Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 8 64, keine Tastatur mehr

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.12.2013, 19:44   #1
7hine
 
Windows 8 64, keine Tastatur mehr - Standard

Windows 8 64, keine Tastatur mehr



hallo.
ich habe z.Zt. nur ne virtuelle Tastatur. Bitte seht mir die Typos nach
Wie kam es dazu ?

Ich musste neu booten weil es auf meinem acer NB keinen freien arbeitsspeicher mehr gab...
zunächst fiel mir nach dem dabei erfolgten windows update auf, das ACDeamon (arcsoft client)mit 0xc0000022 nicht startete.
Zuvor wunderte ich nich, warum die FFnightly updates nicht funktionierten.
bitkeeper free sagte nichts.
Beunruhigt hat mich dann, das auch zemana antikeylogger auch nicht mehr startete.
malware bytes wurde fündig:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.12.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
admin :: 1111[Administrator]

C:\Program Files (x86)\Common Files\snpstd3\tsnpstd3.exe (Trojan.Backdoor) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\admin\Downloads\SetupImgBurn_2.5.8.0.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
         
nach einem abgebrochen full scan kam noch
Code:
ATTFilter
C:\Program Files (x86)\Common Files\snpstd3\tsnpstd3.exe (Trojan.Backdoor) -> Erfolgreich gelöscht und in Quarantäne gestellt
         
Danach funktionierte der Download wieder .

Der antikeylogger startete aber immer noch nicht .
Reinstallation schlug fehl.
Deinstallation brach mit Fehlermeldung ab, ..
seit dem habe ich keine Tastatur mehr .
windows sagt es würde
c:/windows/system/DRIVERS/kbdhid.sys
und kbdclass.sys f. radio controler verwenden . an dem ort gibt es aber kaum treiber..

Ich kann offenboffenbar nichts mehr installieren.
der download von firefox.exe wird immer noch verwehrt .

gmer wirft 3 fehlermeldungen bez ntuser,config,ssystem, Dateien seien geöffnet .

hilfe..
sfc/scannow bricht bei 54% ab.
ich könnte ein recovery machen, aber nicht klar ist was los lieber nicht .


Code:
ATTFilter

Protokollname: Microsoft-Windows-Kernel-PnP/Configuration
Quelle:        Microsoft-Windows-Kernel-PnP
Datum:         12.12.2013 13:22:51
Ereignis-ID:   400
Aufgabenkategorie:Keine
Ebene:         Informationen
Schlüsselwörter:
Benutzer:      SYSTEM
Computer:      Derda
Beschreibung:
Device HID\10250759&Col01\5&1b50cc66&0&0000 was configured.

Driver Name: keyboard.inf
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Driver Date: 06/21/2006
Driver Version: 6.2.9200.16548
Driver Provider: Microsoft
Driver Section: HID_Keyboard_Inst.NT
Driver Rank: 0xFF1003
Matching Device ID: HID_DEVICE_SYSTEM_KEYBOARD
Outranked Drivers: input.inf:HID_DEVICE:00FF1005
Device Updated: false
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-E831C6290539}" />
    <EventID>400</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x2000000000000000</Keywords>
    <TimeCreated SystemTime="2013-12-12T12:22:51.183496800Z" />
    <EventRecordID>842</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="208" />
    <Channel>Microsoft-Windows-Kernel-PnP/Configuration</Channel>
    <Computer>Derda</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="DeviceInstanceID">HID\10250759&amp;Col01\5&amp;1b50cc66&amp;0&amp;0000</Data>
    <Data Name="DriverName">keyboard.inf</Data>
    <Data Name="ClassGUID">{4D36E96B-E325-11CE-BFC1-08002BE10318}</Data>
    <Data Name="DriverDate">06/21/2006</Data>
    <Data Name="DriverVersion">6.2.9200.16548</Data>
    <Data Name="DriverProvider">Microsoft</Data>
    <Data Name="DriverInbox">true</Data>
    <Data Name="DriverSection">HID_Keyboard_Inst.NT</Data>
    <Data Name="DriverRank">0xff1003</Data>
    <Data Name="MatchingDeviceID">HID_DEVICE_SYSTEM_KEYBOARD</Data>
    <Data Name="OutrankedDrivers">input.inf:HID_DEVICE:00FF1005</Data>
    <Data Name="DeviceUpdated">false</Data>
    <Data Name="Status">0x0</Data>
  </EventData>
</Event>

HID\VEN_1025&DEV_0759&Col01
 
Protokollname: Microsoft-Windows-Kernel-PnP/Configuration
Quelle:        Microsoft-Windows-Kernel-PnP
Datum:         12.12.2013 13:22:51
Ereignis-ID:   400
Aufgabenkategorie:Keine
Ebene:         Informationen
Schlüsselwörter:
Benutzer:      SYSTEM
Computer:      Derda
Beschreibung:
Device HID\10250759&Col01\5&1b50cc66&0&0000 was configured.

Driver Name: keyboard.inf
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Driver Date: 06/21/2006
Driver Version: 6.2.9200.16548
Driver Provider: Microsoft
Driver Section: HID_Keyboard_Inst.NT
Driver Rank: 0xFF1003
Matching Device ID: HID_DEVICE_SYSTEM_KEYBOARD
Outranked Drivers: input.inf:HID_DEVICE:00FF1005
Device Updated: false
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-E831C6290539}" />
    <EventID>400</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x2000000000000000</Keywords>
    <TimeCreated SystemTime="2013-12-12T12:22:51.183496800Z" />
    <EventRecordID>842</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="208" />
    <Channel>Microsoft-Windows-Kernel-PnP/Configuration</Channel>
    <Computer>Derda</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="DeviceInstanceID">HID\10250759&amp;Col01\5&amp;1b50cc66&amp;0&amp;0000</Data>
    <Data Name="DriverName">keyboard.inf</Data>
    <Data Name="ClassGUID">{4D36E96B-E325-11CE-BFC1-08002BE10318}</Data>
    <Data Name="DriverDate">06/21/2006</Data>
    <Data Name="DriverVersion">6.2.9200.16548</Data>
    <Data Name="DriverProvider">Microsoft</Data>
    <Data Name="DriverInbox">true</Data>
    <Data Name="DriverSection">HID_Keyboard_Inst.NT</Data>
    <Data Name="DriverRank">0xff1003</Data>
    <Data Name="MatchingDeviceID">HID_DEVICE_SYSTEM_KEYBOARD</Data>
    <Data Name="OutrankedDrivers">input.inf:HID_DEVICE:00FF1005</Data>
    <Data Name="DeviceUpdated">false</Data>
    <Data Name="Status">0x0</Data>
  </EventData>
</Event>
Der Gerätetreiber für diese Hardware kann nicht geladen werden. Der Treiber ist möglicherweise beschädigt oder nicht vorhanden. (Code 39)
hid Tastatur 
ort:radio controler
{Treiber konnte nicht geladen werden}
%hs Gerätetreiber konnte(n) nicht geladen werden.
Fehler: 0x%x
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-12-2013
Ran by admin (administrator) on DERDA on 12-12-2013 16:35:10
Running from C:\Users\admin\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: 

==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(XIMETA, Inc.) C:\Program Files\NDAS\System\ndassvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Program Files\ProgDVB\ProgDvbService.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(KARPOLAN) C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe
(XIMETA, Inc.) C:\Program Files\NDAS\System\ndasmgmt.exe
(pdfforge  GmbH) C:\Program Files (x86)\PDFCreator\PDFCreator.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dr. J. Rathlev, D-24222 Schwentinental) C:\Program Files\Personal Backup 5\Persbackup.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(NewSoft) C:\Program Files (x86)\NewSoft\Presto! PVR\Monitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
() C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
() C:\Windows\FixCamera.exe
(Mozilla Corporation) C:\Program Files (x86)\Nightly\firefox.exe
() C:\Windows\vsnpstd3.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Qualcomm Atheros) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Crystal Dew World) C:\Users\admin\Documents\CrystalDiskInfo5_4_2x64\DiskInfoX64.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Marek Jasinski - www.FreeCommander.com) C:\Program Files (x86)\FreeCommander\FreeCommander.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Marek Jasinski) C:\Program Files (x86)\FreeCommander\FcContextMenu64.exe
() C:\Users\admin\Downloads\Defogger.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2872208 2013-02-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BtPreLoad] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe [64640 2012-11-09] ()
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [KeyboardLeds.exe] - C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe [912896 2012-09-06] (KARPOLAN)
HKCU\...\Run: [Remote Control Editor] - C:\Program Files (x86)\Common Files\TERRATEC\Remote\TTTvRc.exe [1844296 2011-11-09] (Elgato Systems)
HKCU\...\Run: [ProgLauncher] - C:\Program Files\ProgDVB\ProgLauncher.exe [569768 2013-05-15] ()
MountPoints2: F - "F:\tools\shelexec.exe" html\index.htm
MountPoints2: G - "G:\Install.exe" 
MountPoints2: {563f593c-753f-11e2-be9e-b888e39f4ef9} - "E:\pcwstart.exe" 
HKLM-x32\...\Run: [BakupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - [x]
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1960448 2013-04-05] (Dominik Reichl)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [ChangeFilterMerit] - C:\Program Files (x86)\NewSoft\Presto! PVR\ChangeFilterMerit.exe [51280 2007-06-08] (NewSoft)
HKLM-x32\...\Run: [Presto! PVR Monitor] - C:\Program Files (x86)\NewSoft\Presto! PVR\Monitor.exe [157592 2010-08-30] (NewSoft)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM-x32\...\Run: [ZALFree] - "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2013-09-29] ()
HKLM-x32\...\Run: [FixCamera] - C:\Windows\FixCamera.exe [20480 2007-07-11] ()
HKLM-x32\...\Run: [snpstd3] - C:\Windows\vsnpstd3.exe [835584 2007-05-10] ()
HKU\Default\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-07-20] (Acer Incorporated)
HKU\Default User\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-07-20] (Acer Incorporated)
HKU\foto\...\Run: [KeyboardLeds.exe] - C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe [912896 2012-09-06] (KARPOLAN)
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KE6D28~1.DLL [ ] ()
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KE50FD~1.DLL [ ] ()
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
ShortcutTarget: Persbackup.lnk -> C:\Program Files\Personal Backup 5\Persbackup.exe (Dr. J. Rathlev, D-24222 Schwentinental)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM - DefaultScope {7D3B1BA1-E7EA-4033-8CBE-1CD5522AEC2E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {7D3B1BA1-E7EA-4033-8CBE-1CD5522AEC2E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {7D3B1BA1-E7EA-4033-8CBE-1CD5522AEC2E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {7D3B1BA1-E7EA-4033-8CBE-1CD5522AEC2E} URL = 
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} -  No File
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll ()
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll ()
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll ()
Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll ()
Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll ()
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll ()
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll ()
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Windows\SysWOW64\WowCtl2.dll (EzTools Software)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.51.23.11

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\100-search-engines.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\amazonde-german.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\amazonde-wh.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\audiblecouk.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\dictionary.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\dudende-suche.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\frankfurt-kurse.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\googletranslate.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\pdf-ebook-searches.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\read-books-online.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\webster.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\wikipedia-eng.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\wikipedia-ssl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ant Video Downloader - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\anttoolbar@ant.com
FF Extension: FireHbbTV - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\dlfr-firetv-plugin@atosorigin.com
FF Extension: Amazon Toolbar - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\FFAmazonShoppingToolbar@wangtom.com
FF Extension: HTTPS-Everywhere - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\https-everywhere@eff.org
FF Extension: Perspectives - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\perspectives@cmu.edu
FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\staged
FF Extension: Flashblock - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF Extension: QuickWiki - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}
FF Extension: CertPatrol - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\CertPatrol@PSYC.EU.xpi
FF Extension: pwgen - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\pwgen@alouche.net.xpi
FF Extension: requestpolicy - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\requestpolicy@requestpolicy.com.xpi
FF Extension: uriloader - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\uriloader@pdf.js.xpi
FF Extension: defaults - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi
FF Extension: noscript - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: prefs - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Nightly\firefox.exe

==================== Services (Whitelisted) =================

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [28560 2013-02-05] (ELAN Microelectronics Corp.)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-24] (Bitdefender)
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-09-29] ()
R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [11776 2013-06-13] (Olof Lagerkvist)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2013-02-05] (Intel Corporation)
R2 ndassvc; C:\Program Files\NDAS\System\ndassvc.exe [331752 2010-01-13] (XIMETA, Inc.)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 ProgDVBService; C:\Program Files\ProgDVB\ProgDVBService.exe [60840 2013-05-15] ()
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-28] (Dritek System INC.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-11-09] (Atheros)

