeit: 01cebad3cd5ce893 Endzeit: 63 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: Error: (09/23/2013 08:30:32 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001487 ID des fehlerhaften Prozesses: 0x104c Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0 Pfad der fehlerhaften Anwendung: avnotify.exe1 Pfad des fehlerhaften Moduls: avnotify.exe2 Berichtskennung: avnotify.exe3 Error: (09/18/2013 08:06:03 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: hpqddcmn.dll, Version: 140.0.212.0, Zeitstempel: 0x4b03e56c Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000edf7 ID des fehlerhaften Prozesses: 0x7dc Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Error: (09/18/2013 08:05:44 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001487 ID des fehlerhaften Prozesses: 0x10cc Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0 Pfad der fehlerhaften Anwendung: avnotify.exe1 Pfad des fehlerhaften Moduls: avnotify.exe2 Berichtskennung: avnotify.exe3 Error: (09/12/2013 07:00:02 PM) (Source: Application Hang) (User: ) Description: Programm Explorer.exe, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1acc Startzeit: 01ceafd963761a1a Endzeit: 10 Anwendungspfad: C:\Windows\Explorer.exe Berichts-ID: c1b0270e-1bcc-11e3-9adb-c80aa950cd05 System errors: ============= Error: (10/17/2013 06:09:26 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (10/16/2013 03:00:07 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (10/15/2013 05:31:20 PM) (Source: iaStor) (User: ) Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error: (10/15/2013 04:14:20 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (10/15/2013 04:14:20 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (10/15/2013 04:14:19 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (10/15/2013 04:13:50 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/15/2013 04:13:50 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Rapid Storage Technology erreicht. Error: (10/15/2013 04:13:17 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (10/14/2013 07:02:35 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-04-13 20:05:40.205 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-04-13 20:05:40.142 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-04-07 12:14:20.961 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-07 12:14:08.826 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-07 12:13:47.560 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-06 19:45:49.414 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-05 14:38:37.959 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-02 20:34:50.339 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-10-18 17:47:12.711 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-08-05 09:57:46.355 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 53% Total physical RAM: 4030.77 MB Available physical RAM: 1874.43 MB Total Pagefile: 8059.71 MB Available Pagefile: 5512.3 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:584.07 GB) (Free:508.21 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 8C00A8E0) Partition 1: (Not Active) - (Size=12 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=584 GB) - (Type=07 NTFS) ==================== End Of Log ============================ defogger_disable by jpshortstuff (23.02.10.1) Log created at 19:14 on 17/10/2013 (Gerald) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by Gerald (administrator) on GERALD-PC on 17-10-2013 19:17:10 Running from C:\Users\Gerald\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe (Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Users\Gerald\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe (Whilokii) C:\Program Files (x86)\Whilokii\updateWhilokii.exe (Microsoft Corporation) C:\Windows\system32\msiexec.exe (Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-02] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-02-02] (Realtek Semiconductor) HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-02-05] (Alcor Micro Corp.) HKLM\...\Run: [ODDPwr] - C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [222240 2010-02-05] (Acer Incorporated) HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2046760 2010-02-05] (Synaptics Incorporated) HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-03-10] (Acer Incorporated) HKLM-x32\...\Runonce: [Del3722417] - cmd.exe /Q /D /c del "C:\Users\Gerald\AppData\Local\Temp\0.del" [x] HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Gerald\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-05-02] () HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-12] (Google Inc.) HKCU\...\Run: [HP Officejet 4620 series (NET)] - C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2548072 2011-12-18] (Hewlett-Packard Co.) HKCU\...\Runonce: [Del3722417] - cmd.exe /Q /D /c del "C:\Users\Gerald\AppData\Local\Temp\0.del" HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation) HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.) HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1289296 2010-02-25] (Dritek System Inc.) HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-03-02] (CyberLink Corp.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard) HKLM-x32\...\Run: [] - [x] HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] () HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] () Startup: C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.doko-search.com/?babsrc=HP_ss&mntrId=C8E0F67BCB599596&affID=125836&tsp=5038 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C8E0F67BCB599596&affID=125836&tsp=5038 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C8E0F67BCB599596&affID=125836&tsp=5038 BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Whilokii - {204df522-9a96-4a72-abb0-60f7a216d6d2} - C:\Program Files (x86)\Whilokii\Whilokiibho.dll (Whilokii) BHO-x32: dokotoolbar Helper Object - {3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82} - C:\Program Files (x86)\Doko-Toolbar\dokotoolbar\1.8.26.9\bh\dokotoolbar.dll (Doko-Toolbar) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM-x32 - dokotoolbar Toolbar - {339E1B37-76D3-4A64-A988-E81425DF831C} - C:\Program Files (x86)\Doko-Toolbar\dokotoolbar\1.8.26.9\dokotoolbarTlbr.dll (Doko-Toolbar) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (BonanzaDeals) - C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0 CHR HKLM-x32\...\Chrome\Extension: [edcikfknpchdehdlmjpbofgkoaonaijg] - C:\Users\Gerald\AppData\Roaming\BabSolution\CR\Doko.crx ==================== Services (Whitelisted) ================= R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG) S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-20] (Just Develop It) S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-17] (BonanzaDeals) S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-17] (BonanzaDeals) R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-03-10] (Acer Incorporated) S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.) R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-02-05] (Acer Incorporated) R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () R2 Update Whilokii; C:\Program Files (x86)\Whilokii\updateWhilokii.exe [65304 2013-10-05] (Whilokii) S2 SeaPort; "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [x] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 nmwcdcx64; system32\drivers\ccdcmbox64.sys [x] S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [x] S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [x] S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltx64j.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-17 19:16 - 2013-10-17 19:16 - 01954124 _____ (Farbar) C:\Users\Gerald\Desktop\FRST64.exe 2013-10-17 19:16 - 2013-10-17 19:16 - 00000000 ____D C:\FRST 2013-10-17 19:14 - 2013-10-17 19:14 - 00000474 _____ C:\Users\Gerald\Desktop\defogger_disable.log 2013-10-17 19:14 - 2013-10-17 19:14 - 00000000 _____ C:\Users\Gerald\defogger_reenable 2013-10-17 19:12 - 2013-10-17 19:12 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup 2013-10-17 19:12 - 2013-10-17 19:12 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2013-10-17 19:11 - 2013-10-17 19:16 - 00000926 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job 2013-10-17 19:11 - 2013-10-17 19:16 - 00000922 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job 2013-10-17 19:11 - 2013-10-17 19:11 - 00003922 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA 2013-10-17 19:11 - 2013-10-17 19:11 - 00003670 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore 2013-10-17 19:11 - 2013-10-17 19:11 - 00003394 _____ C:\Windows\System32\Tasks\EPUpdater 2013-10-17 19:11 - 2013-10-17 19:11 - 00003388 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate 2013-10-17 19:11 - 2013-10-17 19:11 - 00003326 _____ C:\Windows\System32\Tasks\Advanced System Protector 2013-10-17 19:11 - 2013-10-17 19:11 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro 2013-10-17 19:11 - 2013-10-17 19:11 - 00003032 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES 2013-10-17 19:11 - 2013-10-17 19:11 - 00002876 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT 2013-10-17 19:11 - 2013-10-17 19:11 - 00000286 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job 2013-10-17 19:11 - 2013-10-17 19:11 - 00000278 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job 2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\BabSolution 2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Users\Gerald\AppData\Local\BonanzaDealsLive 2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\ProgramData\Systweak 2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\ProgramData\BonanzaDealsLive 2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\RegClean Pro 2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\Doko-Toolbar 2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive 