Serial Trunc, PopUps, Werbebanner, lahmer Browser

Brainwash · 25.03.2014, 23:42

Hallo,

mir wurde dieses Forum empfohlen, da ich nicht mehr alleine zurecht komme.

Ich nutze Firefox, jedoch besteht das Problem auch bei anderen Browsern.
Je nach aufgerufener Homepage öffnen sich PopUps, jede Menge Werbebanner, welche ich zum Teil schließen kann und der Browser wird sehr lahm. Facebook ist komischerweise nicht davon betroffen.

Habe gerade ein mir unbekanntes kleines Programm entdeckt namens "Serial Trunc", welches anscheinend installiert wurde, seitdem ich die Probleme habe. Konnte es über Systemsteuerung deinstallieren. Problem besteht weiterhin.

Habe nur schlimme Sachen über Serial Trunc bei Google erfahren.

Über eine schnelle Antwort bedanke ich mich im voraus.

mfg brainwash

cosinus · 26.03.2014, 01:45

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Brainwash · 26.03.2014, 11:44

toll, dass sich jemand so schnell meldet

antivir hatte nichts auffälliges gefunden, daraufhin hab ich mir die test version von norton360 runtergeladen, welches was gefunden und beseitigt hat, aber wie komme ich jetzt an diesen bericht... testversion ist bereits abgelaufen

FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Brainwash (administrator) on BRAINWASH-PC on 26-03-2014 11:20:11
Running from D:\Users\Brainwash\Desktop
Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) D:\Windows\system32\atiesrxx.exe
(AMD) D:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) D:\Program Files\Avira\AntiVir Desktop\sched.exe
() D:\Program Files\Re-markit\Re-markit_wd.exe
(Advanced Micro Devices, Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(Symantec Corporation) D:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe
() D:\Windows\system32\PnkBstrA.exe
() D:\Program Files\Re-markit\Re-markit155.exe
(Avira Operations GmbH & Co. KG) D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) D:\Program Files\Windows Sidebar\sidebar.exe
() D:\Program Files\Tor\tor.exe
(Symantec Corporation) D:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe
(Microsoft Corporation) D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Nero AG) D:\Program Files\Nero\Update\NASvc.exe
(Avira Operations GmbH & Co. KG) D:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) D:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Sun Microsystems, Inc.) D:\Program Files\Common Files\Java\Java Update\jusched.exe
(Sun Microsystems, Inc.) D:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) D:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) D:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] - D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1037492137-1555187610-2593971898-1001\...\Policies\Explorer: [NoDrives] 0x00000000
HKU\S-1-5-21-1037492137-1555187610-2593971898-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-1037492137-1555187610-2593971898-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1037492137-1555187610-2593971898-1001\...\MountPoints2: {2fa5eafc-1efa-11df-bf85-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-1037492137-1555187610-2593971898-1001\...\MountPoints2: {e2feaaef-6414-11e2-804e-00241dc1498e} - F:\HTC_Sync_Manager_PC.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=0ed62b0a-1d4e-4583-a6f1-f885ae86183a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=30/07/2013&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390936340&from=exp&uid=wdcxwd5000aaks-00v1a0_wd-wmawf122059720597
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.searchgol.com/?affID=119777&tt=gc_&babsrc=HP_ss_Btisdt7&mntrId=E45700241DC1498E
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=0ed62b0a-1d4e-4583-a6f1-f885ae86183a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=30/07/2013&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1390936340&from=exp&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF122059720597
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1390936340&from=exp&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF122059720597&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1390936340&from=exp&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF122059720597
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390936340&from=exp&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF122059720597
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1390936340&from=exp&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF122059720597&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - D:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1390936340&from=exp&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF122059720597
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1390936340&from=exp&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF122059720597&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=0ed62b0a-1d4e-4583-a6f1-f885ae86183a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=30/07/2013&type=hp1000
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1390936340&from=exp&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF122059720597&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1390936340&from=exp&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF122059720597&q={searchTerms}
SearchScopes: HKCU - URL hxxp://www.searchgol.com/?q={searchTerms}&affID=119777&tt=gc_&babsrc=SP_ss_Btisdt7&mntrId=E45700241DC1498E
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=0ed62b0a-1d4e-4583-a6f1-f885ae86183a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=30/07/2013&type=hp1000
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://isearch.babylon.com/?q={searchTerms}&affID=119777&tt=gc_&babsrc=SP_ssbtis1&mntrId=E45700241DC1498E
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1390936340&from=exp&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF122059720597&q={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=o0&geo=DE&ver=21&locale=de_DE&gct=kwd&qsrc=2869
SearchScopes: HKCU - {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD} URL = hxxp://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=de&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - D:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: CescrtHlpr Object - {64182481-4F71-486b-A045-B233BD0DA8FC} - D:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - D:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SerialTrunc - {e76b4f24-4a2f-4e65-ad36-e2aa934e547c} - D:\Program Files\SerialTrunc\SerialTruncBHO.dll No File
Toolbar: HKLM - facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - D:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - D:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - D:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - D:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: D:\Users\Brainwash\AppData\Roaming\Mozilla\Firefox\Profiles\ly6woe9g.default