==================== Drivers (Whitelisted) ====================

S3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [30624 2013-01-28] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-06-11] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-06-11] (BitDefender)
R2 AWEAlloc; C:\Windows\system32\DRIVERS\awealloc.sys [17488 2013-06-13] (Olof Lagerkvist)
S3 AX88179; C:\Windows\system32\DRIVERS\ax88179_178a.sys [70656 2013-01-25] (ASIX Electronics Corp.)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-10-06] (Bitdefender SRL)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-09] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-06-11] (BitDefender LLC)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R2 ImDisk; C:\Windows\system32\DRIVERS\imdisk.sys [39520 2013-06-13] (Olof Lagerkvist)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [172640 2013-03-07] (ITE                      )
R0 lfsfilt; C:\Windows\System32\DRIVERS\lfsfilt.sys [738792 2010-01-13] (XIMETA, Inc.)
S3 libusbK; C:\Windows\System32\drivers\libusbK.sys [47200 2013-03-19] (hxxp://libusb-win32.sourceforge.net)
R0 lpx; C:\Windows\System32\DRIVERS\lpx6x.sys [151528 2010-01-13] (XIMETA, Inc.)
R3 ndasbus; C:\Windows\System32\drivers\ndasbus.sys [497640 2010-01-13] (XIMETA, Inc.)
R1 ndasfat; C:\Windows\System32\DRIVERS\ndasfat.sys [607720 2010-01-13] (Windows (R) Codename Longhorn DDK provider)
R0 ndasfs; C:\Windows\System32\DRIVERS\ndasfs.sys [746472 2010-01-13] (XIMETA, Inc.)
R1 ndasrofs; C:\Windows\System32\DRIVERS\ndasrofs.sys [1053160 2010-01-13] (XIMETA, Inc.)
S3 ndasscsi; C:\Windows\System32\drivers\ndasscsi.sys [486888 2010-01-13] (XIMETA, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-28] (Dritek System Inc.)
S3 RTL2832UBDA; C:\Windows\SysWow64\drivers\RTL2832UBDA.sys [174368 2010-01-22] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWow64\Drivers\RTL2832UUSB.sys [38944 2010-01-22] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWow64\drivers\RTL2832U_IRHID.sys [44320 2009-10-05] (Realtek)
S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1051752 2012-06-02] (Realtek Semiconductor Corporation                           )
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [130960 2013-02-03] (Ray Hinchliffe)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-06-22] (BitDefender S.R.L.)
S3 ALSysIO; \??\C:\Users\admin\AppData\Local\Temp\ALSysIO64.sys [x]
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2013-06-11] (BitDefender)
S3 cpuz135; \??\C:\Users\admin\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
S1 HWiNFO32; \??\C:\Users\admin\AppData\Local\Temp\HWiNFO64A.SYS [x]
S3 iscFlash; \??\C:\Users\admin\AppData\Local\Temp\7zSA868.tmp\iscflashx64.sys [x]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [x]
S3 TDKLIB; \??\C:\Users\admin\AppData\Local\Temp\7zS40D4.tmp\TdkLib64.sys [x]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [x]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-12 16:32 - 2013-12-12 16:32 - 00000472 _____ C:\Users\admin\Downloads\defogger_disable.log
2013-12-12 16:32 - 2013-12-12 16:32 - 00000000 _____ C:\Users\admin\defogger_reenable
2013-12-12 16:31 - 2013-12-12 16:32 - 00050477 _____ C:\Users\admin\Downloads\Defogger.exe
2013-12-12 16:19 - 2013-12-12 16:35 - 00025770 _____ C:\Users\admin\Downloads\FRST.txt
2013-12-12 16:19 - 2013-12-12 16:20 - 00052128 _____ C:\Users\admin\Downloads\FRST20131212.txt
2013-12-12 16:19 - 2013-12-12 16:19 - 01927106 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2013-12-12 16:14 - 2013-12-12 16:14 - 01226802 _____ C:\Users\admin\Downloads\adwcleaner(3).exe
2013-12-12 13:36 - 2013-12-12 16:04 - 00000000 ____D C:\Program Files (x86)\Nightly
2013-12-12 13:03 - 2013-12-12 13:05 - 21397296 _____ (Zemana Ltd.                                                                                                                                                                                                                                                                                                 ) C:\Users\admin\Downloads\Zemana_AntiLogger_1.9.3.503.exe
2013-12-12 13:00 - 2013-12-12 13:02 - 21928088 _____ (Zemana Ltd.                                                                                                                                                                                                                                                                                                 ) C:\Users\admin\Downloads\Zemana_AntiLogger_1.9.3.506.exe
2013-12-12 12:28 - 2013-12-12 12:29 - 00343248 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 21:03 - 2013-10-25 07:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 21:03 - 2013-10-25 07:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 21:03 - 2013-10-25 07:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-12-11 21:03 - 2013-10-25 07:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 21:03 - 2013-10-25 07:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 21:03 - 2013-10-25 07:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-11 21:03 - 2013-10-25 07:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 21:03 - 2013-10-25 07:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 21:03 - 2013-10-25 07:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 21:03 - 2013-10-25 07:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-11 21:03 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 21:03 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 21:03 - 2013-10-25 05:44 - 01140736 _____ C:\Windows\SysWOW64\urlmon.dll
2013-12-11 21:03 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 21:03 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 21:03 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 21:03 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-11 21:03 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-11 21:02 - 2013-11-07 00:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 21:02 - 2013-10-19 06:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 21:02 - 2013-10-19 05:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 21:02 - 2013-10-09 02:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-12-11 21:02 - 2013-10-08 23:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-12-11 21:02 - 2013-10-08 23:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-12-11 21:02 - 2013-10-08 23:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-12-11 21:02 - 2013-10-08 23:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-12-11 21:02 - 2013-10-08 23:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-12-11 21:02 - 2013-10-08 23:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-12-11 21:02 - 2013-10-08 23:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-12-11 21:02 - 2013-10-08 23:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-12-11 21:02 - 2013-10-08 23:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-12-11 21:02 - 2013-10-08 23:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-12-11 21:02 - 2013-10-08 23:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-12-11 21:02 - 2013-10-08 23:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-12-11 21:02 - 2013-10-05 07:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2013-12-11 21:02 - 2013-10-03 23:09 - 00385528 _____ C:\Windows\system32\ApnDatabase.xml
2013-12-11 21:02 - 2013-10-02 03:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-12-11 21:02 - 2013-09-28 06:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-12-11 21:02 - 2013-09-28 04:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-12-11 21:02 - 2013-09-28 04:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 21:02 - 2013-09-19 08:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-11 21:02 - 2013-08-30 06:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2013-12-11 21:02 - 2013-08-30 06:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2013-12-11 21:02 - 2013-08-30 00:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2013-12-11 21:02 - 2013-08-30 00:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2013-12-11 21:01 - 2013-11-23 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 21:01 - 2013-11-23 06:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 21:01 - 2013-11-01 06:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 21:01 - 2013-11-01 04:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 21:01 - 2013-10-10 10:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 21:01 - 2013-10-10 10:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2013-12-11 21:01 - 2013-10-10 10:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 21:01 - 2013-10-10 10:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 21:01 - 2013-10-10 10:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 21:01 - 2013-10-10 10:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2013-12-11 21:01 - 2013-10-10 10:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-10 21:56 - 2013-12-10 21:56 - 02520814 _____ (Dominik Reichl                                              ) C:\Users\admin\Downloads\KeePass-2.24-Setup.exe
2013-12-10 21:43 - 2013-12-10 21:45 - 29704568 _____ (Mozilla) C:\Users\admin\Downloads\firefox-29.0a1.en-US.win32.installer.exe
2013-12-02 00:14 - 2013-12-02 00:40 - 00003464 _____ C:\Users\admin\Documents\sonya7.txt
2013-11-29 23:18 - 2013-11-29 23:18 - 02762264 _____ (Sony Corporation) C:\Users\admin\Downloads\PMHOME_3021DL.exe
2013-11-28 00:28 - 2013-12-12 15:47 - 00001123 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
2013-11-28 00:27 - 2013-12-12 15:47 - 00000000 ____D C:\Program Files (x86)\Nightly.bak
2013-11-28 00:27 - 2013-12-10 21:47 - 00001093 _____ C:\Users\Public\Desktop\Nightly.lnk
2013-11-27 22:15 - 2013-11-27 22:15 - 00001109 _____ C:\Users\Public\Desktop\FastStone Image Viewer.lnk
2013-11-27 22:14 - 2013-11-27 22:14 - 05614716 _____ C:\Users\admin\Downloads\FSViewerSetup49(1).exe
2013-11-23 10:54 - 2013-11-23 10:54 - 00001869 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2013-11-23 10:32 - 2013-11-23 11:07 - 381421623 _____ C:\Users\admin\Downloads\kav_rescue_10.iso
2013-11-23 10:31 - 2013-11-23 11:03 - 513658880 _____ C:\Users\admin\Downloads\bitdefender-rescue-cd.iso
2013-11-23 10:28 - 2013-11-23 10:29 - 15507456 _____ C:\Users\admin\Downloads\dban-2.2.8_i586.iso
2013-11-23 10:21 - 2013-11-23 10:21 - 01225161 _____ (pendrivelinux.com) C:\Users\admin\Downloads\YUMI-1.9.9.6B.exe
2013-11-23 01:03 - 2013-11-23 01:03 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-21 23:18 - 2013-11-21 23:18 - 00007812 _____ C:\Users\admin\Documents\2013-antjeabschied.wlmp
2013-11-21 23:01 - 2013-12-10 21:51 - 00000000 ____D C:\ProgramData\ClassicShell
2013-11-21 22:49 - 2013-11-21 22:49 - 00001035 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-11-21 22:49 - 2013-11-21 22:49 - 00000000 ____D C:\Users\admin\AppData\Roaming\pdfforge
2013-11-21 22:49 - 2013-04-09 15:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2013-11-21 22:49 - 2013-01-09 15:52 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2013-11-21 22:49 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2013-11-21 22:49 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2013-11-21 22:49 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2013-11-21 22:49 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2013-11-21 22:43 - 2013-11-21 22:43 - 17810632 _____ (pdfforge GmbH) C:\Users\admin\Downloads\PDFCreator-1_7_1_setup(1).exe
2013-11-17 22:47 - 2013-11-17 22:47 - 05368984 _____ C:\Users\admin\Downloads\mypr-win-3_1_0-ea11_2(2).exe
2013-11-17 22:47 - 2013-11-17 22:47 - 00001808 _____ C:\Users\Public\Desktop\Canon My Printer.lnk
2013-11-17 22:47 - 2013-11-17 22:47 - 00000000 ____D C:\Program Files\Canon
2013-11-17 22:47 - 2013-11-17 22:47 - 00000000 ____D C:\Program Files (x86)\Canon
2013-11-16 19:08 - 2013-11-16 19:08 - 05614716 _____ C:\Users\admin\Downloads\FSViewerSetup49.exe
2013-11-15 19:19 - 2013-11-27 23:09 - 00000000 ____D C:\Users\admin\AppData\Roaming\XnViewMP
2013-11-15 19:18 - 2013-11-15 19:21 - 00000000 ____D C:\Program Files\XnViewMP
2013-11-15 19:18 - 2013-11-15 19:18 - 00001614 _____ C:\Users\admin\Desktop\XnViewMP.lnk
2013-11-15 19:02 - 2013-11-15 19:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 23:53 - 2013-11-14 23:53 - 01159088 _____ (Gougelet Pierre-e                                           ) C:\Users\admin\Downloads\XnShellEx64.exe
2013-11-14 23:52 - 2013-11-14 23:52 - 17698833 _____ C:\Users\admin\Downloads\XnSketch-win-x64.zip
2013-11-14 23:52 - 2013-11-14 23:52 - 17698833 _____ C:\Users\admin\Downloads\XnSketch-win-x64(1).zip
2013-11-14 23:50 - 2013-11-14 23:51 - 27255484 _____ C:\Users\admin\Downloads\XnViewMP-win-x64.zip
2013-11-14 23:49 - 2013-11-14 23:51 - 22475336 _____ (Gougelet Pierre-e                                           ) C:\Users\admin\Downloads\XnViewMP-win-x64.exe
2013-11-14 23:47 - 2013-11-14 23:48 - 13829599 _____ C:\Users\admin\Downloads\XnConvert-win-x64.zip
2013-11-14 23:47 - 2013-11-14 23:48 - 12613187 _____ (Gougelet Pierre-e                                           ) C:\Users\admin\Downloads\XnConvert-win-x64.exe
2013-11-14 23:41 - 2013-12-04 01:53 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-14 23:41 - 2013-12-04 01:53 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-13 21:06 - 2013-11-13 21:16 - 188059736 _____ C:\Users\admin\Downloads\Update_NEX6V102.exe
2013-11-13 20:33 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-11-13 20:33 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-11-13 20:33 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-11-13 20:33 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-11-13 20:33 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-13 20:33 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-11-13 20:33 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-11-13 20:33 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-11-13 20:33 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-13 20:33 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-13 20:33 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-11-13 20:33 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-11-13 20:33 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-11-13 20:32 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-13 20:32 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 20:32 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-13 20:32 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 20:32 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 20:32 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 20:32 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 20:32 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 20:32 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 20:32 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 20:32 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-13 20:32 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-13 20:31 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 20:31 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

==================== One Month Modified Files and Folders =======

2013-12-12 16:35 - 2013-12-12 16:19 - 00025770 _____ C:\Users\admin\Downloads\FRST.txt
2013-12-12 16:32 - 2013-12-12 16:32 - 00000472 _____ C:\Users\admin\Downloads\defogger_disable.log
2013-12-12 16:32 - 2013-12-12 16:32 - 00000000 _____ C:\Users\admin\defogger_reenable
2013-12-12 16:32 - 2013-12-12 16:31 - 00050477 _____ C:\Users\admin\Downloads\Defogger.exe
2013-12-12 16:32 - 2013-01-23 20:14 - 00000000 ____D C:\Users\admin
2013-12-12 16:20 - 2013-12-12 16:19 - 00052128 _____ C:\Users\admin\Downloads\FRST20131212.txt
2013-12-12 16:19 - 2013-12-12 16:19 - 01927106 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2013-12-12 16:14 - 2013-12-12 16:14 - 01226802 _____ C:\Users\admin\Downloads\adwcleaner(3).exe
2013-12-12 16:04 - 2013-12-12 13:36 - 00000000 ____D C:\Program Files (x86)\Nightly
2013-12-12 16:02 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-12-12 15:50 - 2012-08-28 17:27 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-12-12 15:50 - 2012-08-28 17:27 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-12-12 15:50 - 2012-07-26 08:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-12 15:48 - 2013-03-08 23:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-12 15:47 - 2013-11-28 00:28 - 00001123 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
2013-12-12 15:47 - 2013-11-28 00:27 - 00000000 ____D C:\Program Files (x86)\Nightly.bak
2013-12-12 15:47 - 2013-02-02 11:03 - 00000000 ____D C:\Users\admin\AppData\Local\FreePDF_XP
2013-12-12 15:47 - 2013-01-23 21:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-12 15:45 - 2013-03-31 20:39 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2013-12-12 15:45 - 2013-03-31 20:19 - 00017408 _____ C:\Windows\SysWOW64\rpcnetp.dll
2013-12-12 15:45 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-12 15:44 - 2013-03-31 20:18 - 00029336 _____ C:\Windows\system32\wpbbin.exe
2013-12-12 15:44 - 2013-03-31 20:18 - 00017408 _____ C:\Windows\SysWOW64\rpcnetp.exe
2013-12-12 15:44 - 2013-03-31 20:18 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2013-12-12 14:26 - 2013-11-03 00:21 - 00000000 ____D C:\Users\admin\AppData\Roaming\ClassicShell
2013-12-12 14:26 - 2013-08-22 20:22 - 01558003 _____ C:\Windows\WindowsUpdate.log
2013-12-12 14:06 - 2013-10-10 19:39 - 00065536 ___SH C:\Users\admin\Desktop\Thumbs.db
2013-12-12 14:04 - 2013-10-03 20:33 - 00007102 _____ C:\Windows\PFRO.log
2013-12-12 13:27 - 2013-11-03 00:22 - 00000000 ____D C:\Users\admin\AppData\Local\Sidebar7
2013-12-12 13:26 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-12-12 13:07 - 2013-08-23 17:44 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2013-12-12 13:05 - 2013-12-12 13:03 - 21397296 _____ (Zemana Ltd.                                                                                                                                                                                                                                                                                                 ) C:\Users\admin\Downloads\Zemana_AntiLogger_1.9.3.503.exe
2013-12-12 13:02 - 2013-12-12 13:00 - 21928088 _____ (Zemana Ltd.                                                                                                                                                                                                                                                                                                 ) C:\Users\admin\Downloads\Zemana_AntiLogger_1.9.3.506.exe
2013-12-12 12:34 - 2013-03-31 20:39 - 00069792 ____N (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
2013-12-12 12:29 - 2013-12-12 12:28 - 00343248 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 12:28 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-12-12 12:27 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-12-12 12:00 - 2013-08-23 17:48 - 00000000 ____D C:\Program Files\Personal Backup 5
2013-12-12 11:57 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2013-12-11 21:22 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\system32\oobe
2013-12-10 22:38 - 2013-02-27 21:17 - 00000000 ____D C:\Users\admin\AppData\Roaming\KeePass
2013-12-10 21:56 - 2013-12-10 21:56 - 02520814 _____ (Dominik Reichl                                              ) C:\Users\admin\Downloads\KeePass-2.24-Setup.exe
2013-12-10 21:51 - 2013-11-21 23:01 - 00000000 ____D C:\ProgramData\ClassicShell
2013-12-10 21:48 - 2013-03-08 23:19 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 21:47 - 2013-11-28 00:27 - 00001093 _____ C:\Users\Public\Desktop\Nightly.lnk
2013-12-10 21:45 - 2013-12-10 21:43 - 29704568 _____ (Mozilla) C:\Users\admin\Downloads\firefox-29.0a1.en-US.win32.installer.exe
2013-12-10 20:18 - 2013-10-14 14:36 - 00000889 _____ C:\Users\Public\Desktop\Personal Backup 5.lnk
2013-12-10 11:51 - 2013-08-23 17:52 - 00000000 ____D C:\Users\admin\Documents\PersBackup
2013-12-04 01:53 - 2013-11-14 23:41 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-04 01:53 - 2013-11-14 23:41 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-02 00:40 - 2013-12-02 00:14 - 00003464 _____ C:\Users\admin\Documents\sonya7.txt
2013-12-02 00:05 - 2013-01-23 22:03 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2013-12-01 19:00 - 2013-02-02 12:30 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc
2013-12-01 18:39 - 2013-01-26 11:13 - 00000000 ____D C:\ProgramData\VMware
2013-12-01 18:37 - 2013-01-26 11:47 - 00000000 ____D C:\Users\admin\AppData\Roaming\VMware
2013-11-29 23:18 - 2013-11-29 23:18 - 02762264 _____ (Sony Corporation) C:\Users\admin\Downloads\PMHOME_3021DL.exe
2013-11-29 21:27 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2013-11-27 23:09 - 2013-11-15 19:19 - 00000000 ____D C:\Users\admin\AppData\Roaming\XnViewMP
2013-11-27 22:15 - 2013-11-27 22:15 - 00001109 _____ C:\Users\Public\Desktop\FastStone Image Viewer.lnk
2013-11-27 22:14 - 2013-11-27 22:14 - 05614716 _____ C:\Users\admin\Downloads\FSViewerSetup49(1).exe
2013-11-23 11:07 - 2013-11-23 10:32 - 381421623 _____ C:\Users\admin\Downloads\kav_rescue_10.iso
2013-11-23 11:03 - 2013-11-23 10:31 - 513658880 _____ C:\Users\admin\Downloads\bitdefender-rescue-cd.iso
2013-11-23 10:54 - 2013-11-23 10:54 - 00001869 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2013-11-23 10:29 - 2013-11-23 10:28 - 15507456 _____ C:\Users\admin\Downloads\dban-2.2.8_i586.iso
2013-11-23 10:21 - 2013-11-23 10:21 - 01225161 _____ (pendrivelinux.com) C:\Users\admin\Downloads\YUMI-1.9.9.6B.exe
2013-11-23 07:43 - 2013-12-11 21:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-23 06:05 - 2013-12-11 21:01 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 01:03 - 2013-11-23 01:03 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-21 23:36 - 2013-01-23 20:20 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3276366552-786151760-3577432824-1001
2013-11-21 23:18 - 2013-11-21 23:18 - 00007812 _____ C:\Users\admin\Documents\2013-antjeabschied.wlmp
2013-11-21 23:01 - 2013-06-25 21:16 - 00000000 ____D C:\Users\admin\AppData\Local\Windows Live
2013-11-21 22:49 - 2013-11-21 22:49 - 00001035 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-11-21 22:49 - 2013-11-21 22:49 - 00000000 ____D C:\Users\admin\AppData\Roaming\pdfforge
2013-11-21 22:49 - 2013-05-12 22:37 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-11-21 22:43 - 2013-11-21 22:43 - 17810632 _____ (pdfforge GmbH) C:\Users\admin\Downloads\PDFCreator-1_7_1_setup(1).exe
2013-11-17 22:48 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-17 22:47 - 2013-11-17 22:47 - 05368984 _____ C:\Users\admin\Downloads\mypr-win-3_1_0-ea11_2(2).exe
2013-11-17 22:47 - 2013-11-17 22:47 - 00001808 _____ C:\Users\Public\Desktop\Canon My Printer.lnk
2013-11-17 22:47 - 2013-11-17 22:47 - 00000000 ____D C:\Program Files\Canon
2013-11-17 22:47 - 2013-11-17 22:47 - 00000000 ____D C:\Program Files (x86)\Canon
2013-11-17 00:40 - 2013-07-12 23:19 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe
2013-11-16 22:43 - 2013-08-23 21:52 - 00001021 _____ C:\Users\admin\Documents\dependednd.txt
2013-11-16 19:08 - 2013-11-16 19:08 - 05614716 _____ C:\Users\admin\Downloads\FSViewerSetup49.exe
2013-11-15 19:21 - 2013-11-15 19:18 - 00000000 ____D C:\Program Files\XnViewMP
2013-11-15 19:18 - 2013-11-15 19:18 - 00001614 _____ C:\Users\admin\Desktop\XnViewMP.lnk
2013-11-15 19:02 - 2013-11-15 19:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 23:53 - 2013-11-14 23:53 - 01159088 _____ (Gougelet Pierre-e                                           ) C:\Users\admin\Downloads\XnShellEx64.exe
2013-11-14 23:52 - 2013-11-14 23:52 - 17698833 _____ C:\Users\admin\Downloads\XnSketch-win-x64.zip
2013-11-14 23:52 - 2013-11-14 23:52 - 17698833 _____ C:\Users\admin\Downloads\XnSketch-win-x64(1).zip
2013-11-14 23:51 - 2013-11-14 23:50 - 27255484 _____ C:\Users\admin\Downloads\XnViewMP-win-x64.zip
2013-11-14 23:51 - 2013-11-14 23:49 - 22475336 _____ (Gougelet Pierre-e                                           ) C:\Users\admin\Downloads\XnViewMP-win-x64.exe
2013-11-14 23:48 - 2013-11-14 23:47 - 13829599 _____ C:\Users\admin\Downloads\XnConvert-win-x64.zip
2013-11-14 23:48 - 2013-11-14 23:47 - 12613187 _____ (Gougelet Pierre-e                                           ) C:\Users\admin\Downloads\XnConvert-win-x64.exe
2013-11-14 23:35 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-11-14 23:34 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-13 21:16 - 2013-11-13 21:06 - 188059736 _____ C:\Users\admin\Downloads\Update_NEX6V102.exe
2013-11-13 20:49 - 2013-08-14 16:19 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 20:46 - 2013-01-23 21:20 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\ANT1CB8.exe
C:\Users\admin\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\admin\AppData\Local\Temp\npp.6.4.5.Installer.exe
C:\Users\admin\AppData\Local\Temp\Quarantine.exe
C:\Users\admin\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\admin\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\admin\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 12:15