2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector 2013-10-17 19:11 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe 2013-10-17 19:10 - 2013-10-17 19:10 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals 2013-10-17 19:10 - 2013-10-17 19:10 - 00000000 ____D C:\Program Files (x86)\OpenIt 2013-10-13 15:08 - 2013-10-13 15:08 - 00000000 ____D C:\Users\Gerald\Documents\Angelina 2013-10-13 13:07 - 2013-10-13 13:08 - 00000000 ____D C:\ProgramData\TVersity 2013-10-13 12:54 - 2013-10-17 19:12 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2013-10-13 12:53 - 2013-10-17 19:11 - 00003240 _____ C:\Windows\System32\Tasks\DigitalSite 2013-10-13 12:53 - 2013-10-17 19:11 - 00000296 _____ C:\Windows\Tasks\DigitalSite.job 2013-10-13 12:53 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\Whilokii 2013-10-13 12:53 - 2013-10-17 19:10 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\DigitalSite 2013-10-13 12:53 - 2013-10-17 19:10 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-10-13 10:40 - 2013-10-13 10:42 - 00000000 ____D C:\Users\Gerald\AppData\Local\Songbird2 2013-10-13 10:40 - 2013-10-13 10:40 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Songbird2 2013-10-13 10:38 - 2013-10-13 10:38 - 15783080 _____ (POTI, Inc.) C:\Users\Gerald\Downloads\Songbird_2.2.0-2453_windows-i686-msvc8.exe 2013-10-12 11:27 - 2013-09-22 17:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-12 11:27 - 2013-09-22 17:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-12 11:27 - 2013-09-22 16:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-12 11:27 - 2013-09-22 16:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-12 11:27 - 2013-09-22 16:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-10-12 11:27 - 2013-09-22 16:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-12 11:27 - 2013-09-22 16:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-10-12 11:27 - 2013-09-22 16:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-12 11:27 - 2013-09-22 16:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-10-12 11:27 - 2013-09-22 16:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-12 11:27 - 2013-09-22 16:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-10-12 11:27 - 2013-09-22 16:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-12 11:27 - 2013-09-22 16:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-12 11:27 - 2013-09-22 16:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-10-12 11:27 - 2013-09-22 16:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-12 11:27 - 2013-09-22 16:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-12 11:27 - 2013-09-22 12:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-12 11:27 - 2013-09-22 12:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-12 11:27 - 2013-09-22 12:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-12 11:27 - 2013-09-22 12:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-10-12 11:27 - 2013-09-22 12:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-12 11:27 - 2013-09-22 12:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-12 11:27 - 2013-09-22 12:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-10-12 11:27 - 2013-09-22 12:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-12 11:27 - 2013-09-22 12:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-10-12 11:27 - 2013-09-22 12:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-12 11:27 - 2013-09-22 12:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-10-12 11:27 - 2013-09-22 12:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-12 11:27 - 2013-09-22 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-12 11:27 - 2013-09-22 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-12 11:27 - 2013-09-22 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-10-12 11:27 - 2013-09-22 11:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-11 13:42 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-11 13:42 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-11 13:42 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-11 13:42 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-11 13:42 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys 2013-10-11 13:42 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-10-11 13:42 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-11 13:42 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-11 13:42 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2013-10-11 13:42 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-10-11 13:42 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-11 13:42 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-11 13:42 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-11 13:42 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-11 13:42 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-11 13:42 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-11 13:42 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-10-11 13:42 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-10-11 13:42 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-10-11 13:42 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-11 13:42 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-11 13:42 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-10-11 13:42 - 2012-11-29 00:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys 2013-10-11 13:42 - 2012-11-29 00:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll 2013-10-11 13:42 - 2012-11-29 00:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2013-10-01 17:50 - 2013-10-01 17:50 - 98609570 _____ C:\Windows\SysWOW64\뾄聤œ 2013-09-26 16:33 - 2013-09-26 16:33 - 97961477 _____ C:\Windows\SysWOW64\Эﮝ聤v 2013-09-23 21:48 - 2013-09-23 21:48 - 00000000 ____D C:\Users\Gerald\Documents\Steuererklärung ==================== One Month Modified Files and Folders ======= 2013-10-17 19:16 - 2013-10-17 19:16 - 01954124 _____ (Farbar) C:\Users\Gerald\Desktop\FRST64.exe 2013-10-17 19:16 - 2013-10-17 19:16 - 00000000 ____D C:\FRST 2013-10-17 19:16 - 2013-10-17 19:11 - 00000926 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job 2013-10-17 19:16 - 2013-10-17 19:11 - 00000922 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job 2013-10-17 19:14 - 2013-10-17 19:14 - 00000474 _____ C:\Users\Gerald\Desktop\defogger_disable.log 2013-10-17 19:14 - 2013-10-17 19:14 - 00000000 _____ C:\Users\Gerald\defogger_reenable 2013-10-17 19:14 - 2010-08-19 19:33 - 00000000 ____D C:\Users\Gerald 2013-10-17 19:12 - 2013-10-17 19:12 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup 2013-10-17 19:12 - 2013-10-17 19:12 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2013-10-17 19:12 - 2013-10-13 12:54 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2013-10-17 19:12 - 2010-08-19 19:35 - 00000000 ___RD C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-10-17 19:11 - 2013-10-17 19:11 - 00003922 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA 2013-10-17 19:11 - 2013-10-17 19:11 - 00003670 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore 2013-10-17 19:11 - 2013-10-17 19:11 - 00003394 _____ C:\Windows\System32\Tasks\EPUpdater 2013-10-17 19:11 - 2013-10-17 19:11 - 00003388 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate 2013-10-17 19:11 - 2013-10-17 19:11 - 00003326 _____ C:\Windows\System32\Tasks\Advanced System Protector 2013-10-17 19:11 - 2013-10-17 19:11 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro 2013-10-17 19:11 - 2013-10-17 19:11 - 00003032 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES 2013-10-17 19:11 - 2013-10-17 19:11 - 00002876 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT 2013-10-17 19:11 - 2013-10-17 19:11 - 00000286 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job 2013-10-17 19:11 - 2013-10-17 19:11 - 00000278 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job 2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\BabSolution 2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Users\Gerald\AppData\Local\BonanzaDealsLive 2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\ProgramData\Systweak 2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\ProgramData\BonanzaDealsLive 2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\RegClean Pro 2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\Doko-Toolbar 2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive 2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector 2013-10-17 19:11 - 2013-10-13 12:53 - 00003240 _____ C:\Windows\System32\Tasks\DigitalSite 2013-10-17 19:11 - 2013-10-13 12:53 - 00000296 _____ C:\Windows\Tasks\DigitalSite.job 2013-10-17 19:11 - 2013-10-13 12:53 - 00000000 ____D C:\Program Files (x86)\Whilokii 2013-10-17 19:11 - 2012-07-08 23:02 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Systweak 2013-10-17 19:10 - 2013-10-17 19:10 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals 2013-10-17 19:10 - 2013-10-17 19:10 - 00000000 ____D C:\Program Files (x86)\OpenIt 2013-10-17 19:10 - 2013-10-13 12:53 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\DigitalSite 2013-10-17 19:10 - 2013-10-13 12:53 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-10-17 18:53 - 2010-03-31 01:26 - 02050654 _____ C:\Windows\WindowsUpdate.log 2013-10-17 18:25 - 2010-08-19 19:45 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-17 18:17 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-17 18:17 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-17 18:12 - 2009-07-14 04:34 - 00000545 _____ C:\Windows\win.ini 2013-10-17 18:09 - 2013-04-13 18:26 - 00013518 _____ C:\Windows\setupact.log 2013-10-17 18:09 - 2010-08-19 19:45 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-17 18:09 - 2010-03-31 01:30 - 00000000 ____D C:\ProgramData\NVIDIA 2013-10-17 18:09 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-14 