FF user.js: detected! => D:\Users\Brainwash\AppData\Roaming\Mozilla\Firefox\Profiles\ly6woe9g.default\user.js
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - D:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @canon.com/EPPEX - D:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @esn/esnlaunch,version=1.116.0 - D:\Program Files\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=2.1.2 - D:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll No File
FF Plugin: @esn/npbattlelog,version=2.3.1 - D:\Program Files\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.3.2 - D:\Program Files\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @Google.com/GoogleEarthPlugin - D:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - D:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - D:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - D:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @Nero.com/KM - D:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @tools.google.com/Google Update;version=3 - D:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - D:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: D:\Users\Brainwash\AppData\Roaming\Mozilla\Firefox\Profiles\ly6woe9g.default\searchplugins\11-suche.xml
FF SearchPlugin: D:\Users\Brainwash\AppData\Roaming\Mozilla\Firefox\Profiles\ly6woe9g.default\searchplugins\babylon.xml
FF SearchPlugin: D:\Users\Brainwash\AppData\Roaming\Mozilla\Firefox\Profiles\ly6woe9g.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: D:\Users\Brainwash\AppData\Roaming\Mozilla\Firefox\Profiles\ly6woe9g.default\searchplugins\delta.xml
FF SearchPlugin: D:\Users\Brainwash\AppData\Roaming\Mozilla\Firefox\Profiles\ly6woe9g.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: D:\Users\Brainwash\AppData\Roaming\Mozilla\Firefox\Profiles\ly6woe9g.default\searchplugins\gmx-suche.xml
FF SearchPlugin: D:\Users\Brainwash\AppData\Roaming\Mozilla\Firefox\Profiles\ly6woe9g.default\searchplugins\lastminute.xml
FF SearchPlugin: D:\Users\Brainwash\AppData\Roaming\Mozilla\Firefox\Profiles\ly6woe9g.default\searchplugins\safesearch.xml
FF SearchPlugin: D:\Users\Brainwash\AppData\Roaming\Mozilla\Firefox\Profiles\ly6woe9g.default\searchplugins\Web Search.xml
FF SearchPlugin: D:\Users\Brainwash\AppData\Roaming\Mozilla\Firefox\Profiles\ly6woe9g.default\searchplugins\webde-suche.xml
FF SearchPlugin: D:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: D:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: D:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: D:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Widget context - D:\Users\Brainwash\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-02-16]
FF Extension: Facemoods - D:\Users\Brainwash\AppData\Roaming\Mozilla\Firefox\Profiles\ly6woe9g.default\Extensions\ffxtlbr@Facemoods.com [2011-10-18]
FF Extension: GoPhotoIt - D:\Users\Brainwash\AppData\Roaming\Mozilla\Firefox\Profiles\ly6woe9g.default\Extensions\gophoto@gophoto.it [2013-05-11]
FF Extension: Quick Start - D:\Users\Brainwash\AppData\Roaming\Mozilla\Firefox\Profiles\ly6woe9g.default\Extensions\quick_start@gmail.com [2014-02-23]
FF Extension: Bitdefender QuickScan - D:\Users\Brainwash\AppData\Roaming\Mozilla\Firefox\Profiles\ly6woe9g.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012-06-28]
FF Extension: GoPhotoIt - D:\Users\Brainwash\AppData\Roaming\Mozilla\Firefox\Profiles\ly6woe9g.default\Extensions\gophoto@gophoto.it.xpi [2013-08-10]
FF Extension: ep - D:\Users\Brainwash\AppData\Roaming\Mozilla\Firefox\Profiles\ly6woe9g.default\Extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi [2014-02-20]
FF Extension: M2k Downloader - D:\Users\Brainwash\AppData\Roaming\Mozilla\Firefox\Profiles\ly6woe9g.default\Extensions\m2k@m2kdownloader.com.xpi [2013-04-08]
FF Extension: GMX MailCheck - D:\Users\Brainwash\AppData\Roaming\Mozilla\Firefox\Profiles\ly6woe9g.default\Extensions\toolbar@gmx.net.xpi [2013-11-15]
FF Extension: Skype Click to Call - D:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-16]
FF Extension: Java Console - D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-16]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - D:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - D:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-08-05]
FF HKLM\...\Firefox\Extensions: [lightningnewtab@gmail.com] - D:\Users\Brainwash\AppData\Roaming\Mozilla\Firefox\Profiles\ly6woe9g.default\extensions\lightningnewtab@gmail.com.xpi
FF HKLM\...\Firefox\Extensions: [ext@MediaPlayerV1alpha1446.net] - D:\Program Files\MediaPlayerV1\MediaPlayerV1alpha1446\ff
FF Extension: Media Player - D:\Program Files\MediaPlayerV1\MediaPlayerV1alpha1446\ff [2014-02-14]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-02-23]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
FF HKLM\...\Firefox\Extensions: [ext@MediaViewerV1alpha8483.net] - D:\Program Files\MediaViewerV1\MediaViewerV1alpha8483\ff
FF Extension: Media Viewer - D:\Program Files\MediaViewerV1\MediaViewerV1alpha8483\ff [2014-02-26]
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha2335.net] - D:\Program Files\MediaViewV1\MediaViewV1alpha2335\ff
FF Extension: Media View - D:\Program Files\MediaViewV1\MediaViewV1alpha2335\ff [2014-02-27]
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha4888.net] - D:\Program Files\MediaViewV1\MediaViewV1alpha4888\ff
FF Extension: Media View - D:\Program Files\MediaViewV1\MediaViewV1alpha4888\ff [2014-03-16]
FF HKCU\...\Firefox\Extensions: [{13b2a6cd-c8be-4191-a05b-b843a6b780cb}] - D:\Program Files\Re-markit\155.xpi
FF Extension: Re-markit - D:\Program Files\Re-markit\155.xpi [2014-02-19]