==================== End Of Log ============================
         
--- --- ---


gmer sind 750kB, wirklich nötig ?

Alt 12.12.2013, 21:08   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 64, keine Tastatur mehr - Standard

Windows 8 64, keine Tastatur mehr



hi,
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________

__________________

Alt 13.12.2013, 21:14   #3
7hine
 
Windows 8 64, keine Tastatur mehr - Standard

Windows 8 64, keine Tastatur mehr



Hi schrauber
erstmal vielen dank für die schnelle Reaktion.
Das gewünschte File habe ungeschickterweise in eine Antwort auf mein Post gestzt.
Ich hoffe das ist OK?

der processexplorer zeigt mir ein sehr verdächtige datei
HOSTS Anti-PUPs/Adwares
ver 0.3.0
Fri Dec 23 11:59:31 2011
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
C:\Windows\SysWOW64\
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HOSTS Anti-Adware_PUPs

wenn der so alt, warum wird er nicht erkannnt?

dann ist da noch es fixcamera, der ein paar % CPU zieht..

ausserdem hängt da noch ein unbekannter user run. die permissions kann man bur sehen wenn obige anti adware suspended ist.
Downloads funktionieren dann aber immer noch nicht im ff.

hab jetzt mal die beiden programme per msconfig disabled
im process viewer habe ich jetzt aber keinen knopf permissions mehr,
immerhin klappt jetzt das ff update.
__________________

Geändert von 7hine (13.12.2013 um 18:35 Uhr) Grund: fullqoute, typos

Alt 14.12.2013, 06:55   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 64, keine Tastatur mehr - Standard

Windows 8 64, keine Tastatur mehr



Zitat:
Das gewünschte File habe ungeschickterweise in eine Antwort auf mein Post gestzt.
Ich hoffe das ist OK?
ich nix versteh

Wo ist das Combofix Logfile?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.12.2013, 11:01   #5
7hine
 
Windows 8 64, keine Tastatur mehr - Standard

Windows 8 64, keine Tastatur mehr



Status:
Es scheint der “HOST AntiPUP“ zu sein.
Auf virus total erkennen ihn nur 12 von 47 scannern.
Er isz aber eindeutig malig.
Wenn host antiPUP nicht läuft, zeigt process viewer keinem permissions knopf.
Anstelle des nur mit S1-5-...bekannten users wird die admingruppe zeigt.
ACDeamon und der installer von Zemana Antikeylogger enden mit 0xC0000022
.
Die windows problembeseitigumg stellt fest,.das die tastatur nicht ok ist, kann aber keinen neuen treiber installieren.
Update auf ff26 funktionierte, seit dem geht auch der download wieder.
Will ff das passwort f. Gespeicherte Passwörter so hängt er fest, wenn man dies abbrich.
Wird das flash plugin deaktivert, so funktionirtt ff normal.
Sfc bricht ab, dism findet 5 warnungen

Ich komme jetztnicht mehr weiter. Hilfe wäre sehr willkommen.

Zitat:
Zitat von schrauber Beitrag anzeigen
ich nix versteh

Wo ist das Combofix Logfile?
Das ist ne gute frage. Ich hatte es gepostet, aber als antwort auf mein posting.
Jetzt fehlt dieser Post.

das ist der aktuelle combo.fix lauf
Code:
ATTFilter
ComboFix 13-12-12.03 - admin 13.12.2013  22:58:14.2.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.16199.14173 [GMT 1:00]
ausgeführt von:: c:\users\admin\Desktop\ComboFix.exe
AV: Bitdefender Antivirus Free Edition *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antivirus Free Edition *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-11-13 bis 2013-12-13  ))))))))))))))))))))))))))))))
.
.
2013-12-13 22:07 . 2013-12-13 22:07	--------	d-----w-	c:\users\foto\AppData\Local\temp
2013-12-13 22:07 . 2013-12-13 22:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-12-13 21:55 . 2013-12-13 21:55	--------	d-----w-	c:\program files (x86)\Nightly
2013-12-13 21:32 . 2013-10-31 05:56	915968	----a-w-	c:\windows\system32\MPSSVC.dll
2013-12-13 21:32 . 2013-10-31 05:56	758784	----a-w-	c:\windows\system32\FirewallAPI.dll
2013-12-13 21:32 . 2013-10-31 04:01	550400	----a-w-	c:\windows\SysWow64\FirewallAPI.dll
2013-12-13 21:32 . 2013-10-31 03:42	74752	----a-w-	c:\windows\system32\drivers\mpsdrv.sys
2013-12-13 21:32 . 2013-10-28 05:50	588288	----a-w-	c:\windows\system32\SHCore.dll
2013-12-13 21:32 . 2013-10-28 04:05	452608	----a-w-	c:\windows\SysWow64\SHCore.dll
2013-12-13 21:32 . 2013-10-13 20:49	100696	----a-w-	c:\windows\system32\drivers\disk.sys
2013-12-13 21:32 . 2013-08-27 05:21	227840	----a-w-	c:\windows\system32\WebClnt.dll
2013-12-13 21:32 . 2013-08-27 05:19	104448	----a-w-	c:\windows\system32\davclnt.dll
2013-12-13 21:32 . 2013-08-26 22:29	199168	----a-w-	c:\windows\SysWow64\WebClnt.dll
2013-12-13 21:32 . 2013-08-26 22:28	86016	----a-w-	c:\windows\SysWow64\davclnt.dll
2013-12-13 21:27 . 2013-11-01 01:45	23350272	----a-w-	c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-13 21:27 . 2013-11-01 01:16	22615040	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-12 22:14 . 2013-12-12 22:14	254128	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10227.bin
2013-12-11 20:02 . 2013-10-19 05:45	62976	----a-w-	c:\windows\system32\imagehlp.dll
2013-12-11 20:01 . 2013-10-10 09:24	143872	----a-w-	c:\windows\system32\wshom.ocx
2013-12-11 20:01 . 2013-10-10 09:22	222720	----a-w-	c:\windows\system32\scrobj.dll
2013-12-11 20:01 . 2013-10-10 09:22	194048	----a-w-	c:\windows\system32\scrrun.dll
2013-12-11 20:01 . 2013-10-10 09:32	115712	----a-w-	c:\windows\SysWow64\cscript.exe
2013-12-11 20:01 . 2013-10-10 09:30	162304	----a-w-	c:\windows\SysWow64\scrobj.dll
2013-12-11 20:01 . 2013-10-10 09:30	156160	----a-w-	c:\windows\SysWow64\scrrun.dll
2013-12-11 20:01 . 2013-10-10 09:23	146944	----a-w-	c:\windows\system32\cscript.exe
2013-12-11 20:01 . 2013-11-23 05:05	368640	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-12-11 20:01 . 2013-11-23 06:43	420864	----a-w-	c:\windows\system32\WMPhoto.dll
2013-12-11 20:01 . 2013-11-01 05:38	312320	----a-w-	c:\windows\system32\msieftp.dll
2013-12-11 20:01 . 2013-11-01 03:49	273408	----a-w-	c:\windows\SysWow64\msieftp.dll
2013-11-21 22:01 . 2013-12-10 20:51	--------	d-----w-	c:\programdata\ClassicShell
2013-11-21 21:49 . 2013-11-21 21:49	--------	d-----w-	c:\users\admin\AppData\Roaming\pdfforge
2013-11-21 21:49 . 2013-01-09 14:52	1070152	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2013-11-21 21:49 . 2012-05-05 10:54	137000	----a-w-	c:\windows\SysWow64\MSMAPI32.OCX
2013-11-21 21:49 . 2013-04-09 14:13	110264	----a-w-	c:\windows\system32\pdfcmon.dll
2013-11-21 21:49 . 2012-05-05 10:54	23552	----a-w-	c:\windows\SysWow64\MSMPIDE.DLL
2013-11-21 21:49 . 1998-07-06 17:55	158208	----a-w-	c:\windows\SysWow64\MSCMCDE.DLL
2013-11-21 21:49 . 1998-07-06 17:55	64512	----a-w-	c:\windows\SysWow64\MSCC2DE.DLL
2013-11-17 21:47 . 2013-11-17 21:47	--------	d-----w-	c:\program files (x86)\Canon
2013-11-17 21:47 . 2013-11-17 21:47	--------	d-----w-	c:\program files\Canon
2013-11-15 18:19 . 2013-11-27 22:09	--------	d-----w-	c:\users\admin\AppData\Roaming\XnViewMP
2013-11-15 18:18 . 2013-11-15 18:21	--------	d-----w-	c:\program files\XnViewMP
2013-11-14 22:41 . 2013-12-04 00:53	78304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-14 22:41 . 2013-12-04 00:53	694240	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-13 21:36 . 2013-03-31 19:39	69792	----a-w-	c:\windows\SysWow64\rpcnet.dll
2013-12-13 21:36 . 2013-03-31 19:19	17408	----a-w-	c:\windows\SysWow64\rpcnetp.dll
2013-12-13 21:34 . 2013-03-31 19:18	17408	----a-w-	c:\windows\SysWow64\rpcnetp.exe
2013-12-13 21:34 . 2013-03-31 19:18	17408	----a-w-	c:\windows\system32\rpcnetp.exe
2013-12-13 21:34 . 2013-03-31 19:18	29336	----a-w-	c:\windows\system32\wpbbin.exe
2013-12-13 21:27 . 2013-01-23 20:20	90708896	----a-w-	c:\windows\system32\MRT.exe
2013-12-13 19:01 . 2013-03-31 19:39	69792	------w-	c:\windows\SysWow64\rpcnet.exe
2013-11-02 13:00 . 2013-01-23 22:00	50784	----a-w-	c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-10-20 16:47 . 2013-10-20 16:47	329216	----a-w-	c:\windows\system32\StartMenuHelper64.dll
2013-10-20 16:46 . 2013-10-20 16:46	268288	----a-w-	c:\windows\SysWow64\StartMenuHelper32.dll
2013-10-15 10:41 . 2013-10-16 22:25	251664	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2013-10-15 10:38 . 2013-10-16 22:25	126736	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2013-10-15 10:38 . 2013-10-15 10:38	154896	----a-w-	c:\windows\system32\drivers\VBoxNetFlt.sys
2013-10-15 10:38 . 2013-10-15 10:38	140560	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2013-10-15 10:35 . 2013-10-15 10:35	204048	----a-w-	c:\windows\system32\VBoxNetFltNobj.dll
2013-10-10 11:53 . 2013-11-13 19:32	96600	----a-w-	c:\windows\system32\drivers\wfplwfs.sys
2013-10-10 09:21 . 2013-11-13 19:32	1160192	----a-w-	c:\windows\system32\IKEEXT.DLL
2013-10-10 09:20 . 2013-11-13 19:32	723968	----a-w-	c:\windows\system32\BFE.DLL
2013-10-02 23:25 . 2013-11-13 19:32	1300992	----a-w-	c:\windows\system32\gdi32.dll
2013-10-01 23:37 . 2013-11-13 19:32	1569280	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-10-01 23:37 . 2013-11-13 19:31	2035712	----a-w-	c:\windows\SysWow64\authui.dll
2013-10-01 23:26 . 2013-11-13 19:32	1890816	----a-w-	c:\windows\system32\crypt32.dll
2013-10-01 23:26 . 2013-11-13 19:31	2304512	----a-w-	c:\windows\system32\authui.dll
2013-10-01 22:22 . 2013-11-13 19:32	1022976	----a-w-	c:\windows\SysWow64\gdi32.dll
2013-09-23 22:30 . 2013-11-13 19:32	419328	----a-w-	c:\windows\system32\schannel.dll
2013-09-23 22:30 . 2013-11-13 19:32	323072	----a-w-	c:\windows\SysWow64\schannel.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-10-20 16:47	627712	----a-w-	c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KeyboardLeds.exe"="c:\program files (x86)\Keyboard LEDs\KeyboardLeds.exe" [2012-09-06 912896]
"Remote Control Editor"="c:\program files (x86)\Common Files\TerraTec\Remote\TTTVRC.exe" [2011-11-09 1844296]
"ProgLauncher"="c:\program files\ProgDVB\ProgLauncher.exe" [2013-05-15 569768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BakupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-07-30 533056]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-07-11 2995904]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2013-04-05 1960448]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2013-03-14 373760]
"ChangeFilterMerit"="c:\program files (x86)\NewSoft\Presto! PVR\ChangeFilterMerit.exe" [2007-06-08 51280]
"Presto! PVR Monitor"="c:\program files (x86)\NewSoft\Presto! PVR\Monitor.exe" [2010-08-30 157592]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-08-07 601928]
"HOSTS Anti-Adware_PUPs"="c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" [2013-09-29 302961]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2012-07-26 62976]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Persbackup.lnk - c:\program files\Personal Backup 5\Persbackup.exe /auto [2013-12-10 8513536]
Sidebar.lnk - c:\program files\Windows Sidebar\sidebar.exe [2013-11-3 1371648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe /startup [2010-1-13 389608]
PDFCreator.lnk - c:\program files (x86)\PDFCreator\PDFCreator.exe [2013-11-21 3174400]
RdClient.lnk - c:\windows\Installer\{776FC53A-170E-4401-A51C-7DB4AF1399D9}\_F1A59FBFCC1373360C7749.exe "%RdClientConfigFile%" [2013-3-2 85182]
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2013-3-9 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\users\admin\AppData\Local\Temp\HWiNFO64A.SYS;c:\users\admin\AppData\Local\Temp\HWiNFO64A.SYS [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [x]
R2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64;c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [x]
R3 ALSysIO;ALSysIO;c:\users\admin\AppData\Local\Temp\ALSysIO64.sys;c:\users\admin\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 AX88179;ASIX AX88179 USB 3.0 to Gigabit Ethernet Adapter;c:\windows\system32\DRIVERS\ax88179_178a.sys;c:\windows\SYSNATIVE\DRIVERS\ax88179_178a.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 cpuz135;cpuz135;c:\users\admin\AppData\Local\Temp\cpuz135\cpuz135_x64.sys;c:\users\admin\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 DeviceFastLaneService;Device Fast-lane Service;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 iscFlash;iscFlash;c:\users\admin\AppData\Local\Temp\7zSA868.tmp\iscflashx64.sys;c:\users\admin\AppData\Local\Temp\7zSA868.tmp\iscflashx64.sys [x]
R3 IT9135BDA;CINERGY T Stick DUAL RC BDA Devices;c:\windows\System32\Drivers\IT9135BDA.sys;c:\windows\SYSNATIVE\Drivers\IT9135BDA.sys [x]
R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
R3 libusbK;libusbK USB Driver 08/02/2012 - 3.0.5.16;c:\windows\System32\drivers\libusbK.sys;c:\windows\SYSNATIVE\drivers\libusbK.sys [x]
R3 RTL2832U_IRHID;Cinergy T Stick HID;c:\windows\System32\drivers\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\drivers\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;Cinergy T Stick RC BDA service;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;Cinergy T Stick RC USB service;c:\windows\System32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n-USB 2.0-Netzwerkadapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 SIVDriver;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX64.sys;c:\windows\SYSNATIVE\Drivers\SIVX64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TDKLIB;TDKLIB;c:\users\admin\AppData\Local\Temp\7zS40D4.tmp\TdkLib64.sys;c:\users\admin\AppData\Local\Temp\7zS40D4.tmp\TdkLib64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\System32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 ndasfs;ndasfs;c:\windows\system32\DRIVERS\ndasfs.sys;c:\windows\SYSNATIVE\DRIVERS\ndasfs.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [x]
S1 ccSet_NARA;NARA Settings Manager;c:\windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NARAx64\0401000.00A\ccSetx64.sys [x]
S1 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 ndasfat;NDAS FAT File System Service;c:\windows\system32\DRIVERS\ndasfat.sys;c:\windows\SYSNATIVE\DRIVERS\ndasfat.sys [x]
S1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\DRIVERS\ndasrofs.sys;c:\windows\SYSNATIVE\DRIVERS\ndasrofs.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AWEAlloc;AWE Memory Allocation Driver;c:\windows\system32\DRIVERS\awealloc.sys;c:\windows\SYSNATIVE\DRIVERS\awealloc.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 CCDMonitorService;CCDMonitorService;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ETDService;Elan Service;c:\program files\Elantech\ETDService.exe;c:\program files\Elantech\ETDService.exe [x]
S2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe [x]
S2 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\DRIVERS\imdisk.sys;c:\windows\SYSNATIVE\DRIVERS\imdisk.sys [x]
S2 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe;c:\windows\SYSNATIVE\imdsksvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 ProgDVBService;ProgDVB Scheduler Service;c:\program files\ProgDVB\ProgDVBService.exe;c:\program files\ProgDVB\ProgDVBService.exe [x]
S2 RfButtonDriverService;Dritek RF Button Command Service;c:\windows\RfBtnSvc64.exe;c:\windows\RfBtnSvc64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [x]
S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\System32\drivers\bScsiSDa.sys;c:\windows\SYSNATIVE\drivers\bScsiSDa.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 ePowerSvc;ePower Service;c:\program files\Acer\Acer Power Management\ePowerSvc.exe;c:\program files\Acer\Acer Power Management\ePowerSvc.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;c:\windows\System32\drivers\aPs2Kb2Hid.sys;c:\windows\SYSNATIVE\drivers\aPs2Kb2Hid.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-23 23:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-10-20 16:47	774144	----a-w-	c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"BtPreLoad"="c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe" [2012-11-09 64640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-02-05 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-02-05 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-02-05 441888]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: bleepingcomputer.com\download
TCP: DhcpNameServer = 10.51.23.11
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-10-19 13:31; requestpolicy@requestpolicy.com; c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\extensions\requestpolicy@requestpolicy.com.xpi
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AIDA64Driver]
"ImagePath"="\??\c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2013-12-13  23:19:42
ComboFix-quarantined-files.txt  2013-12-13 22:19
ComboFix2.txt  2013-12-12 22:57
.
Vor Suchlauf: 25 Verzeichnis(se), 320.156.475.392 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 320.100.474.880 Bytes frei
.
- - End Of File - - EDD9BFD6EB700455E73EE216CAB01349
         