19:02 - 2013-04-13 18:26 - 00025626 _____ C:\Windows\PFRO.log 2013-10-14 16:26 - 2013-05-31 07:04 - 00001093 _____ C:\Users\Gerald\Desktop\Rechnungsverwalter.lnk 2013-10-13 15:08 - 2013-10-13 15:08 - 00000000 ____D C:\Users\Gerald\Documents\Angelina 2013-10-13 15:08 - 2013-05-30 19:10 - 00000000 ___RD C:\Users\Gerald\Documents\LR 2013-10-13 15:06 - 2012-02-09 23:04 - 00000000 ____D C:\Users\Gerald\Documents\Texte 2013-10-13 13:08 - 2013-10-13 13:07 - 00000000 ____D C:\ProgramData\TVersity 2013-10-13 12:53 - 2010-08-19 19:38 - 00000000 ____D C:\Users\Gerald\AppData\Local\Google 2013-10-13 12:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-10-13 11:21 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries 2013-10-13 10:42 - 2013-10-13 10:40 - 00000000 ____D C:\Users\Gerald\AppData\Local\Songbird2 2013-10-13 10:40 - 2013-10-13 10:40 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Songbird2 2013-10-13 10:40 - 2010-08-19 21:51 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Mozilla 2013-10-13 10:38 - 2013-10-13 10:38 - 15783080 _____ (POTI, Inc.) C:\Users\Gerald\Downloads\Songbird_2.2.0-2453_windows-i686-msvc8.exe 2013-10-12 20:29 - 2009-07-14 06:45 - 00368512 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-12 11:30 - 2010-03-12 06:06 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-12 11:24 - 2010-03-31 11:17 - 00654166 _____ C:\Windows\system32\perfh007.dat 2013-10-12 11:24 - 2010-03-31 11:17 - 00130006 _____ C:\Windows\system32\perfc007.dat 2013-10-12 11:24 - 2009-07-14 07:13 - 01519874 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-12 11:23 - 2013-08-16 13:20 - 00000000 ____D C:\Windows\system32\MRT 2013-10-12 11:19 - 2011-03-17 17:08 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-10-07 12:01 - 2013-05-07 17:49 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-10-07 12:01 - 2013-04-15 23:09 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-10-07 12:01 - 2013-04-15 23:09 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-10-07 12:01 - 2013-04-15 23:09 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-10-01 17:50 - 2013-10-01 17:50 - 98609570 _____ C:\Windows\SysWOW64\뾄聤œ 2013-09-30 18:50 - 2013-05-10 16:49 - 00000000 ____D C:\Program Files (x86)\ElsterFormular 2013-09-30 18:48 - 2013-05-10 17:23 - 00000000 ____D C:\Users\Gerald\AppData\Local\.elfohilfe 2013-09-26 18:13 - 2013-04-13 19:16 - 00000000 ____D C:\ProgramData\Wincert 2013-09-26 16:33 - 2013-09-26 16:33 - 97961477 _____ C:\Windows\SysWOW64\Эﮝ聤v 2013-09-23 21:48 - 2013-09-23 21:48 - 00000000 ____D C:\Users\Gerald\Documents\Steuererklärung 2013-09-22 17:43 - 2013-10-12 11:27 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-22 17:01 - 2013-10-12 11:27 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-22 16:42 - 2013-10-12 11:27 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-22 16:36 - 2013-10-12 11:27 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-22 16:33 - 2013-10-12 11:27 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-09-22 16:33 - 2013-10-12 11:27 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-22 16:30 - 2013-10-12 11:27 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-09-22 16:27 - 2013-10-12 11:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-22 16:23 - 2013-10-12 11:27 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-09-22 16:22 - 2013-10-12 11:27 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-22 16:21 - 2013-10-12 11:27 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-09-22 16:19 - 2013-10-12 11:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-22 16:19 - 2013-10-12 11:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-22 16:16 - 2013-10-12 11:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-09-22 16:15 - 2013-10-12 11:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-22 16:07 - 2013-10-12 11:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-22 12:29 - 2013-10-12 11:27 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-22 12:22 - 2013-10-12 11:27 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-22 12:22 - 2013-10-12 11:27 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-22 12:14 - 2013-10-12 11:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-09-22 12:13 - 2013-10-12 11:27 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-22 12:13 - 2013-10-12 11:27 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-22 12:12 - 2013-10-12 11:27 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-09-22 12:09 - 2013-10-12 11:27 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-22 12:08 - 2013-10-12 11:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-09-22 12:07 - 2013-10-12 11:27 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-22 12:06 - 2013-10-12 11:27 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-09-22 12:05 - 2013-10-12 11:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-22 12:03 - 2013-10-12 11:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-22 12:03 - 2013-10-12 11:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-22 12:03 - 2013-10-12 11:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-09-22 11:59 - 2013-10-12 11:27 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll Some content of TEMP: ==================== C:\Users\Gerald\AppData\Local\Temp\AskSLib.dll C:\Users\Gerald\AppData\Local\Temp\avgnt.exe C:\Users\Gerald\AppData\Local\Temp\BackupSetup.exe C:\Users\Gerald\AppData\Local\Temp\uninst1.exe C:\Users\Gerald\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-13 16:04 ==================== End Of Log ============================ GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-10-17 19:36:34 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Gerald\AppData\Local\Temp\uwdiapow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff800035b6000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591 fffff800035b602f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75] .text ... * 2 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75] .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75] .text ... * 2 .text C:\Users\Gerald\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75] .text C:\Users\Gerald\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75] .text ... * 2 .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75] .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075872da4 5 bytes JMP 000000016a6f9ed4 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007588cbf3 5 bytes JMP 000000016a849186 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007588cfca 5 bytes JMP 000000016a65189b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000758acb0c 5 bytes JMP 000000016a849121 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000758ace64 5 bytes JMP 000000016a8491eb .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000758bfbd1 5 bytes JMP 000000016a8490a8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000758bfc9d 5 bytes JMP 000000016a84902f .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000758bfcd6 5 bytes JMP 000000016a848fcb .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000758bfcfa 5 bytes JMP 000000016a848f67 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075c293ec 5 bytes JMP 000000016a8493a0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007221388e 5 bytes JMP 000000016a849250 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 00000000722b7922 5 bytes JMP 000000016a8492f8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000077462694 1 byte JMP 000000016a849598 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8236] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW + 2 0000000077462696 3 bytes {JMP 0xfffffffff33e6f04} ? C:\Windows\system32\mssprxy.dll [8236] entry point in ".rdata" section 00000000733971e6 .text C:\Program Files (x86)\Whilokii\updateWhilokii.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75] .text C:\Program Files (x86)\Whilokii\updateWhilokii.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077df261d 6 bytes JMP 000000016a718054 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077e02ad3 6 bytes JMP 000000016a6b980d .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000075513475 5 bytes JMP 000000016a6b75e3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075868a29 5 bytes JMP 000000016a7203df .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007586d22e 5 bytes JMP 000000016a6c3643 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007587291f 5 bytes JMP 000000016a69ddb3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075872da4 5 bytes JMP 000000016a6f9ed4 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075876285 5 bytes JMP 000000016a717ff1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075877603 5 bytes JMP 000000016a6f25cc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 000000007587b029 5 bytes JMP 000000016a849528 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 000000007587c63e 5 bytes JMP 000000016a849560 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000758850ed 5 bytes JMP 000000016a849c22 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000075885246 5 bytes JMP 000000016a8494b8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!EndDialog 000000007588b99c 5 bytes JMP 000000016a849ef6 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007588c701 5 bytes JMP 000000016a849c4a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007588cbf3 5 bytes JMP 000000016a849186 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007588cfca 5 bytes JMP 000000016a65189b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007588eb96 5 bytes JMP 000000016a69dedd .