Chrome: 
=======
CHR HomePage: hxxp://www.awesomehp.com/?type=hp&ts=1390936340&from=exp&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF122059720597
CHR DefaultSearchKeyword: awesomehp
CHR DefaultSearchProvider: awesomehp
CHR DefaultSearchURL: hxxp://www.awesomehp.com/web/?type=ds&ts=1390936340&from=exp&uid=WDCXWD5000AAKS-00V1A0_WD-WMAWF122059720597&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Extended Protection) - D:\Users\Brainwash\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2014-01-28]
CHR Extension: (Re-markit) - D:\Users\Brainwash\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel [2014-02-09]
CHR Extension: (Media View) - D:\Users\Brainwash\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaemkfimgegcbjejkeflfgbedacfgbbh [2014-03-16]
CHR Extension: (Delta Toolbar) - D:\Users\Brainwash\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-05-10]
CHR Extension: (Media Viewer) - D:\Users\Brainwash\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgidcepjcglimhnijpdjkdeddmeahonh [2014-02-26]
CHR Extension: (Foxtab Speed Dial) - D:\Users\Brainwash\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif [2011-11-20]
CHR Extension: (Media View) - D:\Users\Brainwash\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikamdpnaicmmgdmfaljgilonngbojik [2014-02-27]
CHR Extension: (M2k Downloader) - D:\Users\Brainwash\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbdmbjkgojacipgefbifkiebpcdjhn [2013-05-10]
CHR Extension: (Skype Click to Call) - D:\Users\Brainwash\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-05-10]
CHR Extension: (Google Wallet) - D:\Users\Brainwash\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-09]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - D:\Users\Brainwash\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-11-20]
CHR Extension: (Widget context) - D:\Users\Brainwash\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-02-16]
CHR Extension: (GoPhoto.it) - D:\Users\Brainwash\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk [2013-05-10]
CHR Extension: (Lightning speedDial) - D:\Users\Brainwash\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkndmigholgfjlniaohblojbhgjbkakn [2014-02-09]
CHR HKLM\...\Chrome\Extension: [eaemkfimgegcbjejkeflfgbedacfgbbh] - D:\Program Files\MediaViewV1\MediaViewV1alpha4888\ch\MediaViewV1alpha4888.crx [2014-02-27]
CHR HKLM\...\Chrome\Extension: [hgidcepjcglimhnijpdjkdeddmeahonh] - D:\Program Files\MediaViewerV1\MediaViewerV1alpha8483\ch\MediaViewerV1alpha8483.crx [2014-02-24]
CHR HKLM\...\Chrome\Extension: [ihflimipbcaljfnojhhknppphnnciiif] - D:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoods.crx [2011-09-05]
CHR HKLM\...\Chrome\Extension: [iikamdpnaicmmgdmfaljgilonngbojik] - D:\Program Files\MediaViewV1\MediaViewV1alpha2335\ch\MediaViewV1alpha2335.crx [2014-02-26]
CHR HKLM\...\Chrome\Extension: [lbbbdmbjkgojacipgefbifkiebpcdjhn] - D:\Program Files\Movie2KDownloader.com\m2kDownloader10.crx [2014-02-26]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - D:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - D:\Program Files\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx [2014-02-23]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - D:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - D:\Program Files\Gophoto.it\gophotoit14.crx [2012-07-31]
CHR HKLM\...\Chrome\Extension: [pkndmigholgfjlniaohblojbhgjbkakn] - D:\Users\Brainwash\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-01-28]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-09-21] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; D:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; D:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 ES lite Service; D:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-02-05] ()
S4 Futuremark SystemInfo Service; D:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [130976 2011-03-01] (Futuremark Corporation)
R2 IJPLMSVC; D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 N360; D:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)
R2 NAUpdate; D:\Program Files\Nero\Update\NASvc.exe [641832 2011-09-23] (Nero AG)
R2 PnkBstrA; D:\Windows\system32\PnkBstrA.exe [76888 2013-10-30] ()
R2 Re-markit; D:\Program Files\Re-markit\Re-markit155.exe [182272 2014-02-19] ()
R2 tor; D:\Program Files\Tor\tor.exe [3233806 2013-09-06] ()