Wieso landen alle meine Beiträge in einen einzigen Artikel?
Was mache ich falsch?


--------
Ich habe nun mal den Windows defender aktiviert und voll scannen lassen.
Bei jedem scan findet er VirusOS/EICAR_Test_File.
Ich habe den nicht geladen...
Wieso Fehler ?
Wieso wurde KEINE Schadsoftware gefundenen , wenn der EICAR ja harmlos?

Code:
ATTFilter
Der folgende Fehler ist aufgetreten: Fehlercode: 0x80508023. 
Auf dem Computer wurde keine Schadsoftware oder andere potenziell unerwünschte Software gefunden. 

Kategorie: Virus

Beschreibung: Dieses Programm ist gefährlich. Es repliziert sich, indem es andere Dateien infiziert.

Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.

Elemente: 
file:C:\Windows\Temp\tmp000061ce\tmp00000001

Online weitere Informationen zu diesem Element abrufen
         
Die Ziffernfolge bei tmp000061ce ist jedes mal anders,
die Datei hat immer die länge 0
das Verzeichnis vom vorherigen lauf ist weg
das neue hat den Zeitpunkt des letzten findens.
ausser diesem findet er nichts. Obwohl die antipup-Datei immer noch da liegt .

Was ist denn das?
läuft da doch noch mehr auf meinem rechner und erzeugt diese Datei immer wieder neu und gaukelt einen EICAR vor ?

---------

Die F8 Taste geht auch nicht .
F2 F12 gehen (BIOS, Bootdevice) aber ich nicht von cd zu ende booten.(ct surfix)
Auch kann ich mit Fn F7 das Touchpad ab/einschalten.

----


Geändert von 7hine (14.12.2013 um 11:16 Uhr)

Alt 14.12.2013, 15:38   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 64, keine Tastatur mehr - Standard

Windows 8 64, keine Tastatur mehr



Sorry, eindeutig zu viel Text.

Kurze schnelle Sätze:

was ist dein Problem mit dem Rechner? Und bitte aufhören irgendwas selbst zu versuchen, ich werd sonst noch matschig im Hirn.

Eicar ist ein Testvirus, mehr nit.

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Windows 8 64, keine Tastatur mehr

Alt 14.12.2013, 23:34   #7
7hine
 
Windows 8 64, keine Tastatur mehr - Standard

Windows 8 64, keine Tastatur mehr



Zitat:
Zitat von schrauber Beitrag anzeigen
Sorry, eindeutig zu viel Text.

Kurze schnelle Sätze:

was ist dein Problem mit dem Rechner? Und bitte aufhören irgendwas selbst zu versuchen, ich werd sonst noch matschig im Hirn.

Eicar ist ein Testvirus, mehr nit.
problem ist:
Tastatur geht nicht(ich schreibe mit Bildschirmtastatur)
ACDaemon terminiert mit 0xc0000022
zemana anti logger Installation terminiert mit 0xc0000022
windows defender terminiert nach dem "finden" eines -nicht existenten(!)- EICAR-test files
Rechner grotten langsam
16GB RAM verbraucht
keine downloads/updates mit/von firefox
malwarebytes hat 2 Trojaner-Files entfernt (siehe erstes posting)
es lief weiterhin eine malware "HOST Anti/PUP" die von den meisten scannern (inkl. malwarebytes ff. ) nicht erkannt wird.

Diese habe ich per msconfig deaktiviert, damit downloads wieder gingen und die file permissions wieder sichtbar wurden.




Code:
ATTFilter
# AdwCleaner v3.015 - Bericht erstellt am 14/12/2013 um 21:44:34
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : admin - DERDA
# Gestartet von : C:\Users\admin\Desktop\adwcleaner(4).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\Program Files (x86)\ParetoLogic
Ordner Gelöscht : C:\Program Files (x86)\Common Files\ParetoLogic
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\anttoolbar@ant.com

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKLM\Software\ParetoLogic

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\prefs.js ]


[ Datei : C:\Users\foto\AppData\Roaming\Mozilla\Firefox\Profiles\omuc16am.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [9465 octets] - [22/08/2013 18:31:02]
AdwCleaner[R1].txt - [1185 octets] - [29/09/2013 06:40:10]
AdwCleaner[R2].txt - [1701 octets] - [12/12/2013 18:33:54]
AdwCleaner[R3].txt - [2285 octets] - [14/12/2013 21:14:13]
AdwCleaner[S0].txt - [9326 octets] - [22/08/2013 18:32:47]
AdwCleaner[S1].txt - [2046 octets] - [14/12/2013 21:44:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2106 octets] ##########
         