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007588f52b 5 bytes JMP 000000016a73ed14 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!SendInput 000000007588ff4a 5 bytes JMP 000000016a84a4b9 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000758910dc 5 bytes JMP 000000016a8494f0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000758914b2 5 bytes JMP 000000016a84a511 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000758a9cfd 5 bytes JMP 000000016a84a592 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000758acb0c 5 bytes JMP 000000016a849121 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000758ace64 5 bytes JMP 000000016a8491eb .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000758bfbd1 5 bytes JMP 000000016a8490a8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000758bfc9d 5 bytes JMP 000000016a84902f .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000758bfcd6 5 bytes JMP 000000016a848fcb .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000758bfcfa 5 bytes JMP 000000016a848f67 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758c02bf 5 bytes JMP 000000016a84a476 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075e86143 5 bytes JMP 000000016a849954 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075bc3e59 5 bytes JMP 000000016a849a4c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075bc3eae 5 bytes JMP 000000016a849aca .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075bc4731 5 bytes JMP 000000016a8499be .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075bc5dee 5 bytes JMP 000000016a849a6a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075c293ec 5 bytes JMP 000000016a8493a0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007221388e 5 bytes JMP 000000016a849250 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 00000000722b7922 5 bytes JMP 000000016a8492f8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000774533a3 5 bytes JMP 000000016a84963c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000077462694 1 byte JMP 000000016a849598 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW + 2 0000000077462696 3 bytes {JMP 0xfffffffff33e6f04} .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5336] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 000000007746e8ff 5 bytes JMP 000000016a849708 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077df261d 6 bytes JMP 000000016a718054 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077e02ad3 6 bytes JMP 000000016a6b980d .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000075513475 5 bytes JMP 000000016a6b75e3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075868a29 5 bytes JMP 000000016a7203df .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007586d22e 5 bytes JMP 000000016a6c3643 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007587291f 5 bytes JMP 000000016a69ddb3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075872da4 5 bytes JMP 000000016a6f9ed4 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075876285 5 bytes JMP 000000016a717ff1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075877603 5 bytes JMP 000000016a6f25cc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 000000007587b029 5 bytes JMP 000000016a849528 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 000000007587c63e 5 bytes JMP 000000016a849560 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000758850ed 5 bytes JMP 000000016a849c22 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000075885246 5 bytes JMP 000000016a8494b8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!EndDialog 000000007588b99c 5 bytes JMP 000000016a849ef6 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007588c701 5 bytes JMP 000000016a849c4a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007588cbf3 5 bytes JMP 000000016a849186 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007588cfca 5 bytes JMP 000000016a65189b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007588eb96 5 bytes JMP 000000016a69dedd .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007588f52b 5 bytes JMP 000000016a73ed14 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!SendInput 000000007588ff4a 5 bytes JMP 000000016a84a4b9 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000758910dc 5 bytes JMP 000000016a8494f0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000758914b2 5 bytes JMP 000000016a84a511 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000758a9cfd 5 bytes JMP 000000016a84a592 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000758acb0c 5 bytes JMP 000000016a849121 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000758ace64 5 bytes JMP 000000016a8491eb .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000758bfbd1 5 bytes JMP 000000016a8490a8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000758bfc9d 5 bytes JMP 000000016a84902f .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000758bfcd6 5 bytes JMP 000000016a848fcb .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000758bfcfa 5 bytes JMP 000000016a848f67 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758c02bf 5 bytes JMP 000000016a84a476 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075e86143 5 bytes JMP 000000016a849954 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075bc3e59 5 bytes JMP 000000016a849a4c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075bc3eae 5 bytes JMP 000000016a849aca .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075bc4731 5 bytes JMP 000000016a8499be .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075bc5dee 5 bytes JMP 000000016a849a6a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075c293ec 5 bytes JMP 000000016a8493a0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007221388e 5 bytes JMP 000000016a849250 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 00000000722b7922 5 bytes JMP 000000016a8492f8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000774533a3 5 bytes JMP 000000016a84963c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000077462694 1 byte JMP 000000016a849598 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW + 2 0000000077462696 3 bytes {JMP 0xfffffffff33e6f04} .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8144] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 000000007746e8ff 5 bytes JMP 000000016a849708 .text C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe[6536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75] .text C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe[6536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75] .text ... * 2 ---- EOF - GMER 2.1 ---- |
|
17.10.2013, 19:01
| #2 |
| | Jede Woche min. ein Fund bei MalwareFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Gerald (administrator) on GERALD-PC on 17-10-2013 19:17:10
Running from C:\Users\Gerald\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\Gerald\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe
(Whilokii) C:\Program Files (x86)\Whilokii\updateWhilokii.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-02-05] (Alcor Micro Corp.)
HKLM\...\Run: [ODDPwr] - C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [222240 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2046760 2010-02-05] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-03-10] (Acer Incorporated)
HKLM-x32\...\Runonce: [Del3722417] - cmd.exe /Q /D /c del "C:\Users\Gerald\AppData\Local\Temp\0.del" [x]
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Gerald\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-05-02] ()
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-12] (Google Inc.)
HKCU\...\Run: [HP Officejet 4620 series (NET)] - C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2548072 2011-12-18] (Hewlett-Packard Co.)
HKCU\...\Runonce: [Del3722417] - cmd.exe /Q /D /c del "C:\Users\Gerald\AppData\Local\Temp\0.del"
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1289296 2010-02-25] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-03-02] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
Startup: C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Doko Search
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C8E0F67BCB599596&affID=125836&tsp=5038
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C8E0F67BCB599596&affID=125836&tsp=5038
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Whilokii - {204df522-9a96-4a72-abb0-60f7a216d6d2} - C:\Program Files (x86)\Whilokii\Whilokiibho.dll (Whilokii)
BHO-x32: dokotoolbar Helper Object - {3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82} - C:\Program Files (x86)\Doko-Toolbar\dokotoolbar\1.8.26.9\bh\dokotoolbar.dll (Doko-Toolbar)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - dokotoolbar Toolbar - {339E1B37-76D3-4A64-A988-E81425DF831C} - C:\Program Files (x86)\Doko-Toolbar\dokotoolbar\1.8.26.9\dokotoolbarTlbr.dll (Doko-Toolbar)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (BonanzaDeals) - C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0
CHR HKLM-x32\...\Chrome\Extension: [edcikfknpchdehdlmjpbofgkoaonaijg] - C:\Users\Gerald\AppData\Roaming\BabSolution\CR\Doko.crx
==================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-20] (Just Develop It)
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-17] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-17] (BonanzaDeals)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-03-10] (Acer Incorporated)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-02-05] (Acer Incorporated)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()
R2 Update Whilokii; C:\Program Files (x86)\Whilokii\updateWhilokii.exe [65304 2013-10-05] (Whilokii)
S2 SeaPort; "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 nmwcdcx64; system32\drivers\ccdcmbox64.sys [x]
S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [x]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltx64j.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-17 19:16 - 2013-10-17 19:16 - 01954124 _____ (Farbar) C:\Users\Gerald\Desktop\FRST64.exe