JRT.TXT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by admin on 14.12.2013 at 21:49:17,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3276366552-786151760-3577432824-1001\Software\sweetim



~~~ Files

Successfully deleted: [File] "C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user pinned\taskbar\startfenster.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\uih27yzg.default\extensions\staged
Emptied folder: C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\uih27yzg.default\minidumps [16 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.12.2013 at 21:57:33,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2013 01
Ran by admin (administrator) on DERDA on 14-12-2013 23:49:54
Running from C:\Users\admin\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(XIMETA, Inc.) C:\Program Files\NDAS\System\ndassvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Program Files\ProgDVB\ProgDvbService.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(KARPOLAN) C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe
(XIMETA, Inc.) C:\Program Files\NDAS\System\ndasmgmt.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(pdfforge  GmbH) C:\Program Files (x86)\PDFCreator\PDFCreator.exe
(Dr. J. Rathlev, D-24222 Schwentinental) C:\Program Files\Personal Backup 5\Persbackup.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(NewSoft) C:\Program Files (x86)\NewSoft\Presto! PVR\Monitor.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
() C:\Windows\vsnpstd3.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Crystal Dew World) C:\Users\admin\Documents\CrystalDiskInfo5_4_2x64\DiskInfoX64.exe
(Mozilla Corporation) C:\Program Files (x86)\Nightly\firefox.exe
(Qualcomm Atheros) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Farbar) C:\Users\admin\Desktop\FRST64(1).exe
(Microsoft Corporation) C:\Windows\System32\osk.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2872208 2013-02-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BtPreLoad] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe [64640 2012-11-09] ()
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [KeyboardLeds.exe] - C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe [912896 2012-09-06] (KARPOLAN)
HKCU\...\Run: [Remote Control Editor] - C:\Program Files (x86)\Common Files\TERRATEC\Remote\TTTvRc.exe [1844296 2011-11-09] (Elgato Systems)
HKCU\...\Run: [ProgLauncher] - C:\Program Files\ProgDVB\ProgLauncher.exe [569768 2013-05-15] ()
HKLM-x32\...\Run: [BakupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1960448 2013-04-05] (Dominik Reichl)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [ChangeFilterMerit] - C:\Program Files (x86)\NewSoft\Presto! PVR\ChangeFilterMerit.exe [51280 2007-06-08] (NewSoft)
HKLM-x32\...\Run: [Presto! PVR Monitor] - C:\Program Files (x86)\NewSoft\Presto! PVR\Monitor.exe [157592 2010-08-30] (NewSoft)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2013-09-29] ()
HKLM-x32\...\Run: [FixCamera] - C:\Windows\FixCamera.exe [20480 2007-07-11] ()
HKLM-x32\...\Run: [snpstd3] - C:\Windows\vsnpstd3.exe [835584 2007-05-10] ()
HKU\Default\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-07-20] (Acer Incorporated)
HKU\Default User\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-07-20] (Acer Incorporated)
HKU\foto\...\Run: [KeyboardLeds.exe] - C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe [912896 2012-09-06] (KARPOLAN)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
ShortcutTarget: Persbackup.lnk -> C:\Program Files\Personal Backup 5\Persbackup.exe (Dr. J. Rathlev, D-24222 Schwentinental)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {7D3B1BA1-E7EA-4033-8CBE-1CD5522AEC2E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {7D3B1BA1-E7EA-4033-8CBE-1CD5522AEC2E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {7D3B1BA1-E7EA-4033-8CBE-1CD5522AEC2E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {7D3B1BA1-E7EA-4033-8CBE-1CD5522AEC2E} URL = 
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} -  No File
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll ()
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll ()
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll ()
Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll ()
Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll ()
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll ()
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll ()
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Windows\SysWOW64\WowCtl2.dll (EzTools Software)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Tcpip\Parameters: [DhcpNameServer] 10.51.23.11

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\100-search-engines.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\amazonde-german.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\amazonde-wh.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\audiblecouk.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\dictionary.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\dudende-suche.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\frankfurt-kurse.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\googletranslate.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\pdf-ebook-searches.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\read-books-online.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\webster.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\wikipedia-eng.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\searchplugins\wikipedia-ssl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FireHbbTV - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\dlfr-firetv-plugin@atosorigin.com
FF Extension: Amazon Toolbar - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\FFAmazonShoppingToolbar@wangtom.com
FF Extension: HTTPS-Everywhere - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\https-everywhere@eff.org
FF Extension: Perspectives - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\perspectives@cmu.edu
FF Extension: Flashblock - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF Extension: QuickWiki - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}
FF Extension: CertPatrol - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\CertPatrol@PSYC.EU.xpi
FF Extension: pwgen - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\pwgen@alouche.net.xpi
FF Extension: requestpolicy - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\requestpolicy@requestpolicy.com.xpi
FF Extension: uriloader - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\uriloader@pdf.js.xpi
FF Extension: defaults - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi
FF Extension: noscript - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: prefs - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uih27yzg.default\Extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Nightly\firefox.exe

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [28560 2013-02-05] (ELAN Microelectronics Corp.)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-24] (Bitdefender)
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-09-29] ()
R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [11776 2013-06-13] (Olof Lagerkvist)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2013-02-05] (Intel Corporation)
R2 ndassvc; C:\Program Files\NDAS\System\ndassvc.exe [331752 2010-01-13] (XIMETA, Inc.)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 ProgDVBService; C:\Program Files\ProgDVB\ProgDVBService.exe [60840 2013-05-15] ()
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-28] (Dritek System INC.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-11-09] (Atheros)

==================== Drivers (Whitelisted) ====================

S3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [30624 2013-01-28] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-06-11] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-06-11] (BitDefender)
R2 AWEAlloc; C:\Windows\system32\DRIVERS\awealloc.sys [17488 2013-06-13] (Olof Lagerkvist)
S3 AX88179; C:\Windows\system32\DRIVERS\ax88179_178a.sys [70656 2013-01-25] (ASIX Electronics Corp.)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-10-06] (Bitdefender SRL)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-09] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-06-11] (BitDefender LLC)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R2 ImDisk; C:\Windows\system32\DRIVERS\imdisk.sys [39520 2013-06-13] (Olof Lagerkvist)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [172640 2013-03-07] (ITE                      )
R0 lfsfilt; C:\Windows\System32\DRIVERS\lfsfilt.sys [738792 2010-01-13] (XIMETA, Inc.)
S3 libusbK; C:\Windows\System32\drivers\libusbK.sys [47200 2013-03-19] (hxxp://libusb-win32.sourceforge.net)
R0 lpx; C:\Windows\System32\DRIVERS\lpx6x.sys [151528 2010-01-13] (XIMETA, Inc.)
R3 ndasbus; C:\Windows\System32\drivers\ndasbus.sys [497640 2010-01-13] (XIMETA, Inc.)
R1 ndasfat; C:\Windows\System32\DRIVERS\ndasfat.sys [607720 2010-01-13] (Windows (R) Codename Longhorn DDK provider)
R0 ndasfs; C:\Windows\System32\DRIVERS\ndasfs.sys [746472 2010-01-13] (XIMETA, Inc.)
R1 ndasrofs; C:\Windows\System32\DRIVERS\ndasrofs.sys [1053160 2010-01-13] (XIMETA, Inc.)
S3 ndasscsi; C:\Windows\System32\drivers\ndasscsi.sys [486888 2010-01-13] (XIMETA, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-28] (Dritek System Inc.)
S3 RTL2832UBDA; C:\Windows\SysWow64\drivers\RTL2832UBDA.sys [174368 2010-01-22] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWow64\Drivers\RTL2832UUSB.sys [38944 2010-01-22] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWow64\drivers\RTL2832U_IRHID.sys [44320 2009-10-05] (Realtek)
S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1051752 2012-06-02] (Realtek Semiconductor Corporation                           )
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [130960 2013-02-03] (Ray Hinchliffe)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-06-22] (BitDefender S.R.L.)
S3 ALSysIO; \??\C:\Users\admin\AppData\Local\Temp\ALSysIO64.sys [x]
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2013-06-11] (BitDefender)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz135; \??\C:\Users\admin\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
S1 HWiNFO32; \??\C:\Users\admin\AppData\Local\Temp\HWiNFO64A.SYS [x]
S3 iscFlash; \??\C:\Users\admin\AppData\Local\Temp\7zSA868.tmp\iscflashx64.sys [x]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [x]
S3 TDKLIB; \??\C:\Users\admin\AppData\Local\Temp\7zS40D4.tmp\TdkLib64.sys [x]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [x]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-14 23:48 - 2013-12-14 23:48 - 01927796 _____ (Farbar) C:\Users\admin\Desktop\FRST64(1).exe
2013-12-14 23:40 - 2013-12-14 23:40 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\admin\Downloads\tdsskiller.exe
2013-12-14 23:35 - 2013-12-14 23:35 - 12582688 _____ (Malwarebytes Corp.) C:\Users\admin\Downloads\mbar-1.07.0.1008.exe
2013-12-14 23:28 - 2013-12-14 23:29 - 02804572 _____ C:\Users\admin\Downloads\tweaking.com_windows_repair_aio.zip
2013-12-14 23:13 - 2013-12-14 23:13 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-12-14 23:00 - 2013-12-14 23:00 - 00003670 _____ C:\Users\admin\Documents\TROJ3.txt
2013-12-14 21:57 - 2013-12-14 21:57 - 00001403 _____ C:\Users\admin\Desktop\JRT.txt
2013-12-14 21:49 - 2013-12-14 21:49 - 00000000 ____D C:\Windows\ERUNT
2013-12-14 20:08 - 2013-12-14 20:08 - 01034531 _____ (Thisisu) C:\Users\admin\Desktop\JRT(2).exe
2013-12-14 20:07 - 2013-12-14 20:07 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\admin\Desktop\mbam-setup-1.75.0.1300(3).exe
2013-12-14 20:07 - 2013-12-14 20:07 - 01226802 _____ C:\Users\admin\Desktop\adwcleaner(4).exe
2013-12-14 15:50 - 2013-12-14 15:50 - 00000000 ____D C:\Program Files (x86)\Nightly
2013-12-14 08:47 - 2013-12-14 08:47 - 00602112 _____ (OldTimer Tools) C:\Users\admin\Downloads\OTL.exe
2013-12-14 01:08 - 2013-12-14 01:08 - 00001194 _____ C:\Users\admin\Desktop\RegCure Pro.lnk
2013-12-14 00:58 - 2013-12-14 00:58 - 04099344 _____ (PC Cleaners) C:\Users\admin\Downloads\pc-cleaner.exe
2013-12-14 00:57 - 2013-12-14 00:57 - 05162600 _____ (ParetoLogic, Inc.) C:\Users\admin\Downloads\Repair-tool.exe
2013-12-13 23:19 - 2013-12-13 23:19 - 00031944 _____ C:\ComboFix.txt
2013-12-13 22:55 - 2013-12-14 21:37 - 00000000 ____D C:\Program Files (x86)\Nightly.bak
2013-12-13 22:32 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2013-12-13 22:32 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2013-12-13 22:32 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2013-12-13 22:32 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2013-12-13 22:32 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2013-12-13 22:32 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2013-12-13 22:32 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2013-12-13 22:32 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-12-13 22:32 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-12-13 22:32 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-12-13 22:32 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-12-13 22:25 - 2013-12-13 22:25 - 01060575 _____ (Farbar) C:\Users\admin\Downloads\FRST.exe
2013-12-13 22:21 - 2013-12-13 22:21 - 01927462 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2013-12-13 22:05 - 2013-12-13 22:15 - 00000000 ____D C:\Users\admin\Desktop\FirefoxPortable
2013-12-13 22:01 - 2013-12-11 21:03 - 26185296 _____ (PortableApps.com) C:\Users\admin\Desktop\FirefoxPortable_26.0_German.paf.exe
2013-12-13 21:53 - 2013-12-13 21:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-13 20:38 - 2013-12-13 23:28 - 00000000 ____D C:\Users\admin\Desktop\CBS
2013-12-13 19:55 - 2013-12-13 19:55 - 00000052 _____ C:\Users\admin\Desktop\suspended23.txt
2013-12-13 19:14 - 2013-12-13 19:14 - 00000052 _____ C:\Users\admin\Desktop\suspended2.txt
2013-12-13 19:12 - 2013-12-13 19:12 - 00000052 _____ C:\Users\admin\Desktop\suspended.txt
2013-12-13 18:22 - 2013-12-14 13:13 - 00000000 ____D C:\Users\admin\Desktop\ProcessExplorer
2013-12-13 18:18 - 2013-12-13 18:20 - 00000000 ____D C:\Users\admin\Desktop\ProcessExplorerpuz
2013-12-13 18:17 - 2013-08-01 23:09 - 01191834 _____ C:\Users\admin\Desktop\ProcessExplorer.zip
2013-12-13 18:12 - 2013-12-13 18:12 - 00005965 _____ C:\Users\admin\Desktop\SystemExplorerPortable_450.zip.2
2013-12-13 18:10 - 2013-12-13 18:10 - 00005965 _____ C:\Users\admin\Desktop\SystemExplorerPortable_450.zip.1
2013-12-13 18:08 - 2013-12-13 18:08 - 00005965 _____ C:\Users\admin\Desktop\SystemExplorerPortable_450.zip
2013-12-12 23:29 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-12 23:29 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-12 23:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-12 23:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-12 23:29 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-12-12 23:29 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-12 23:29 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-12 23:29 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-12 23:28 - 2013-12-13 23:20 - 00000000 ____D C:\Qoobox
2013-12-12 23:28 - 2013-12-12 23:52 - 00000000 ____D C:\Windows\erdnt
2013-12-12 23:27 - 2013-12-12 17:49 - 05154763 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2013-12-12 20:48 - 2013-12-12 20:48 - 00006417 _____ C:\Users\admin\Downloads\TRO2.txt
2013-12-12 18:55 - 2013-12-12 18:55 - 00733521 _____ C:\Users\admin\Downloads\trogmer20131212.log
2013-12-12 17:23 - 2013-12-12 17:23 - 00377856 _____ C:\Users\admin\Downloads\gmer_2.1.19163.exe
2013-12-12 17:02 - 2013-12-12 20:48 - 00006478 _____ C:\Users\admin\Desktop\tro.txt
2013-12-12 16:37 - 2013-12-14 23:50 - 00024832 _____ C:\Users\admin\Desktop\FRST.txt
2013-12-12 16:32 - 2013-12-12 16:32 - 00000472 _____ C:\Users\admin\Downloads\defogger_disable.log
2013-12-12 16:32 - 2013-12-12 16:32 - 00000000 _____ C:\Users\admin\defogger_reenable
2013-12-12 16:31 - 2013-12-12 16:32 - 00050477 _____ C:\Users\admin\Downloads\Defogger.exe
2013-12-12 16:19 - 2013-12-12 16:35 - 00052989 _____ C:\Users\admin\Downloads\FRST.txt
2013-12-12 16:19 - 2013-12-12 16:20 - 00052128 _____ C:\Users\admin\Downloads\FRST20131212.txt
2013-12-12 16:19 - 2013-12-12 16:19 - 01927106 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2013-12-12 16:14 - 2013-12-12 16:14 - 01226802 _____ C:\Users\admin\Downloads\adwcleaner(3).exe
2013-12-12 13:03 - 2013-12-12 13:05 - 21397296 _____ (Zemana Ltd.                                                                                                                                                                                                                                                                                                 ) C:\Users\admin\Downloads\Zemana_AntiLogger_1.9.3.503.exe
2013-12-12 13:00 - 2013-12-12 13:02 - 21928088 _____ (Zemana Ltd.                                                                                                                                                                                                                                                                                                 ) C:\Users\admin\Downloads\Zemana_AntiLogger_1.9.3.506.exe
2013-12-12 12:28 - 2013-12-12 12:29 - 00343248 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 21:03 - 2013-10-25 07:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 21:03 - 2013-10-25 07:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 21:03 - 2013-10-25 07:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-12-11 21:03 - 2013-10-25 07:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 21:03 - 2013-10-25 07:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 21:03 - 2013-10-25 07:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-11 21:03 - 2013-10-25 07:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 21:03 - 2013-10-25 07:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 21:03 - 2013-10-25 07:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 21:03 - 2013-10-25 07:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-11 21:03 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 21:03 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 21:03 - 2013-10-25 05:44 - 01140736 _____ C:\Windows\SysWOW64\urlmon.dll
2013-12-11 21:03 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 21:03 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 21:03 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 21:03 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-11 21:03 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-11 21:02 - 2013-11-07 00:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 21:02 - 2013-10-19 06:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 21:02 - 2013-10-19 05:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 21:02 - 2013-10-09 02:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-12-11 21:02 - 2013-10-08 23:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-12-11 21:02 - 2013-10-08 23:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-12-11 21:02 - 2013-10-08 23:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-12-11 21:02 - 2013-10-08 23:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-12-11 21:02 - 2013-10-08 23:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-12-11 21:02 - 2013-10-08 23:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-12-11 21:02 - 2013-10-08 23:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-12-11 21:02 - 2013-10-08 23:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-12-11 21:02 - 2013-10-08 23:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-12-11 21:02 - 2013-10-08 23:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-12-11 21:02 - 2013-10-08 23:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-12-11 21:02 - 2013-10-08 23:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-12-11 21:02 - 2013-10-05 07:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2013-12-11 21:02 - 2013-10-03 23:09 - 00385528 _____ C:\Windows\system32\ApnDatabase.xml
2013-12-11 21:02 - 2013-10-02 03:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-12-11 21:02 - 2013-09-28 06:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-12-11 21:02 - 2013-09-28 04:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-12-11 21:02 - 2013-09-28 04:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 21:02 - 2013-09-19 08:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-11 21:02 - 2013-08-30 06:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2013-12-11 21:02 - 2013-08-30 06:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2013-12-11 21:02 - 2013-08-30 00:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2013-12-11 21:02 - 2013-08-30 00:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2013-12-11 21:01 - 2013-11-23 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 21:01 - 2013-11-23 06:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 21:01 - 2013-11-01 06:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 21:01 - 2013-11-01 04:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 21:01 - 2013-10-10 10:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 21:01 - 2013-10-10 10:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2013-12-11 21:01 - 2013-10-10 10:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 21:01 - 2013-10-10 10:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 21:01 - 2013-10-10 10:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 21:01 - 2013-10-10 10:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2013-12-11 21:01 - 2013-10-10 10:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-10 21:56 - 2013-12-10 21:56 - 02520814 _____ (Dominik Reichl                                              ) C:\Users\admin\Downloads\KeePass-2.24-Setup.exe
2013-12-10 21:43 - 2013-12-10 21:45 - 29704568 _____ (Mozilla) C:\Users\admin\Downloads\firefox-29.0a1.en-US.win32.installer.exe
2013-12-02 00:14 - 2013-12-02 00:40 - 00003464 _____ C:\Users\admin\Documents\sonya7.txt
2013-11-29 23:18 - 2013-11-29 23:18 - 02762264 _____ (Sony Corporation) C:\Users\admin\Downloads\PMHOME_3021DL.exe
2013-11-28 00:28 - 2013-12-12 15:47 - 00001123 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
2013-11-28 00:27 - 2013-12-10 21:47 - 00001093 _____ C:\Users\Public\Desktop\Nightly.lnk
2013-11-27 22:15 - 2013-11-27 22:15 - 00001109 _____ C:\Users\Public\Desktop\FastStone Image Viewer.lnk
2013-11-27 22:14 - 2013-11-27 22:14 - 05614716 _____ C:\Users\admin\Downloads\FSViewerSetup49(1).exe
2013-11-23 10:54 - 2013-11-23 10:54 - 00001869 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2013-11-23 10:32 - 2013-11-23 11:07 - 381421623 _____ C:\Users\admin\Downloads\kav_rescue_10.iso
2013-11-23 10:31 - 2013-11-23 11:03 - 513658880 _____ C:\Users\admin\Downloads\bitdefender-rescue-cd.iso
2013-11-23 10:28 - 2013-11-23 10:29 - 15507456 _____ C:\Users\admin\Downloads\dban-2.2.8_i586.iso
2013-11-23 10:21 - 2013-11-23 10:21 - 01225161 _____ (pendrivelinux.com) C:\Users\admin\Downloads\YUMI-1.9.9.6B.exe
2013-11-23 01:03 - 2013-11-23 01:03 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-21 23:18 - 2013-11-21 23:18 - 00007812 _____ C:\Users\admin\Documents\2013-antjeabschied.wlmp
2013-11-21 23:01 - 2013-12-10 21:51 - 00000000 ____D C:\ProgramData\ClassicShell
2013-11-21 22:49 - 2013-11-21 22:49 - 00001035 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-11-21 22:49 - 2013-04-09 15:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2013-11-21 22:49 - 2013-01-09 15:52 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2013-11-21 22:49 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2013-11-21 22:49 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2013-11-21 22:49 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2013-11-21 22:49 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2013-11-21 22:43 - 2013-11-21 22:43 - 17810632 _____ (pdfforge GmbH) C:\Users\admin\Downloads\PDFCreator-1_7_1_setup(1).exe
2013-11-17 22:47 - 2013-11-17 22:47 - 05368984 _____ C:\Users\admin\Downloads\mypr-win-3_1_0-ea11_2(2).exe
2013-11-17 22:47 - 2013-11-17 22:47 - 00001808 _____ C:\Users\Public\Desktop\Canon My Printer.lnk
2013-11-17 22:47 - 2013-11-17 22:47 - 00000000 ____D C:\Program Files\Canon
2013-11-17 22:47 - 2013-11-17 22:47 - 00000000 ____D C:\Program Files (x86)\Canon
2013-11-16 19:08 - 2013-11-16 19:08 - 05614716 _____ C:\Users\admin\Downloads\FSViewerSetup49.exe
2013-11-15 19:19 - 2013-11-27 23:09 - 00000000 ____D C:\Users\admin\AppData\Roaming\XnViewMP
2013-11-15 19:18 - 2013-11-15 19:21 - 00000000 ____D C:\Program Files\XnViewMP
2013-11-15 19:18 - 2013-11-15 19:18 - 00001614 _____ C:\Users\admin\Desktop\XnViewMP.lnk
2013-11-14 23:53 - 2013-11-14 23:53 - 01159088 _____ (Gougelet Pierre-e                                           ) C:\Users\admin\Downloads\XnShellEx64.exe
2013-11-14 23:52 - 2013-11-14 23:52 - 17698833 _____ C:\Users\admin\Downloads\XnSketch-win-x64.zip
2013-11-14 23:52 - 2013-11-14 23:52 - 17698833 _____ C:\Users\admin\Downloads\XnSketch-win-x64(1).zip
2013-11-14 23:50 - 2013-11-14 23:51 - 27255484 _____ C:\Users\admin\Downloads\XnViewMP-win-x64.zip
2013-11-14 23:49 - 2013-11-14 23:51 - 22475336 _____ (Gougelet Pierre-e                                           ) C:\Users\admin\Downloads\XnViewMP-win-x64.exe
2013-11-14 23:47 - 2013-11-14 23:48 - 13829599 _____ C:\Users\admin\Downloads\XnConvert-win-x64.zip
2013-11-14 23:47 - 2013-11-14 23:48 - 12613187 _____ (Gougelet Pierre-e                                           ) C:\Users\admin\Downloads\XnConvert-win-x64.exe
2013-11-14 23:41 - 2013-12-04 01:53 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-14 23:41 - 2013-12-04 01:53 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== One Month Modified Files and Folders =======

2013-12-14 23:50 - 2013-12-12 16:37 - 00024832 _____ C:\Users\admin\Desktop\FRST.txt
2013-12-14 23:48 - 2013-12-14 23:48 - 01927796 _____ (Farbar) C:\Users\admin\Desktop\FRST64(1).exe
2013-12-14 23:48 - 2013-03-08 23:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-14 23:40 - 2013-12-14 23:40 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\admin\Downloads\tdsskiller.exe
2013-12-14 23:35 - 2013-12-14 23:35 - 12582688 _____ (Malwarebytes Corp.) C:\Users\admin\Downloads\mbar-1.07.0.1008.exe
2013-12-14 23:32 - 2013-08-22 20:22 - 01096005 _____ C:\Windows\WindowsUpdate.log
2013-12-14 23:29 - 2013-12-14 23:28 - 02804572 _____ C:\Users\admin\Downloads\tweaking.com_windows_repair_aio.zip
2013-12-14 23:13 - 2013-12-14 23:13 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-12-14 23:13 - 2013-02-02 11:03 - 00000000 ____D C:\Users\admin\AppData\Local\FreePDF_XP
2013-12-14 23:12 - 2013-10-10 19:39 - 00065536 ___SH C:\Users\admin\Desktop\Thumbs.db
2013-12-14 23:12 - 2013-03-31 20:39 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2013-12-14 23:12 - 2013-03-31 20:19 - 00017408 _____ C:\Windows\SysWOW64\rpcnetp.dll
2013-12-14 23:11 - 2013-03-31 20:18 - 00029336 _____ C:\Windows\system32\wpbbin.exe
2013-12-14 23:11 - 2013-03-31 20:18 - 00017408 _____ C:\Windows\SysWOW64\rpcnetp.exe
2013-12-14 23:11 - 2013-03-31 20:18 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2013-12-14 23:11 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-14 23:10 - 2013-11-03 00:21 - 00000000 ____D C:\Users\admin\AppData\Roaming\ClassicShell
2013-12-14 23:02 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-12-14 23:00 - 2013-12-14 23:00 - 00003670 _____ C:\Users\admin\Documents\TROJ3.txt
2013-12-14 22:12 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-12-14 21:57 - 2013-12-14 21:57 - 00001403 _____ C:\Users\admin\Desktop\JRT.txt
2013-12-14 21:49 - 2013-12-14 21:49 - 00000000 ____D C:\Windows\ERUNT
2013-12-14 21:45 - 2013-10-03 20:33 - 00009422 _____ C:\Windows\PFRO.log
2013-12-14 21:45 - 2013-01-23 21:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-14 21:44 - 2013-08-22 18:30 - 00000000 ____D C:\AdwCleaner
2013-12-14 21:37 - 2013-12-13 22:55 - 00000000 ____D C:\Program Files (x86)\Nightly.bak
2013-12-14 20:13 - 2013-11-01 21:33 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-14 20:13 - 2013-08-22 18:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-14 20:08 - 2013-12-14 20:08 - 01034531 _____ (Thisisu) C:\Users\admin\Desktop\JRT(2).exe
2013-12-14 20:07 - 2013-12-14 20:07 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\admin\Desktop\mbam-setup-1.75.0.1300(3).exe
2013-12-14 20:07 - 2013-12-14 20:07 - 01226802 _____ C:\Users\admin\Desktop\adwcleaner(4).exe
2013-12-14 15:50 - 2013-12-14 15:50 - 00000000 ____D C:\Program Files (x86)\Nightly
2013-12-14 13:13 - 2013-12-13 18:22 - 00000000 ____D C:\Users\admin\Desktop\ProcessExplorer
2013-12-14 08:47 - 2013-12-14 08:47 - 00602112 _____ (OldTimer Tools) C:\Users\admin\Downloads\OTL.exe
2013-12-14 01:13 - 2013-01-23 22:03 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2013-12-14 01:08 - 2013-12-14 01:08 - 00001194 _____ C:\Users\admin\Desktop\RegCure Pro.lnk
2013-12-14 00:58 - 2013-12-14 00:58 - 04099344 _____ (PC Cleaners) C:\Users\admin\Downloads\pc-cleaner.exe
2013-12-14 00:57 - 2013-12-14 00:57 - 05162600 _____ (ParetoLogic, Inc.) C:\Users\admin\Downloads\Repair-tool.exe
2013-12-13 23:30 - 2012-08-28 17:27 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-12-13 23:30 - 2012-08-28 17:27 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-12-13 23:30 - 2012-07-26 08:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-13 23:28 - 2013-12-13 20:38 - 00000000 ____D C:\Users\admin\Desktop\CBS
2013-12-13 23:20 - 2013-12-12 23:28 - 00000000 ____D C:\Qoobox
2013-12-13 23:19 - 2013-12-13 23:19 - 00031944 _____ C:\ComboFix.txt
2013-12-13 23:07 - 2012-07-26 06:26 - 00000215 _____ C:\Windows\system.ini
2013-12-13 22:36 - 2013-08-23 20:34 - 00522539 _____ C:\Windows\setupact.log
2013-12-13 22:34 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-12-13 22:29 - 2013-08-14 16:19 - 00000000 ____D C:\Windows\system32\MRT
2013-12-13 22:27 - 2013-01-23 21:20 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 22:25 - 2013-12-13 22:25 - 01060575 _____ (Farbar) C:\Users\admin\Downloads\FRST.exe
2013-12-13 22:23 - 2013-01-23 21:45 - 00000000 ____D C:\Users\admin\AppData\Roaming\Mozilla
2013-12-13 22:21 - 2013-12-13 22:21 - 01927462 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2013-12-13 22:15 - 2013-12-13 22:05 - 00000000 ____D C:\Users\admin\Desktop\FirefoxPortable
2013-12-13 21:53 - 2013-12-13 21:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-13 20:01 - 2013-03-31 20:39 - 00069792 ____N (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
2013-12-13 19:55 - 2013-12-13 19:55 - 00000052 _____ C:\Users\admin\Desktop\suspended23.txt
2013-12-13 19:14 - 2013-12-13 19:14 - 00000052 _____ C:\Users\admin\Desktop\suspended2.txt
2013-12-13 19:12 - 2013-12-13 19:12 - 00000052 _____ C:\Users\admin\Desktop\suspended.txt
2013-12-13 18:20 - 2013-12-13 18:18 - 00000000 ____D C:\Users\admin\Desktop\ProcessExplorerpuz
2013-12-13 18:12 - 2013-12-13 18:12 - 00005965 _____ C:\Users\admin\Desktop\SystemExplorerPortable_450.zip.2
2013-12-13 18:10 - 2013-12-13 18:10 - 00005965 _____ C:\Users\admin\Desktop\SystemExplorerPortable_450.zip.1
2013-12-13 18:08 - 2013-12-13 18:08 - 00005965 _____ C:\Users\admin\Desktop\SystemExplorerPortable_450.zip
2013-12-12 23:52 - 2013-12-12 23:28 - 00000000 ____D C:\Windows\erdnt
2013-12-12 20:48 - 2013-12-12 20:48 - 00006417 _____ C:\Users\admin\Downloads\TRO2.txt
2013-12-12 20:48 - 2013-12-12 17:02 - 00006478 _____ C:\Users\admin\Desktop\tro.txt
2013-12-12 18:55 - 2013-12-12 18:55 - 00733521 _____ C:\Users\admin\Downloads\trogmer20131212.log
2013-12-12 17:49 - 2013-12-12 23:27 - 05154763 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2013-12-12 17:23 - 2013-12-12 17:23 - 00377856 _____ C:\Users\admin\Downloads\gmer_2.1.19163.exe
2013-12-12 16:35 - 2013-12-12 16:19 - 00052989 _____ C:\Users\admin\Downloads\FRST.txt
2013-12-12 16:32 - 2013-12-12 16:32 - 00000472 _____ C:\Users\admin\Downloads\defogger_disable.log
2013-12-12 16:32 - 2013-12-12 16:32 - 00000000 _____ C:\Users\admin\defogger_reenable
2013-12-12 16:32 - 2013-12-12 16:31 - 00050477 _____ C:\Users\admin\Downloads\Defogger.exe
2013-12-12 16:32 - 2013-01-23 20:14 - 00000000 ____D C:\Users\admin
2013-12-12 16:20 - 2013-12-12 16:19 - 00052128 _____ C:\Users\admin\Downloads\FRST20131212.txt
2013-12-12 16:19 - 2013-12-12 16:19 - 01927106 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2013-12-12 16:14 - 2013-12-12 16:14 - 01226802 _____ C:\Users\admin\Downloads\adwcleaner(3).exe
2013-12-12 15:47 - 2013-11-28 00:28 - 00001123 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
2013-12-12 13:27 - 2013-11-03 00:22 - 00000000 ____D C:\Users\admin\AppData\Local\Sidebar7
2013-12-12 13:26 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-12-12 13:07 - 2013-08-23 17:44 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2013-12-12 13:05 - 2013-12-12 13:03 - 21397296 _____ (Zemana Ltd.                                                                                                                                                                                                                                                                                                 ) C:\Users\admin\Downloads\Zemana_AntiLogger_1.9.3.503.exe
2013-12-12 13:02 - 2013-12-12 13:00 - 21928088 _____ (Zemana Ltd.                                                                                                                                                                                                                                                                                                 ) C:\Users\admin\Downloads\Zemana_AntiLogger_1.9.3.506.exe
2013-12-12 12:29 - 2013-12-12 12:28 - 00343248 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 12:00 - 2013-08-23 17:48 - 00000000 ____D C:\Program Files\Personal Backup 5
2013-12-12 11:57 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2013-12-11 21:22 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\system32\oobe
2013-12-11 21:03 - 2013-12-13 22:01 - 26185296 _____ (PortableApps.com) C:\Users\admin\Desktop\FirefoxPortable_26.0_German.paf.exe
2013-12-10 22:38 - 2013-02-27 21:17 - 00000000 ____D C:\Users\admin\AppData\Roaming\KeePass
2013-12-10 21:56 - 2013-12-10 21:56 - 02520814 _____ (Dominik Reichl                                              ) C:\Users\admin\Downloads\KeePass-2.24-Setup.exe
2013-12-10 21:51 - 2013-11-21 23:01 - 00000000 ____D C:\ProgramData\ClassicShell
2013-12-10 21:48 - 2013-03-08 23:19 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 21:47 - 2013-11-28 00:27 - 00001093 _____ C:\Users\Public\Desktop\Nightly.lnk
2013-12-10 21:45 - 2013-12-10 21:43 - 29704568 _____ (Mozilla) C:\Users\admin\Downloads\firefox-29.0a1.en-US.win32.installer.exe
2013-12-10 20:18 - 2013-10-14 14:36 - 00000889 _____ C:\Users\Public\Desktop\Personal Backup 5.lnk
2013-12-10 11:51 - 2013-08-23 17:52 - 00000000 ____D C:\Users\admin\Documents\PersBackup
2013-12-04 01:53 - 2013-11-14 23:41 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-04 01:53 - 2013-11-14 23:41 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-02 00:40 - 2013-12-02 00:14 - 00003464 _____ C:\Users\admin\Documents\sonya7.txt
2013-12-01 19:00 - 2013-02-02 12:30 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc
2013-12-01 18:39 - 2013-01-26 11:13 - 00000000 ____D C:\ProgramData\VMware
2013-12-01 18:37 - 2013-01-26 11:47 - 00000000 ____D C:\Users\admin\AppData\Roaming\VMware
2013-11-29 23:18 - 2013-11-29 23:18 - 02762264 _____ (Sony Corporation) C:\Users\admin\Downloads\PMHOME_3021DL.exe
2013-11-29 21:27 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2013-11-27 23:09 - 2013-11-15 19:19 - 00000000 ____D C:\Users\admin\AppData\Roaming\XnViewMP
2013-11-27 22:15 - 2013-11-27 22:15 - 00001109 _____ C:\Users\Public\Desktop\FastStone Image Viewer.lnk
2013-11-27 22:14 - 2013-11-27 22:14 - 05614716 _____ C:\Users\admin\Downloads\FSViewerSetup49(1).exe
2013-11-23 11:07 - 2013-11-23 10:32 - 381421623 _____ C:\Users\admin\Downloads\kav_rescue_10.iso
2013-11-23 11:03 - 2013-11-23 10:31 - 513658880 _____ C:\Users\admin\Downloads\bitdefender-rescue-cd.iso
2013-11-23 10:54 - 2013-11-23 10:54 - 00001869 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2013-11-23 10:29 - 2013-11-23 10:28 - 15507456 _____ C:\Users\admin\Downloads\dban-2.2.8_i586.iso
2013-11-23 10:21 - 2013-11-23 10:21 - 01225161 _____ (pendrivelinux.com) C:\Users\admin\Downloads\YUMI-1.9.9.6B.exe
2013-11-23 07:43 - 2013-12-11 21:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-23 06:05 - 2013-12-11 21:01 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 01:03 - 2013-11-23 01:03 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-21 23:36 - 2013-01-23 20:20 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3276366552-786151760-3577432824-1001
2013-11-21 23:18 - 2013-11-21 23:18 - 00007812 _____ C:\Users\admin\Documents\2013-antjeabschied.wlmp
2013-11-21 23:01 - 2013-06-25 21:16 - 00000000 ____D C:\Users\admin\AppData\Local\Windows Live
2013-11-21 22:49 - 2013-11-21 22:49 - 00001035 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-11-21 22:49 - 2013-05-12 22:37 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-11-21 22:43 - 2013-11-21 22:43 - 17810632 _____ (pdfforge GmbH) C:\Users\admin\Downloads\PDFCreator-1_7_1_setup(1).exe