2013-10-17 19:16 - 2013-10-17 19:16 - 00000000 ____D C:\FRST
2013-10-17 19:14 - 2013-10-17 19:14 - 00000474 _____ C:\Users\Gerald\Desktop\defogger_disable.log
2013-10-17 19:14 - 2013-10-17 19:14 - 00000000 _____ C:\Users\Gerald\defogger_reenable
2013-10-17 19:12 - 2013-10-17 19:12 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-10-17 19:12 - 2013-10-17 19:12 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-10-17 19:11 - 2013-10-17 19:16 - 00000926 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-10-17 19:11 - 2013-10-17 19:16 - 00000922 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-10-17 19:11 - 2013-10-17 19:11 - 00003922 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
2013-10-17 19:11 - 2013-10-17 19:11 - 00003670 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
2013-10-17 19:11 - 2013-10-17 19:11 - 00003394 _____ C:\Windows\System32\Tasks\EPUpdater
2013-10-17 19:11 - 2013-10-17 19:11 - 00003388 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate
2013-10-17 19:11 - 2013-10-17 19:11 - 00003326 _____ C:\Windows\System32\Tasks\Advanced System Protector
2013-10-17 19:11 - 2013-10-17 19:11 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-10-17 19:11 - 2013-10-17 19:11 - 00003032 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2013-10-17 19:11 - 2013-10-17 19:11 - 00002876 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2013-10-17 19:11 - 2013-10-17 19:11 - 00000286 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-10-17 19:11 - 2013-10-17 19:11 - 00000278 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\BabSolution
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Users\Gerald\AppData\Local\BonanzaDealsLive
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\ProgramData\Systweak
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\Doko-Toolbar
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-10-17 19:11 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2013-10-17 19:10 - 2013-10-17 19:10 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-10-17 19:10 - 2013-10-17 19:10 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-10-13 15:08 - 2013-10-13 15:08 - 00000000 ____D C:\Users\Gerald\Documents\Angelina
2013-10-13 13:07 - 2013-10-13 13:08 - 00000000 ____D C:\ProgramData\TVersity
2013-10-13 12:54 - 2013-10-17 19:12 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-13 12:53 - 2013-10-17 19:11 - 00003240 _____ C:\Windows\System32\Tasks\DigitalSite
2013-10-13 12:53 - 2013-10-17 19:11 - 00000296 _____ C:\Windows\Tasks\DigitalSite.job
2013-10-13 12:53 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\Whilokii
2013-10-13 12:53 - 2013-10-17 19:10 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\DigitalSite
2013-10-13 12:53 - 2013-10-17 19:10 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-10-13 10:40 - 2013-10-13 10:42 - 00000000 ____D C:\Users\Gerald\AppData\Local\Songbird2
2013-10-13 10:40 - 2013-10-13 10:40 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Songbird2
2013-10-13 10:38 - 2013-10-13 10:38 - 15783080 _____ (POTI, Inc.) C:\Users\Gerald\Downloads\Songbird_2.2.0-2453_windows-i686-msvc8.exe
2013-10-12 11:27 - 2013-09-22 17:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-12 11:27 - 2013-09-22 17:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-12 11:27 - 2013-09-22 16:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-12 11:27 - 2013-09-22 16:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-12 11:27 - 2013-09-22 16:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-12 11:27 - 2013-09-22 16:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-12 11:27 - 2013-09-22 16:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-12 11:27 - 2013-09-22 16:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-12 11:27 - 2013-09-22 16:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-12 11:27 - 2013-09-22 16:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-12 11:27 - 2013-09-22 16:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-12 11:27 - 2013-09-22 16:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-12 11:27 - 2013-09-22 16:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-12 11:27 - 2013-09-22 16:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-12 11:27 - 2013-09-22 16:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-12 11:27 - 2013-09-22 16:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-12 11:27 - 2013-09-22 12:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-12 11:27 - 2013-09-22 12:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-12 11:27 - 2013-09-22 12:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-12 11:27 - 2013-09-22 12:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-12 11:27 - 2013-09-22 12:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-12 11:27 - 2013-09-22 12:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-12 11:27 - 2013-09-22 12:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-12 11:27 - 2013-09-22 12:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-12 11:27 - 2013-09-22 12:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-12 11:27 - 2013-09-22 12:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-12 11:27 - 2013-09-22 12:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-12 11:27 - 2013-09-22 12:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-12 11:27 - 2013-09-22 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-12 11:27 - 2013-09-22 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-12 11:27 - 2013-09-22 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-12 11:27 - 2013-09-22 11:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 13:42 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 13:42 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 13:42 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 13:42 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 13:42 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-11 13:42 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 13:42 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 13:42 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 13:42 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-11 13:42 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 13:42 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 13:42 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 13:42 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 13:42 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 13:42 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 13:42 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 13:42 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-11 13:42 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-11 13:42 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-11 13:42 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 13:42 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-11 13:42 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-11 13:42 - 2012-11-29 00:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-11 13:42 - 2012-11-29 00:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-10-11 13:42 - 2012-11-29 00:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-01 17:50 - 2013-10-01 17:50 - 98609570 _____ C:\Windows\SysWOW64\뾄聤œ
2013-09-26 16:33 - 2013-09-26 16:33 - 97961477 _____ C:\Windows\SysWOW64\Эﮝ聤v
2013-09-23 21:48 - 2013-09-23 21:48 - 00000000 ____D C:\Users\Gerald\Documents\Steuererklärung
==================== One Month Modified Files and Folders =======
2013-10-17 19:16 - 2013-10-17 19:16 - 01954124 _____ (Farbar) C:\Users\Gerald\Desktop\FRST64.exe
2013-10-17 19:16 - 2013-10-17 19:16 - 00000000 ____D C:\FRST
2013-10-17 19:16 - 2013-10-17 19:11 - 00000926 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-10-17 19:16 - 2013-10-17 19:11 - 00000922 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-10-17 19:14 - 2013-10-17 19:14 - 00000474 _____ C:\Users\Gerald\Desktop\defogger_disable.log
2013-10-17 19:14 - 2013-10-17 19:14 - 00000000 _____ C:\Users\Gerald\defogger_reenable
2013-10-17 19:14 - 2010-08-19 19:33 - 00000000 ____D C:\Users\Gerald
2013-10-17 19:12 - 2013-10-17 19:12 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-10-17 19:12 - 2013-10-17 19:12 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-10-17 19:12 - 2013-10-13 12:54 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-17 19:12 - 2010-08-19 19:35 - 00000000 ___RD C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-17 19:11 - 2013-10-17 19:11 - 00003922 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
2013-10-17 19:11 - 2013-10-17 19:11 - 00003670 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
2013-10-17 19:11 - 2013-10-17 19:11 - 00003394 _____ C:\Windows\System32\Tasks\EPUpdater
2013-10-17 19:11 - 2013-10-17 19:11 - 00003388 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate
2013-10-17 19:11 - 2013-10-17 19:11 - 00003326 _____ C:\Windows\System32\Tasks\Advanced System Protector
2013-10-17 19:11 - 2013-10-17 19:11 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-10-17 19:11 - 2013-10-17 19:11 - 00003032 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2013-10-17 19:11 - 2013-10-17 19:11 - 00002876 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2013-10-17 19:11 - 2013-10-17 19:11 - 00000286 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-10-17 19:11 - 2013-10-17 19:11 - 00000278 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\BabSolution
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Users\Gerald\AppData\Local\BonanzaDealsLive
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\ProgramData\Systweak
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\Doko-Toolbar
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-10-17 19:11 - 2013-10-17 19:11 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-10-17 19:11 - 2013-10-13 12:53 - 00003240 _____ C:\Windows\System32\Tasks\DigitalSite
2013-10-17 19:11 - 2013-10-13 12:53 - 00000296 _____ C:\Windows\Tasks\DigitalSite.job
2013-10-17 19:11 - 2013-10-13 12:53 - 00000000 ____D C:\Program Files (x86)\Whilokii
2013-10-17 19:11 - 2012-07-08 23:02 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Systweak
2013-10-17 19:10 - 2013-10-17 19:10 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-10-17 19:10 - 2013-10-17 19:10 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-10-17 19:10 - 2013-10-13 12:53 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\DigitalSite
2013-10-17 19:10 - 2013-10-13 12:53 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-10-17 18:53 - 2010-03-31 01:26 - 02050654 _____ C:\Windows\WindowsUpdate.log
2013-10-17 18:25 - 2010-08-19 19:45 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-17 18:17 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-17 18:17 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-17 18:12 - 2009-07-14 04:34 - 00000545 _____ C:\Windows\win.ini
2013-10-17 18:09 - 2013-04-13 18:26 - 00013518 _____ C:\Windows\setupact.log
2013-10-17 18:09 - 2010-08-19 19:45 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-17 18:09 - 2010-03-31 01:30 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-17 18:09 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-14 19:02 - 2013-04-13 18:26 - 00025626 _____ C:\Windows\PFRO.log
2013-10-14 16:26 - 2013-05-31 07:04 - 00001093 _____ C:\Users\Gerald\Desktop\Rechnungsverwalter.lnk
2013-10-13 15:08 - 2013-10-13 15:08 - 00000000 ____D C:\Users\Gerald\Documents\Angelina
2013-10-13 15:08 - 2013-05-30 19:10 - 00000000 ___RD C:\Users\Gerald\Documents\LR
2013-10-13 15:06 - 2012-02-09 23:04 - 00000000 ____D C:\Users\Gerald\Documents\Texte
2013-10-13 13:08 - 2013-10-13 13:07 - 00000000 ____D C:\ProgramData\TVersity
2013-10-13 12:53 - 2010-08-19 19:38 - 00000000 ____D C:\Users\Gerald\AppData\Local\Google
2013-10-13 12:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-13 11:21 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-10-13 10:42 - 2013-10-13 10:40 - 00000000 ____D C:\Users\Gerald\AppData\Local\Songbird2
2013-10-13 10:40 - 2013-10-13 10:40 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Songbird2
2013-10-13 10:40 - 2010-08-19 21:51 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Mozilla
2013-10-13 10:38 - 2013-10-13 10:38 - 15783080 _____ (POTI, Inc.) C:\Users\Gerald\Downloads\Songbird_2.2.0-2453_windows-i686-msvc8.exe
2013-10-12 20:29 - 2009-07-14 06:45 - 00368512 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-12 11:30 - 2010-03-12 06:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-12 11:24 - 2010-03-31 11:17 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-10-12 11:24 - 2010-03-31 11:17 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-10-12 11:24 - 2009-07-14 07:13 - 01519874 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-12 11:23 - 2013-08-16 13:20 - 00000000 ____D C:\Windows\system32\MRT
2013-10-12 11:19 - 2011-03-17 17:08 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-07 12:01 - 2013-05-07 17:49 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-07 12:01 - 2013-04-15 23:09 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-07 12:01 - 2013-04-15 23:09 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-07 12:01 - 2013-04-15 23:09 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-01 17:50 - 2013-10-01 17:50 - 98609570 _____ C:\Windows\SysWOW64\뾄聤œ
2013-09-30 18:50 - 2013-05-10 16:49 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2013-09-30 18:48 - 2013-05-10 17:23 - 00000000 ____D C:\Users\Gerald\AppData\Local\.elfohilfe
2013-09-26 18:13 - 2013-04-13 19:16 - 00000000 ____D C:\ProgramData\Wincert
2013-09-26 16:33 - 2013-09-26 16:33 - 97961477 _____ C:\Windows\SysWOW64\Эﮝ聤v
2013-09-23 21:48 - 2013-09-23 21:48 - 00000000 ____D C:\Users\Gerald\Documents\Steuererklärung
2013-09-22 17:43 - 2013-10-12 11:27 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 17:01 - 2013-10-12 11:27 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-22 16:42 - 2013-10-12 11:27 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-22 16:36 - 2013-10-12 11:27 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-22 16:33 - 2013-10-12 11:27 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-22 16:33 - 2013-10-12 11:27 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-22 16:30 - 2013-10-12 11:27 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-22 16:27 - 2013-10-12 11:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-22 16:23 - 2013-10-12 11:27 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-22 16:22 - 2013-10-12 11:27 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-22 16:21 - 2013-10-12 11:27 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-22 16:19 - 2013-10-12 11:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-22 16:19 - 2013-10-12 11:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 16:16 - 2013-10-12 11:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-22 16:15 - 2013-10-12 11:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-22 16:07 - 2013-10-12 11:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-22 12:29 - 2013-10-12 11:27 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-22 12:22 - 2013-10-12 11:27 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-22 12:22 - 2013-10-12 11:27 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-22 12:14 - 2013-10-12 11:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-22 12:13 - 2013-10-12 11:27 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-22 12:13 - 2013-10-12 11:27 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-22 12:12 - 2013-10-12 11:27 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-22 12:09 - 2013-10-12 11:27 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-22 12:08 - 2013-10-12 11:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-22 12:07 - 2013-10-12 11:27 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-22 12:06 - 2013-10-12 11:27 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-22 12:05 - 2013-10-12 11:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-22 12:03 - 2013-10-12 11:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-22 12:03 - 2013-10-12 11:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-22 12:03 - 2013-10-12 11:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-22 11:59 - 2013-10-12 11:27 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
Some content of TEMP:
====================
C:\Users\Gerald\AppData\Local\Temp\AskSLib.dll
C:\Users\Gerald\AppData\Local\Temp\avgnt.exe
C:\Users\Gerald\AppData\Local\Temp\BackupSetup.exe
C:\Users\Gerald\AppData\Local\Temp\uninst1.exe
C:\Users\Gerald\AppData\Local\Temp\vcredist_x64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-13 16:04
==================== End Of Log ============================
|
|
17.10.2013, 19:54
| #3 | |
| /// TB-Ausbilder   | Jede Woche min. ein Fund bei Malware Hallo,
__________________Zitat:
Schritt 1
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ |
|
17.10.2013, 20:18
| #4 |
| | Jede Woche min. ein Fund bei Malware AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.008 - Bericht erstellt am 17/10/2013 um 21:06:18
# Updated 17/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Gerald - GERALD-PC
# Gestartet von : C:\Users\Gerald\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\ProgramData\Uniblue\DriverScanner
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files (x86)\jZip
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Gerald\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\Gerald\AppData\Local\jZip
Ordner Gelöscht : C:\Users\Gerald\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Gerald\AppData\LocalLow\jziptoolbargaw
Ordner Gelöscht : C:\Users\Gerald\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Gerald\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\Gerald\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\Gerald\AppData\Roaming\Systweak
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
Datei Gelöscht : C:\Windows\Tasks\digitalsite.job
Datei Gelöscht : C:\Windows\System32\Tasks\digitalsite
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\8e8bd9b03cba12
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_ashampoo-clipfinder-hd_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_ashampoo-clipfinder-hd_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mcafee-labs-stinger_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mcafee-labs-stinger_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ABE12CA-E995-4AB4-9A4E-EF8820A20182}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\jZip
Schlüssel Gelöscht : HKCU\Software\jziptoolbargaw
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\jZip
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16514
*************************
AdwCleaner[R0].txt - [5359 octets] - [17/10/2013 21:03:22]
AdwCleaner[S0].txt - [4714 octets] - [17/10/2013 21:06:18]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4774 octets] ##########
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Gerald (administrator) on GERALD-PC on 17-10-2013 21:11:05
Running from C:\Users\Gerald\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Users\Gerald\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-02-05] (Alcor Micro Corp.)
HKLM\...\Run: [ODDPwr] - C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [222240 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2046760 2010-02-05] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-03-10] (Acer Incorporated)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Gerald\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-05-02] ()
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-12] (Google Inc.)