2013-11-19 11:21 - 2013-03-08 21:05 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-17 22:48 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-17 22:47 - 2013-11-17 22:47 - 05368984 _____ C:\Users\admin\Downloads\mypr-win-3_1_0-ea11_2(2).exe
2013-11-17 22:47 - 2013-11-17 22:47 - 00001808 _____ C:\Users\Public\Desktop\Canon My Printer.lnk
2013-11-17 22:47 - 2013-11-17 22:47 - 00000000 ____D C:\Program Files\Canon
2013-11-17 22:47 - 2013-11-17 22:47 - 00000000 ____D C:\Program Files (x86)\Canon
2013-11-17 00:40 - 2013-07-12 23:19 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe
2013-11-16 22:43 - 2013-08-23 21:52 - 00001021 _____ C:\Users\admin\Documents\dependednd.txt
2013-11-16 19:08 - 2013-11-16 19:08 - 05614716 _____ C:\Users\admin\Downloads\FSViewerSetup49.exe
2013-11-15 19:21 - 2013-11-15 19:18 - 00000000 ____D C:\Program Files\XnViewMP
2013-11-15 19:18 - 2013-11-15 19:18 - 00001614 _____ C:\Users\admin\Desktop\XnViewMP.lnk
2013-11-14 23:53 - 2013-11-14 23:53 - 01159088 _____ (Gougelet Pierre-e                                           ) C:\Users\admin\Downloads\XnShellEx64.exe
2013-11-14 23:52 - 2013-11-14 23:52 - 17698833 _____ C:\Users\admin\Downloads\XnSketch-win-x64.zip
2013-11-14 23:52 - 2013-11-14 23:52 - 17698833 _____ C:\Users\admin\Downloads\XnSketch-win-x64(1).zip
2013-11-14 23:51 - 2013-11-14 23:50 - 27255484 _____ C:\Users\admin\Downloads\XnViewMP-win-x64.zip
2013-11-14 23:51 - 2013-11-14 23:49 - 22475336 _____ (Gougelet Pierre-e                                           ) C:\Users\admin\Downloads\XnViewMP-win-x64.exe
2013-11-14 23:48 - 2013-11-14 23:47 - 13829599 _____ C:\Users\admin\Downloads\XnConvert-win-x64.zip
2013-11-14 23:48 - 2013-11-14 23:47 - 12613187 _____ (Gougelet Pierre-e                                           ) C:\Users\admin\Downloads\XnConvert-win-x64.exe
2013-11-14 23:35 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-11-14 23:34 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\procexp64.exe
C:\Users\admin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 12:15

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


adition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2013 01
Ran by admin at 2013-12-14 23:50:27
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

==================== Installed Programs ======================

 clear.fi SDK - Video 2 (x32 Version: 2.1.1910)
 clear.fi SDK- Movie 2 (x32 Version: 2.1.1910)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
8GadgetPack (x32 Version: 6.0.0)
Acer Backup Manager (x32 Version: 4.0.0.0053)
Acer Device Fast-lane (Version: 1.00.3003)
Acer Power Management (Version: 7.00.3003)
Acer Recovery Management (Version: 6.00.3006)
Acer System Information (x32 Version: 1.0.0)
AcerCloud (x32 Version: 2.01.3112)
AcerCloud Docs (x32 Version: 1.00.3103)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98)
AIDA64 Extreme Edition v2.80 (x32 Version: 2.80)
Aloha TriPeaks (x32 Version: 2.2.0.98)
Amazon Kindle (HKCU)
ArcSoft TotalMedia 3.5 (x32 Version: 3.5.28.322)
Audacity 2.0.3 (x32 Version: 2.0.3)
AviSynth 2.5 (x32)
AVStoDVD 2.7.0 (x32 Version: 2.7.0)
AX88179_AX88178A Windows 8 Drivers (x32 Version: 1.0.0.0)
Backup Manager v4 (x32 Version: 4.0.0.0053)
Bejeweled 3 (x32 Version: 2.2.0.98)
Bitdefender Antivirus Free Edition (Version: 1.0.21.1099)
BlueStacks App Player (x32 Version: 0.7.17.916)
BlueStacks Notification Center (x32 Version: 0.7.17.916)
Bonjour (Version: 2.0.4.0)
Broadcom Card Reader Driver Installer (Version: 15.4.4.2)
Cam to Scan Version 2 (x32)
Canon iP5200
Canon My Printer (x32 Version: 3.1.0)
CCleaner (Version: 4.04)
Cinergy T Stick Driver Installation (64 Bit) (x32 Version: 8.08.18.01)
Cinergy T Stick Dual RC Driver Installation (64 Bit) (x32 Version: 9.06.3.01)
Classic Shell (Version: 4.0.2)
Core Temp 1.0 RC4 (Version: 1.0)
CPUID CPU-Z 1.64.0
CPUID HWMonitor 1.21
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819)
D3DX10 (x32 Version: 15.4.2368.0902)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98)
DVBViewer TERRATEC Edition (x32)
DVDInfoPro (x32)
ETDWare PS/2-X64 11.6.8.001_WHQL (Version: 11.6.8.001)
FastStone Image Viewer 4.9 (x32 Version: 4.9)
ffdshow x64 v1.3.4515 [2013-06-12] (Version: 1.3.4515.0)
Final Drive: Nitro (x32 Version: 2.2.0.95)
Fotogalerie (x32 Version: 16.4.3508.0205)
Free Audio CD to MP3 Converter version 1.3.12.1228 (x32 Version: 1.3.12.1228)
Free HTML5 Video Player and Converter version 5.0.26.622 (x32 Version: 5.0.26.622)
Free Video Dub version 2.0.19.622 (x32 Version: 2.0.19.622)
FreeCommander 2009.02b (x32 Version: 2009.02)
FreePDF (Remove only) (x32)
GIMP 2.8.2 (Version: 2.8.2)
Git version 1.8.4-preview20130916 (x32 Version: 1.8.4-preview20130916)
GnuWin32: Wget-1.11.4-1 (x32 Version: 1.11.4-1)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110)
GPL Ghostscript (Version: 9.10)
Haali Media Splitter (x32)
HD Tune 2.55 (x32)
Hugin 2012.0.0 (x32 Version: 2012.0.0 hg_a6e4184ad538)
Identity Card (x32 Version: 2.00.3002)
Image Data Converter (x32 Version: 4.0.01.09151)
ImDisk Virtual Disk Driver
ImgBurn (x32 Version: 2.5.8.0)
Inkscape 0.48.4 (x32 Version: 0.48.4)
inSSIDer (x32 Version: 2.1.6)
inSSIDer 3 (x32 Version: 3.0.6.42)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2867)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.0.1207)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
IrfanView (remove only) (x32 Version: 4.35)
Island Tribe (x32 Version: 2.2.0.98)
Java 7 Update 13 (64-bit) (Version: 7.0.130)
Jewel Match 3 (x32 Version: 2.2.0.98)
John Deere Drive Green (x32 Version: 2.2.0.95)
K!TV (x32 Version: 2.3.0.1)
KeePass Password Safe 2.22 (x32)
Keyboard LEDs (x32 Version: 2.7)
Launch Manager (x32 Version: 7.0.4)
LAV Filters 0.53.2 (x32 Version: 0.53.2)
LibreOffice 4.0.0.3 (x32 Version: 4.0.0.3)
Live Updater (x32 Version: 2.00.3004)
Magic Academy (x32 Version: 2.2.0.98)
Makehuman (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0)
Mozilla Maintenance Service (x32 Version: 29.0a1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
MyWinLocker (Version: 4.0.14.35)
MyWinLocker 4 (x32 Version: 4.0.14.35)
MyWinLocker Suite (x32 Version: 4.0.14.24)
NDAS Software 3.72.2080 (Version: 3.72.2080)
Nightly 29.0a1 (x86 en-US) (x32 Version: 29.0a1)
Norton Online Backup (x32 Version: 2.2.3.45)
Norton Online Backup ARA (x32 Version: 4.1.0.10)
Notepad++ (x32 Version: 6.4.5)
NOXON DAB Player (x32 Version: 1.1.0)
NOXON DAB Stick (64 Bit) (x32 Version: 64.001.0521.2012)
Oracle VM VirtualBox 4.3.0 (Version: 4.3.0)
PDF Architect (x32 Version: 1.1.83.9982)
PDFCreator (x32 Version: 1.7.1)
Penguins! (x32 Version: 2.2.0.98)
PerformanceTest v8.0 (Version: 8.0.1020.0)
Personal Backup 5.5 (Version: 5.3)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
Picasa 3 (x32 Version: 3.9)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
PMB (x32 Version: 5.8.00.09123)
Polar Bowler (x32 Version: 2.2.0.97)
Presto! PVR (x32 Version: 5.75.05)
ProgDVB x64 (Version: 6.9x)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.214)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (x32 Version: 11.30)
RdClient (x32 Version: 1.0.8)
REALTEK DTV USB DEVICE (x32 Version: 1.00.0000)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6657)
RedMon - Redirection Port Monitor
RegCure Pro (x32 Version: 3.1.2.0)
Shared C Run-time for x64 (Version: 10.0.0)
Shredder (Version: 2.0.8.9)
Shredder (x32 Version: 2.0.8.9)
SketchUp 8 (x32 Version: 3.0.16944)
Skillstraining (x32)
SN9C120_112 (x32 Version: 5.18.1209.102)
Spotify (x32 Version: 0.8.4.99.ga249b5f1)
StreamTransport version: 1.0.2.2171 (x32)
Tales of Lagoona (x32 Version: 2.2.0.110)
TechPowerUp GPU-Z (x32)
TERRATEC CINERGY T Stick DUAL RC (64 Bit) (x32 Version: 9.06.3.01)
TERRATEC CINERGY T Stick DUAL RC Rev.2 (64 Bit) (x32 Version: 11.9.2.1)
TERRATEC Cinergy T Stick RC (64 Bit) (x32 Version: 64.1.1129.2011)
TerraTec Home Cinema (x32 Version: 6.25.6)
THC Codec Patch (x32 Version: 1.00.0000)
THC codec patch (x32 Version: 1.00.0000)
TortoiseGit 1.8.5.0 (64 bit) (Version: 1.8.5.0)
TreeSize Free V2.7 (x32 Version: 2.7)
TrueCrypt (x32 Version: 7.1a)
UFRaw 0.19.2 (x32)
Ultra Defragmenter (x32 Version: 6.0.0)
UltraISO Premium V9.32 (x32)
Update Installer for WildTangent Games App (x32)
USB PC Camera (SN9C102) (x32 Version: 4.7.7.0)
Visual Studio 2005 Tools for Office Second Edition Runtime (x32)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (x32 Version: 1)
VLC media player 2.1.1 (x32 Version: 2.1.1)
WildTangent Games (x32 Version: 1.0.3.0)
WildTangent Games App (x32 Version: 4.0.9.3)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows-Treiberpaket - TerraTec  (AF15BDA) Media  (05/18/2009 9.06.03.01) (Version: 05/18/2009 9.06.03.01)
Windows-Treiberpaket - TerraTec  (AF9035BDA) Media  (05/18/2009 8.08.18.01) (Version: 05/18/2009 8.08.18.01)
Windows-Treiberpaket - TERRATEC  (AF9035BDA) Media  (11/05/2009 9.6.3.1) (Version: 11/05/2009 9.6.3.1)
Windows-Treiberpaket - TERRATEC  (RTL2832U_IRHID) HIDClass  (12/15/2011 8664.003.0925.2009) (Version: 12/15/2011 8664.003.0925.2009)
Windows-Treiberpaket - TERRATEC  (RTL2832UUSB) MEDIA  (11/29/2011 64.001.1129.2011) (Version: 11/29/2011 64.001.1129.2011)
Windows-Treiberpaket - TERRATEC (AF15BDA) Media  (05/18/2009 9.06.03.01) (Version: 05/18/2009 9.06.03.01)
Windows-Treiberpaket - TERRATEC (IT9135BDA) Media  (09/02/2011 11.9.2.1) (Version: 09/02/2011 11.9.2.1)
Windows-Treiberpaket - TERRATEC (RTL2832UUSB) MEDIA  (05/21/2012 64.001.0521.2012) (Version: 05/21/2012 64.001.0521.2012)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001)
Wireshark 1.8.6 (64-bit) (x32 Version: 1.8.6)
XnViewMP 0.61 (Version: 0.61)
Zuma's Revenge (x32 Version: 2.2.0.98)

==================== Restore Points  =========================

20-11-2013 22:53:39 Geplanter Prüfpunkt
01-12-2013 19:23:54 Geplanter Prüfpunkt
10-12-2013 11:41:04 Geplanter Prüfpunkt
12-12-2013 22:29:12 ComboFix created restore point

==================== Hosts content: ==========================

2012-07-26 06:26 - 2013-12-12 23:44 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {01984494-8848-4288-B3B8-C48264B88AFF} - System32\Tasks\CrystalDiskInfo => C:\Users\admin\Documents\CrystalDiskInfo5_4_2x64\DiskInfoX64.exe [2013-03-05] (Crystal Dew World)
Task: {0CD494AF-78C6-40F9-8C16-6C058D15EB58} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-07-31] (Acer Incorporated)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - \Microsoft\Windows\Live\Roaming\SynchronizeWithStorage No Task File
Task: {510BB3AF-AF29-406B-88A6-A9449670A4D1} - \BrowserDefendert No Task File
Task: {6F82D1D8-5D83-4DC7-BF67-60944488AF3C} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {6FBBFD5D-9514-444B-BD86-CB24DF753824} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {9F39D0D0-8203-4EBA-A623-3824CF0CCBB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-17] (Adobe Systems Incorporated)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - \Microsoft\Windows\Live\Roaming\MaintenanceTask No Task File
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D9F95F08-ACB2-4C7B-A33E-A73D0376FFD8} - \EPUpdater No Task File
Task: {DEEA7354-7334-4478-845F-EC754D684B9C} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {ECE21747-3A39-4818-99A8-5B245A368889} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PmmUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {F6459C0E-44ED-43D3-8CC7-8BB90D0D6A0B} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-29] ()
Task: {F80F21BD-0FFA-41E4-8FF7-547A674C6F0E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-24 16:24 - 2013-10-24 16:24 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2013-08-18 18:11 - 2013-08-18 18:11 - 00677016 _____ () C:\Program Files\TortoiseGit\bin\libgit2.dll
2013-08-18 18:11 - 2013-08-18 18:11 - 00087704 _____ () C:\Program Files\TortoiseGit\bin\zlib1.dll
2013-09-30 19:02 - 2013-09-16 11:15 - 00718377 _____ () C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll
2012-08-10 04:20 - 2012-07-30 13:30 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-01-13 13:29 - 2010-01-13 13:29 - 00256512 _____ () C:\Program Files\NDAS\System\ndasmgmt.enu.dll
2012-11-09 16:06 - 2012-11-09 16:06 - 00384128 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ContactsApi.dll
2012-11-09 16:01 - 2012-11-09 16:01 - 00020992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-11-09 16:04 - 2012-11-09 16:04 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-07-31 00:04 - 2012-07-31 00:04 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2013-11-21 22:49 - 2013-02-14 11:29 - 11010048 _____ () C:\Program Files (x86)\PDFCreator\GS9.07\gs9.07\Bin\gsdll32.dll
2013-12-14 15:50 - 2013-12-14 15:50 - 03653744 _____ () C:\Program Files (x86)\Nightly\mozjs.dll
2012-08-28 07:45 - 2013-02-05 19:31 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\admin\Desktop\adwcleaner(4).exe:BDU
AlternateDataStreams: C:\Users\admin\Desktop\ComboFix.exe:BDU
AlternateDataStreams: C:\Users\admin\Desktop\FirefoxPortable_26.0_German.paf.exe:BDU
AlternateDataStreams: C:\Users\admin\Desktop\FRST64(1).exe:BDU
AlternateDataStreams: C:\Users\admin\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\admin\Desktop\JRT(2).exe:BDU
AlternateDataStreams: C:\Users\admin\Desktop\mbam-setup-1.75.0.1300(3).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\adwcleaner(1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\adwcleaner(2).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\adwcleaner(3).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\adwcleaner.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\adwcleaner_3.0.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\AntiLoggerFree_Setup_1.6.2.245.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\audacity-win-2.0.3(1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\audacity-win-2.0.3.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\AVStoDVD_270_Install.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\ccsetup404(1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\ccsetup404.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\CINERGY_T_Stick_DUAL_RC_Driver_Setup_9.06.3.01_Vista_7_8_64Bit(1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\CINERGY_T_Stick_DUAL_RC_Driver_Setup_9.06.3.01_XP_Vista_7_8_32Bit(1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\CINERGY_T_Stick_DUAL_RC_Rev.2_Driver_Setup_11.9.2.1_Vista_7_8_64Bit.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\CINERGY_T_Stick_DUAL_RC_Rev.2_Driver_Setup_11.9.2.1_XP_Vista_7_8_32Bit(1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\CINERGY_T_Stick_DUAL_RC_Rev.2_Driver_Setup_11.9.2.1_XP_Vista_7_8_32Bit.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\ClassicShellSetup_4_0_2.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\ComboFix(1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\ComboFix.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\cpu-z_1.64-setup-en.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Defogger.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\devio.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\DVBViewer_TERRATEC_Edition_8.0.33(5).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\DVBViewer_TERRATEC_Edition_8.0.33(6).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\eppx-win-4_1_6-de.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\ffdshow_rev4515_20130612_clsid_x64.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\FFmpeg_v0.6.2_for_Audacity_on_Windows.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\firefox-29.0a1.en-US.win32.installer.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Flirc.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\FreeAudioCDToMP3Converter_1.3.12.1228(2).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\FreeHTML5VideoPlayerAndConverter.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\FreeVideoDub.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\FRST.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\FSViewerSetup49.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\gmer_2.1.19163.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\GPSBabel-1.4.4-Setup.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\gs909w32.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\gs910w64.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\HWVendorDetection.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\imdiskinst(2).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\JRT(1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\JRT.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\KeePass-2.22-Setup.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\KeePass-2.24-Setup.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Lame_v3.99.3_for_Windows.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\makehuman-1.0a7-win32.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\mbam-setup-1.75.0.1300(2).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\mbam-setup-1.75.0.1300.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\mbar-1.07.0.1008.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\mypr-win-3_1_0-ea11_2(1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\mypr-win-3_1_0-ea11_2(2).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\mypr-win-3_1_0-ea11_2.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\OTL.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\pb-setup-x64-5.5.0001.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\pc-cleaner.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\PDFCreator-1_7_0_setup.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\PDFCreator-1_7_1_setup(1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\PDFCreator-1_7_1_setup.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\PDF_Architect_Installer_1.1.83(1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\PDF_Architect_Installer_1.1.83.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\PMHOME_3021DL.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\ProgDVB5.16.2Std.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\ProgDVB6.61.1x64.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\ProgDVB6.93.1x64(1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\ProgDVB6.93.1x64.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Repair-tool.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\SRD20_Installer0810a.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\tdsskiller.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\TERRATEC_Cinergy_T_Stick_RC_Drv_Setup_64.1.1129.2011_Vista_7_8_64Bit(1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\TERRATEC_Cinergy_T_Stick_RC_Drv_Setup_64.1.1129.2011_XP_Vista_7_8_32Bit(1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\TERRATEC_Home_Cinema_Codec_Patch.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\VirtualBox-4.2.16-86992-Win.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\VirtualBox-4.2.18-88781-Win.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\VirtualBox-4.3.0-89960-Win.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\vlc-2.0.7-win32(1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\vlc-2.0.7-win32.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\vlc-2.0.7-win64.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\windirstatportable_1.1.2.80.paf.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Wireshark-win64-1.8.6.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\wlsetup-web(1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\wlsetup-web(2).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\wlsetup-web.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\XnConvert-win-x64.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\XnShellEx64.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\XnViewMP-win-x64.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\YUMI-1.9.9.6B.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Zemana_AntiLogger_1.9.3.503.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Zemana_AntiLogger_1.9.3.506.exe:BDU
AlternateDataStreams: C:\Users\admin\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

==================== Faulty Device Manager Devices =============

Name: HID-Tastatur
Description: HID-Tastatur
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: kbdhid
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HID-Tastatur
Description: HID-Tastatur
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: kbdhid
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/14/2013 11:12:07 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/14/2013 11:11:33 PM) (Source: ETDService) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (12/14/2013 09:46:37 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/14/2013 09:46:06 PM) (Source: ETDService) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (12/14/2013 09:44:32 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: procexp64.exe, Version: 15.40.0.0, Zeitstempel: 0x51f7e32c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16579, Zeitstempel: 0x51637f77
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000ebd59
ID des fehlerhaften Prozesses: 0x1470
Startzeit der fehlerhaften Anwendung: 0xprocexp64.exe0
Pfad der fehlerhaften Anwendung: procexp64.exe1
Pfad des fehlerhaften Moduls: procexp64.exe2
Berichtskennung: procexp64.exe3
Vollständiger Name des fehlerhaften Pakets: procexp64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: procexp64.exe5

Error: (12/14/2013 01:13:26 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: RegCurePro.exe, Version: 3.1.2.0, Zeitstempel: 0x5085a27b
Name des fehlerhaften Moduls: RegCurePro.exe, Version: 3.1.2.0, Zeitstempel: 0x5085a27b
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0006a2ce
ID des fehlerhaften Prozesses: 0xf90
Startzeit der fehlerhaften Anwendung: 0xRegCurePro.exe0
Pfad der fehlerhaften Anwendung: RegCurePro.exe1
Pfad des fehlerhaften Moduls: RegCurePro.exe2
Berichtskennung: RegCurePro.exe3
Vollständiger Name des fehlerhaften Pakets: RegCurePro.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RegCurePro.exe5

Error: (12/14/2013 01:13:25 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: RegCurePro.exe, Version: 3.1.2.0, Zeitstempel: 0x5085a27b
Name des fehlerhaften Moduls: RegCurePro.exe, Version: 3.1.2.0, Zeitstempel: 0x5085a27b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006a2ce
ID des fehlerhaften Prozesses: 0xf90
Startzeit der fehlerhaften Anwendung: 0xRegCurePro.exe0
Pfad der fehlerhaften Anwendung: RegCurePro.exe1
Pfad des fehlerhaften Moduls: RegCurePro.exe2
Berichtskennung: RegCurePro.exe3
Vollständiger Name des fehlerhaften Pakets: RegCurePro.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RegCurePro.exe5

Error: (12/14/2013 01:12:17 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: RegCurePro.exe, Version: 3.1.2.0, Zeitstempel: 0x5085a27b
Name des fehlerhaften Moduls: RegCurePro.exe, Version: 3.1.2.0, Zeitstempel: 0x5085a27b
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0006a2ce
ID des fehlerhaften Prozesses: 0x9d8
Startzeit der fehlerhaften Anwendung: 0xRegCurePro.exe0
Pfad der fehlerhaften Anwendung: RegCurePro.exe1
Pfad des fehlerhaften Moduls: RegCurePro.exe2
Berichtskennung: RegCurePro.exe3
Vollständiger Name des fehlerhaften Pakets: RegCurePro.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RegCurePro.exe5

Error: (12/14/2013 01:12:16 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: RegCurePro.exe, Version: 3.1.2.0, Zeitstempel: 0x5085a27b
Name des fehlerhaften Moduls: RegCurePro.exe, Version: 3.1.2.0, Zeitstempel: 0x5085a27b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006a2ce
ID des fehlerhaften Prozesses: 0x9d8
Startzeit der fehlerhaften Anwendung: 0xRegCurePro.exe0
Pfad der fehlerhaften Anwendung: RegCurePro.exe1
Pfad des fehlerhaften Moduls: RegCurePro.exe2
Berichtskennung: RegCurePro.exe3
Vollständiger Name des fehlerhaften Pakets: RegCurePro.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RegCurePro.exe5

Error: (12/14/2013 01:11:07 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: RegCurePro.exe, Version: 3.1.2.0, Zeitstempel: 0x5085a27b
Name des fehlerhaften Moduls: RegCurePro.exe, Version: 3.1.2.0, Zeitstempel: 0x5085a27b
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0006a2ce
ID des fehlerhaften Prozesses: 0xcdc
Startzeit der fehlerhaften Anwendung: 0xRegCurePro.exe0
Pfad der fehlerhaften Anwendung: RegCurePro.exe1
Pfad des fehlerhaften Moduls: RegCurePro.exe2
Berichtskennung: RegCurePro.exe3
Vollständiger Name des fehlerhaften Pakets: RegCurePro.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RegCurePro.exe5


System errors:
=============
Error: (12/14/2013 11:12:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (12/14/2013 11:12:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: 
%%2147500037

Error: (12/14/2013 11:12:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/14/2013 11:12:03 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HOSTS Anti-PUPs erreicht.

Error: (12/14/2013 09:46:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (12/14/2013 09:46:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet: 
%%2147500037

Error: (12/14/2013 09:46:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/14/2013 09:46:36 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HOSTS Anti-PUPs erreicht.

Error: (12/14/2013 09:44:53 PM) (Source: DCOM) (User: Derda)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (12/14/2013 09:44:53 PM) (Source: DCOM) (User: Derda)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}


Microsoft Office Sessions:
=========================
Error: (12/14/2013 11:12:07 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/14/2013 11:11:33 PM) (Source: ETDService)(User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (12/14/2013 09:46:37 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/14/2013 09:46:06 PM) (Source: ETDService)(User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (12/14/2013 09:44:32 PM) (Source: Application Error)(User: )
Description: procexp64.exe15.40.0.051f7e32cntdll.dll6.2.9200.1657951637f77c000037400000000000ebd59147001cef90c07b569e2C:\Users\admin\AppData\Local\Temp\procexp64.exeC:\Windows\SYSTEM32\ntdll.dll88ab0dc8-6500-11e3-bf07-083e8e4a7c86

Error: (12/14/2013 01:13:26 AM) (Source: Application Error)(User: )
Description: RegCurePro.exe3.1.2.05085a27bRegCurePro.exe3.1.2.05085a27bc000041d0006a2cef9001cef8614e1e4be7C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exeC:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe8ceb584c-6454-11e3-bf07-083e8e4a7c86

Error: (12/14/2013 01:13:25 AM) (Source: Application Error)(User: )
Description: RegCurePro.exe3.1.2.05085a27bRegCurePro.exe3.1.2.05085a27bc00000050006a2cef9001cef8614e1e4be7C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exeC:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe8c447164-6454-11e3-bf07-083e8e4a7c86

Error: (12/14/2013 01:12:17 AM) (Source: Application Error)(User: )
Description: RegCurePro.exe3.1.2.05085a27bRegCurePro.exe3.1.2.05085a27bc000041d0006a2ce9d801cef86124cd5aa8C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exeC:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe63afdc7f-6454-11e3-bf07-083e8e4a7c86

Error: (12/14/2013 01:12:16 AM) (Source: Application Error)(User: )
Description: RegCurePro.exe3.1.2.05085a27bRegCurePro.exe3.1.2.05085a27bc00000050006a2ce9d801cef86124cd5aa8C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exeC:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe62fd09ae-6454-11e3-bf07-083e8e4a7c86

Error: (12/14/2013 01:11:07 AM) (Source: Application Error)(User: )
Description: RegCurePro.exe3.1.2.05085a27bRegCurePro.exe3.1.2.05085a27bc000041d0006a2cecdc01cef860fabf74f2C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exeC:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe39fc9164-6454-11e3-bf07-083e8e4a7c86


CodeIntegrity Errors:
===================================
  Date: 2013-12-12 23:40:28.527
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-14 23:12:03.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_194\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-14 23:01:03.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_194\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-14 21:49:11.807
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_194\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-14 20:26:10.145
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_194\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-14 18:12:13.836
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_194\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-14 09:13:39.333
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_194\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-14 00:16:46.534
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_194\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-13 23:56:49.023
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_194\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-13 22:45:25.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_194\avcuf64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 16199.27 MB
Available physical RAM: 13959.8 MB
Total Pagefile: 59207.27 MB
Available Pagefile: 56809.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:446.85 GB) (Free:297.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: EAB94E01)

Partition: GPT Partition Type
==================== End Of Log ============================
         

Alt 15.12.2013, 07:23   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 64, keine Tastatur mehr - Standard

Windows 8 64, keine Tastatur mehr



Wie ist die Leistung jetzt?

Downloade dir bitte Windows Repair (All In One) von hier.
  • Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
  • Klicke auf Step 2 und drücke unter Check Disk auf Do It.

  • Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.

  • Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.

  • Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
  • Hake Restart System when Finished an.
  • Drücke Start.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.12.2013, 19:42   #9
7hine
 
Windows 8 64, keine Tastatur mehr - Standard

Windows 8 64, keine Tastatur mehr



Zitat:
Zitat von schrauber Beitrag anzeigen
Wie ist die Leistung jetzt?
ist ok.
Allerdings kam ebend nach dem einschalten(hibernate) wieder ein EICAR Fund.
Ausserdem röttelt die Festplatte nicht mehr ganz so schlimm, als würde sie einmal umkopiert werden.

Mir fällt gerade als evtl. Problem auf:
Es gibt da ein leeres, unbestücktes virtuelles CD-Drive D:, obwohl ich defagger(sp?) laufen lassen hatte
Ich hatte immer ImDisk benutzt, aber das sagt beim unmounten "Not an ImDisk Virtual Disk: `D:`
Das war schon öfter vorgekommen.aber ich habe eigentlich immer höhere Buchstaben genutzt..
Ein USB-DVD landet auf E:




Zitat:
Downloade dir bitte Windows Repair (All In One) von hier.
ich bekomme da ein 2.0.1 in einem tweaking.com_windows_repair_aio.zip. Eine Installation gibt's nicht, nur auspacken.
Es will sich dann auf 2.1 upgraden.
Die neue Version nehmen?

--------
hab Repair lauf mit 2.1 gemacht ;
Keine Besserung .
Hab es wiederholt
Keine Besserung .
Es fiel auf das bei 882 die Permissions nicht geändert werden konnten.

und nu? :-)

Geändert von 7hine (15.12.2013 um 14:08 Uhr) Grund: dvd problen

Alt 16.12.2013, 10:55   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 64, keine Tastatur mehr - Standard

Windows 8 64, keine Tastatur mehr



Ich würde jetzt ein sauberes Inplace Upgrade drüber ziehen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.12.2013, 20:37   #11
7hine
 
Windows 8 64, keine Tastatur mehr - Standard

Windows 8 64, keine Tastatur mehr



Zitat:
Zitat von schrauber Beitrag anzeigen
Ich würde jetzt ein sauberes Inplace Upgrade drüber ziehen.
Thanks.
Das upgrade auf 8.1 schlug bereits fehl, bevor mir der Trojaner auffiel....
Ich vermutete weil das ein Acer war (oder Trojaner schon drauf)
Welche Anleitung ist empfehlenswert?
(ich hätte sonst noch dem Acer Repair USB Stick, den ich allerdings ungern in diesen Rechner stecken möchte , mangels Schreibschutz.

Alt 17.12.2013, 09:47   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 64, keine Tastatur mehr - Standard

Windows 8 64, keine Tastatur mehr



Hast du ne vollwertige DVD win8?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.12.2013, 21:29   #13
7hine
 
Windows 8 64, keine Tastatur mehr - Standard

Windows 8 64, keine Tastatur mehr



Zitat:
Zitat von schrauber Beitrag anzeigen
Hast du ne vollwertige DVD win8?
Hi schrauber

leider ist das ein kleines Acer-Billig-NB,und da liefert Acer NICHTS mit.
Nicht einmal den Hinweis, das man sich unbedingt ein 16GBDrive kaufen MUSS,
um einen Plattencrash zu überleben...oder sich eine Sicherheits-Kopie der Restore Partition und Treiber anlegen kann...

Allerdings bin ich jetzt weiter: :-)

Ich hatte geschrieben, das F8 (hin zum abgesicherten Modus) nicht geht...
Bei Windows 8 ist das aber recht versteckt (hatte ich hier beim "stöbern" gefunden):

Vor der Sperrbild-Schirm einen AffenGriff(CNTL-ALT-DEL).
Dann rechts "Neustart" während man die Shift-Taste gedrückt hält...
(Toll Idee, vorallem wenn die Tastatur unter Windows
nicht mehr funktioniert...(sehr wohl aber im Bootmanager...))
Per BildschirmTastatatur die SHift-Taste gedrückt und "Neustart":

Es kommt bei Acer kein schwarzer Bildschirm wie in der ANleitung,sondern ein bunter Bildschirm mit u.a. den Optionen:
1. Normal Weiter
2. Windows aktualisieren


"Windows aktualisieren" ausgewählt, nochmal bestätigt, das man wirklich Windows aktualierieren will...später noch Admin Passwort per richtiger
Tastatur(!) eingegeben.
"Aktualisierung" legt los (von der versteckten Partiton...)
Es wird der "windows"-ordner zu "windows.old" (dessen Erstellzeit ca. 8 stunden in der Zukunft liegt) .
D.h. alles an "meinen" Programmen ist "weg", auf dem Desktop tummelt sich wieder das Acer-Zeugs, aber in den User-Verzeichnissen scheint nocht alles da zu sein. :-)
Es fehlen soca. 102 Updates und "sfc /scannow" ist (noch immer) nicht zufrieden...

Sobald die Updates Drin sind (können seltsamerweise nicht unter Windows geladen werden sondern nur in der Bootphase, vermutlich weil wieder der kaputte WLAN-Treiber drin ist) werde ich die F8 Taste wie von euch beschrieben per dism wieder aktivieren.

Erstmal vielen Dank! :-)
Ich glaube die Kiste ist jetzt wieder sauber :-)

Gruss
7hine

Alt 18.12.2013, 10:05   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 64, keine Tastatur mehr - Standard

Windows 8 64, keine Tastatur mehr



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 8 64, keine Tastatur mehr
adblock, antikeylogger, antivirus, bluestacks, booten, converter, crystaldiskinfo, defender, downloader, fehlermeldung, flash player, ftp, gerätetreiber, home, homepage, install.exe, keine tastatur, launch, mozilla, performance, realtek, registry, remote control, scan, security, services.exe, siteadvisor, software, svchost.exe, symantec, tastatur, temp, trojan.backdoor, updates, warum, wildtangent games, windows, windows 8, zemana



Ähnliche Themen: Windows 8 64, keine Tastatur mehr


  1. PC landet im BIOS und erkennt keine Tastatur
    Netzwerk und Hardware - 18.02.2015 (3)
  2. Windows 7 Rechner ging plötzlich aus Verbindung zu Monitor, Tastatur und Maus nicht mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 07.01.2015 (7)
  3. Nach Windows 7 "Update" nicht mehr bootfähig (Tastatur blockiert)
    Plagegeister aller Art und deren Bekämpfung - 19.12.2014 (3)
  4. Windows lock screen resetet im Sekundentakt, keine Tastatur :headbang:
    Log-Analyse und Auswertung - 07.09.2014 (3)
  5. Nach Neustart von Windows 7 keine Aktionen (Maus+Tastatur) mehr möglich! Allerdings kein Freeze!
    Plagegeister aller Art und deren Bekämpfung - 04.06.2014 (5)
  6. Keine Anmeldung mehr bei Windows 8
    Alles rund um Windows - 08.01.2014 (3)
  7. Tastatur funktioniert nicht mehr nach Update auf Windows 8.1
    Alles rund um Windows - 14.12.2013 (11)
  8. Windows 8: Keine Startseite mehr, kein Desktop, keine Taskleiste.
    Plagegeister aller Art und deren Bekämpfung - 30.05.2013 (17)
  9. Windows XP startet nicht mehr, Tastatur reagiert nicht
    Alles rund um Windows - 22.07.2012 (13)
  10. (2x) BKA Trojaner ; Trojan.Java.Mail.Send.B keine Keine Zugriffe in Windows XP 32 Bit mehr möglich
    Mülltonne - 29.05.2012 (1)
  11. Keine Anmeldung bei Windows mehr möglich. Passwort feld fehlt. Kein Internet mehr. Kein Admin mehr.
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (5)
  12. Windows startet nicht mehr, Tastatur reagiert nicht
    Alles rund um Windows - 27.07.2011 (15)
  13. Anmeldung an Windows (7) nicht mehr möglich, Tastatur + Maus reagieren nicht
    Plagegeister aller Art und deren Bekämpfung - 23.01.2011 (1)
  14. Keine Berechtigungen mehr, keine Programme mehr ausführbar
    Plagegeister aller Art und deren Bekämpfung - 28.08.2010 (3)
  15. windows 7 keine transparenten fensterbilder mehr
    Alles rund um Windows - 22.07.2010 (8)
  16. Windows XP führt keine Installationen mehr aus
    Plagegeister aller Art und deren Bekämpfung - 10.03.2009 (4)
  17. Windows zeigt keine Umlaute mehr
    Alles rund um Windows - 24.01.2007 (1)

Zum Thema Windows 8 64, keine Tastatur mehr - hallo. ich habe z.Zt. nur ne virtuelle Tastatur. Bitte seht mir die Typos nach Wie kam es dazu ? Ich musste neu booten weil es auf meinem acer NB keinen - Windows 8 64, keine Tastatur mehr...
Archiv
Du betrachtest: Windows 8 64, keine Tastatur mehr auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.