HKCU\...\Run: [HP Officejet 4620 series (NET)] - C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2548072 2011-12-18] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1289296 2010-02-25] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-03-02] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-03-10] (Acer Incorporated)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-02-05] (Acer Incorporated)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()
S2 SeaPort; "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 nmwcdcx64; system32\drivers\ccdcmbox64.sys [x]
S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [x]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltx64j.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-17 21:02 - 2013-10-17 21:06 - 00000000 ____D C:\AdwCleaner
2013-10-17 21:02 - 2013-10-17 21:02 - 01050644 _____ C:\Users\Gerald\Desktop\adwcleaner.exe
2013-10-17 20:10 - 2013-10-17 20:10 - 00000098 _____ C:\Users\Gerald\AppData\Roaming\WB.CFG
2013-10-17 20:10 - 2013-10-17 20:10 - 00000006 _____ C:\Users\Gerald\AppData\Roaming\WBPU-TTL.DAT
2013-10-17 19:55 - 2013-10-17 19:55 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-10-17 19:45 - 2013-10-17 19:46 - 00292288 _____ C:\Windows\Minidump\101713-37596-01.dmp
2013-10-17 19:36 - 2013-10-17 19:36 - 00034688 _____ C:\Users\Gerald\Desktop\gmer.log
2013-10-17 19:18 - 2013-10-17 19:19 - 00028968 _____ C:\Users\Gerald\Desktop\Addition.txt
2013-10-17 19:16 - 2013-10-17 19:16 - 01954124 _____ (Farbar) C:\Users\Gerald\Desktop\FRST64.exe
2013-10-17 19:16 - 2013-10-17 19:16 - 00000000 ____D C:\FRST
2013-10-17 19:14 - 2013-10-17 19:14 - 00000474 _____ C:\Users\Gerald\Desktop\defogger_disable.log
2013-10-17 19:14 - 2013-10-17 19:14 - 00000000 _____ C:\Users\Gerald\defogger_reenable
2013-10-13 15:08 - 2013-10-13 15:08 - 00000000 ____D C:\Users\Gerald\Documents\Angelina
2013-10-13 13:07 - 2013-10-13 13:08 - 00000000 ____D C:\ProgramData\TVersity
2013-10-13 10:40 - 2013-10-13 10:42 - 00000000 ____D C:\Users\Gerald\AppData\Local\Songbird2
2013-10-13 10:40 - 2013-10-13 10:40 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Songbird2
2013-10-13 10:38 - 2013-10-13 10:38 - 15783080 _____ (POTI, Inc.) C:\Users\Gerald\Downloads\Songbird_2.2.0-2453_windows-i686-msvc8.exe
2013-10-12 11:27 - 2013-09-22 17:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-12 11:27 - 2013-09-22 17:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-12 11:27 - 2013-09-22 16:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-12 11:27 - 2013-09-22 16:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-12 11:27 - 2013-09-22 16:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-12 11:27 - 2013-09-22 16:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-12 11:27 - 2013-09-22 16:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-12 11:27 - 2013-09-22 16:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-12 11:27 - 2013-09-22 16:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-12 11:27 - 2013-09-22 16:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-12 11:27 - 2013-09-22 16:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-12 11:27 - 2013-09-22 16:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-12 11:27 - 2013-09-22 16:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-12 11:27 - 2013-09-22 16:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-12 11:27 - 2013-09-22 16:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-12 11:27 - 2013-09-22 16:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-12 11:27 - 2013-09-22 12:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-12 11:27 - 2013-09-22 12:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-12 11:27 - 2013-09-22 12:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-12 11:27 - 2013-09-22 12:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-12 11:27 - 2013-09-22 12:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-12 11:27 - 2013-09-22 12:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-12 11:27 - 2013-09-22 12:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-12 11:27 - 2013-09-22 12:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-12 11:27 - 2013-09-22 12:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-12 11:27 - 2013-09-22 12:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-12 11:27 - 2013-09-22 12:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-12 11:27 - 2013-09-22 12:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-12 11:27 - 2013-09-22 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-12 11:27 - 2013-09-22 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-12 11:27 - 2013-09-22 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-12 11:27 - 2013-09-22 11:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 13:42 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 13:42 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 13:42 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 13:42 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 13:42 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-11 13:42 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 13:42 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 13:42 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 13:42 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-11 13:42 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 13:42 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 13:42 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 13:42 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 13:42 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 13:42 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 13:42 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 13:42 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-11 13:42 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-11 13:42 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-11 13:42 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 13:42 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-11 13:42 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-11 13:42 - 2012-11-29 00:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-11 13:42 - 2012-11-29 00:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-10-11 13:42 - 2012-11-29 00:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-01 17:50 - 2013-10-01 17:50 - 98609570 _____ C:\Windows\SysWOW64\뾄聤œ
2013-09-26 16:33 - 2013-09-26 16:33 - 97961477 _____ C:\Windows\SysWOW64\Эﮝ聤v
2013-09-23 21:48 - 2013-09-23 21:48 - 00000000 ____D C:\Users\Gerald\Documents\Steuererklärung
==================== One Month Modified Files and Folders =======
2013-10-17 21:10 - 2009-07-14 04:34 - 00000545 _____ C:\Windows\win.ini
2013-10-17 21:07 - 2013-04-13 18:26 - 00013686 _____ C:\Windows\setupact.log
2013-10-17 21:07 - 2010-08-19 19:45 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-17 21:07 - 2010-03-31 01:30 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-17 21:07 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-17 21:06 - 2013-10-17 21:02 - 00000000 ____D C:\AdwCleaner
2013-10-17 21:06 - 2013-03-31 21:05 - 00000000 ____D C:\ProgramData\Uniblue
2013-10-17 21:06 - 2010-03-31 01:26 - 02074338 _____ C:\Windows\WindowsUpdate.log
2013-10-17 21:06 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-17 21:06 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-17 21:02 - 2013-10-17 21:02 - 01050644 _____ C:\Users\Gerald\Desktop\adwcleaner.exe
2013-10-17 20:59 - 2013-04-13 18:26 - 00026900 _____ C:\Windows\PFRO.log
2013-10-17 20:25 - 2010-08-19 19:45 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-17 20:10 - 2013-10-17 20:10 - 00000098 _____ C:\Users\Gerald\AppData\Roaming\WB.CFG
2013-10-17 20:10 - 2013-10-17 20:10 - 00000006 _____ C:\Users\Gerald\AppData\Roaming\WBPU-TTL.DAT
2013-10-17 20:04 - 2010-08-19 19:35 - 00000000 ___RD C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-17 19:55 - 2013-10-17 19:55 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-10-17 19:46 - 2013-10-17 19:45 - 00292288 _____ C:\Windows\Minidump\101713-37596-01.dmp
2013-10-17 19:45 - 2013-08-15 20:43 - 541789891 _____ C:\Windows\MEMORY.DMP
2013-10-17 19:45 - 2010-11-17 12:54 - 00000000 ____D C:\Windows\Minidump
2013-10-17 19:36 - 2013-10-17 19:36 - 00034688 _____ C:\Users\Gerald\Desktop\gmer.log
2013-10-17 19:19 - 2013-10-17 19:18 - 00028968 _____ C:\Users\Gerald\Desktop\Addition.txt
2013-10-17 19:16 - 2013-10-17 19:16 - 01954124 _____ (Farbar) C:\Users\Gerald\Desktop\FRST64.exe
2013-10-17 19:16 - 2013-10-17 19:16 - 00000000 ____D C:\FRST
2013-10-17 19:14 - 2013-10-17 19:14 - 00000474 _____ C:\Users\Gerald\Desktop\defogger_disable.log
2013-10-17 19:14 - 2013-10-17 19:14 - 00000000 _____ C:\Users\Gerald\defogger_reenable
2013-10-17 19:14 - 2010-08-19 19:33 - 00000000 ____D C:\Users\Gerald
2013-10-14 16:26 - 2013-05-31 07:04 - 00001093 _____ C:\Users\Gerald\Desktop\Rechnungsverwalter.lnk
2013-10-13 15:08 - 2013-10-13 15:08 - 00000000 ____D C:\Users\Gerald\Documents\Angelina
2013-10-13 15:08 - 2013-05-30 19:10 - 00000000 ___RD C:\Users\Gerald\Documents\LR
2013-10-13 15:06 - 2012-02-09 23:04 - 00000000 ____D C:\Users\Gerald\Documents\Texte
2013-10-13 13:08 - 2013-10-13 13:07 - 00000000 ____D C:\ProgramData\TVersity
2013-10-13 12:53 - 2010-08-19 19:38 - 00000000 ____D C:\Users\Gerald\AppData\Local\Google
2013-10-13 12:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-13 11:21 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-10-13 10:42 - 2013-10-13 10:40 - 00000000 ____D C:\Users\Gerald\AppData\Local\Songbird2
2013-10-13 10:40 - 2013-10-13 10:40 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Songbird2
2013-10-13 10:40 - 2010-08-19 21:51 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Mozilla
2013-10-13 10:38 - 2013-10-13 10:38 - 15783080 _____ (POTI, Inc.) C:\Users\Gerald\Downloads\Songbird_2.2.0-2453_windows-i686-msvc8.exe
2013-10-12 20:29 - 2009-07-14 06:45 - 00368512 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-12 11:30 - 2010-03-12 06:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-12 11:24 - 2010-03-31 11:17 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-10-12 11:24 - 2010-03-31 11:17 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-10-12 11:24 - 2009-07-14 07:13 - 01519874 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-12 11:23 - 2013-08-16 13:20 - 00000000 ____D C:\Windows\system32\MRT
2013-10-12 11:19 - 2011-03-17 17:08 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-07 12:01 - 2013-05-07 17:49 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-07 12:01 - 2013-04-15 23:09 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-07 12:01 - 2013-04-15 23:09 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-07 12:01 - 2013-04-15 23:09 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-01 17:50 - 2013-10-01 17:50 - 98609570 _____ C:\Windows\SysWOW64\뾄聤œ
2013-09-30 18:50 - 2013-05-10 16:49 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2013-09-30 18:48 - 2013-05-10 17:23 - 00000000 ____D C:\Users\Gerald\AppData\Local\.elfohilfe
2013-09-26 18:13 - 2013-04-13 19:16 - 00000000 ____D C:\ProgramData\Wincert
2013-09-26 16:33 - 2013-09-26 16:33 - 97961477 _____ C:\Windows\SysWOW64\Эﮝ聤v
2013-09-23 21:48 - 2013-09-23 21:48 - 00000000 ____D C:\Users\Gerald\Documents\Steuererklärung
2013-09-22 17:43 - 2013-10-12 11:27 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 17:01 - 2013-10-12 11:27 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-22 16:42 - 2013-10-12 11:27 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-22 16:36 - 2013-10-12 11:27 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-22 16:33 - 2013-10-12 11:27 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-22 16:33 - 2013-10-12 11:27 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-22 16:30 - 2013-10-12 11:27 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-22 16:27 - 2013-10-12 11:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-22 16:23 - 2013-10-12 11:27 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-22 16:22 - 2013-10-12 11:27 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-22 16:21 - 2013-10-12 11:27 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-22 16:19 - 2013-10-12 11:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-22 16:19 - 2013-10-12 11:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 16:16 - 2013-10-12 11:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-22 16:15 - 2013-10-12 11:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-22 16:07 - 2013-10-12 11:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-22 12:29 - 2013-10-12 11:27 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-22 12:22 - 2013-10-12 11:27 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-22 12:22 - 2013-10-12 11:27 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-22 12:14 - 2013-10-12 11:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-22 12:13 - 2013-10-12 11:27 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-22 12:13 - 2013-10-12 11:27 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-22 12:12 - 2013-10-12 11:27 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-22 12:09 - 2013-10-12 11:27 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-22 12:08 - 2013-10-12 11:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-22 12:07 - 2013-10-12 11:27 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-22 12:06 - 2013-10-12 11:27 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-22 12:05 - 2013-10-12 11:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-22 12:03 - 2013-10-12 11:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-22 12:03 - 2013-10-12 11:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-22 12:03 - 2013-10-12 11:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-22 11:59 - 2013-10-12 11:27 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
Some content of TEMP:
====================
C:\Users\Gerald\AppData\Local\Temp\AskSLib.dll
C:\Users\Gerald\AppData\Local\Temp\avgnt.exe
C:\Users\Gerald\AppData\Local\Temp\BackupSetup.exe
C:\Users\Gerald\AppData\Local\Temp\Quarantine.exe
C:\Users\Gerald\AppData\Local\Temp\uninst1.exe
C:\Users\Gerald\AppData\Local\Temp\vcredist_x64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-13 16:04
==================== End Of Log ============================
--- --- --- Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.10.14.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Gerald :: GERALD-PC [Administrator] 14.10.2013 17:03:39 mbam-log-2013-10-14 (17-03-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 397773 Laufzeit: 1 Stunde(n), 24 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 5 HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0A1M1S1N1H2Q1H0B1O1O -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 8 C:\Users\Gerald\AppData\Roaming\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BonanzaDealsLive\Update (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BonanzaDealsLive\Update\Log (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gerald\AppData\Local\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gerald\AppData\Local\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 8 C:\Users\Gerald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4U9NP2J\Allin1Convert.exe (PUP.Optional.FunWebProducts.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gerald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4Z3UJ4J\ZipExtractorSetup.exe (PUP.Optional.Installcore) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gerald\AppData\Local\Temp\is1590112554\16607019_stp\wajam_validate.exe (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gerald\AppData\Local\Temp\is1590112554\16607281_stp\rcpsetup_adppi_adppi.exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gerald\AppData\Local\Temp\is1590112554\16607472_stp\bd.exe (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gerald\AppData\Roaming\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gerald\AppData\Roaming\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.09.26.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Gerald :: GERALD-PC [Administrator] 26.09.2013 16:48:43 mbam-log-2013-09-26 (16-48-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 385927 Laufzeit: 1 Stunde(n), 21 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 5 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Systweak\RegClean Pro (PUP.Optional.RegCleanerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 5 C:\Users\Gerald\AppData\Local\Temp\Iminent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gerald\AppData\Local\Temp\Iminent\Log (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gerald\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gerald\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gerald\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.21.5 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 4 C:\ProgramData\Wincert\win32cert.dll (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Wincert\win64cert.dll (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Wincert\win32prop.dll (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Wincert\win64prop.dll (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.08.02.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Gerald :: GERALD-PC [Administrator] 02.08.2013 15:41:53 mbam-log-2013-08-02 (15-41-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 402251 Laufzeit: 3 Stunde(n), 57 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\Gerald\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 2 C:\Users\Gerald\AppData\Local\Temp\0BB4DC02-BAB0-7891-BD91-7F774E8D2C0E\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gerald\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
17.10.2013, 20:24
| #5 |
| /// TB-Ausbilder | Jede Woche min. ein Fund bei Malware Ja da ist immer mal wieder etwas Adware-Mist aufgetaucht... Ist jetzt nach dem AdwCleaner-Durchlauf wieder alles in Ordnung?
__________________ cheers, Leo |
|
17.10.2013, 20:26
| #6 |
| | Jede Woche min. ein Fund bei Malware Der Laptop brauch ganz schön lange zum hochfahren. Der Aussetzer im Bild war vorhin zum ersten Mal. Ansonsten bin ich soweit zu frieden. |
|
22.10.2013, 20:52
| #7 |
| /// TB-Ausbilder | Jede Woche min. ein Fund bei Malware Alles klar. Und ansonsten melde dich nochmals, wenn es noch was zu tun gibt. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