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.01; D:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [29184 2013-06-19] (Advanced Micro Devices)
S2 AODDriver4.2.0; D:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [29184 2013-06-19] (Advanced Micro Devices)
R2 atksgt; D:\Windows\System32\DRIVERS\atksgt.sys [281760 2013-07-30] ()
R2 avgntflt; D:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; D:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; D:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
U4 avnetflt; D:\Windows\System32\DRIVERS\avnetflt.sys [69240 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 BHDrvx86; D:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2014-02-14] (Symantec Corporation)
R1 ccSet_N360; D:\Windows\system32\drivers\N360\1501000.012\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 dtsoftbus01; D:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-07-30] (DT Soft Ltd)
R1 eeCtrl; D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-03-05] (Symantec Corporation)
R3 EraserUtilRebootDrv; D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-02-26] (Symantec Corporation)
S3 gdrv; D:\Windows\gdrv.sys [16608 2011-10-18] (Windows (R) 2000 DDK provider)
R1 IDSVix86; D:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140321.001\IDSvix86.sys [395992 2014-03-06] (Symantec Corporation)
R0 JRAID; D:\Windows\System32\DRIVERS\jraid.sys [83296 2008-11-04] (JMicron Technology Corp.)
R2 lirsgt; D:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-07-30] ()
R3 NAVENG; D:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140322.002\NAVENG.SYS [93272 2014-03-05] (Symantec Corporation)
R3 NAVEX15; D:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140322.002\NAVEX15.SYS [1612376 2014-03-05] (Symantec Corporation)
S3 RTHDMIAzAudService; D:\Windows\System32\drivers\RtHDMIV.sys [155808 2008-12-25] (Realtek Semiconductor Corp.)
S3 RTL8192cu; D:\Windows\System32\DRIVERS\RTL8192cu.sys [648808 2011-10-31] (Realtek Semiconductor Corporation                           )
R3 SRTSP; D:\Windows\system32\drivers\N360\1501000.012\SRTSP.SYS [651352 2013-09-27] (Symantec Corporation)
R1 SRTSPX; D:\Windows\system32\drivers\N360\1501000.012\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation)
R1 ssmdrv; D:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
R0 SymDS; D:\Windows\System32\drivers\N360\1501000.012\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; D:\Windows\System32\drivers\N360\1501000.012\SYMEFA.SYS [935512 2013-09-27] (Symantec Corporation)
R3 SymEvent; D:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-02-23] (Symantec Corporation)
R1 SymIRON; D:\Windows\system32\drivers\N360\1501000.012\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SymNetS; D:\Windows\system32\drivers\N360\1501000.012\SYMNETS.SYS [446552 2013-09-26] (Symantec Corporation)
S3 cpuz135; \??\D:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-26 11:20 - 2014-03-26 11:21 - 00027926 _____ () D:\Users\Brainwash\Desktop\FRST.txt
2014-03-26 11:19 - 2014-03-26 11:20 - 00000000 ____D () D:\FRST
2014-03-26 11:18 - 2014-03-26 11:18 - 01145856 _____ (Farbar) D:\Users\Brainwash\Desktop\FRST.exe
2014-03-13 19:03 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.dll
2014-03-13 19:03 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.tlb
2014-03-13 19:03 - 2014-03-01 05:10 - 00004096 _____ (Microsoft Corporation) D:\Windows\system32\ieetwcollectorres.dll
2014-03-13 19:03 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) D:\Windows\system32\iesetup.dll
2014-03-13 19:03 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) D:\Windows\system32\ieetwproxystub.dll
2014-03-13 19:03 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) D:\Windows\system32\iertutil.dll
2014-03-13 19:03 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) D:\Windows\system32\jsproxy.dll
2014-03-13 19:03 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) D:\Windows\system32\iernonce.dll
2014-03-13 19:03 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) D:\Windows\system32\ieui.dll
2014-03-13 19:03 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) D:\Windows\system32\ieUnatt.exe
2014-03-13 19:03 - 2014-03-01 04:38 - 00108032 _____ (Microsoft Corporation) D:\Windows\system32\ieetwcollector.exe
2014-03-13 19:03 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) D:\Windows\system32\jscript9diag.dll
2014-03-13 19:03 - 2014-03-01 04:31 - 00646144 _____ (Microsoft Corporation) D:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 19:03 - 2014-03-01 04:25 - 00208896 _____ (Microsoft Corporation) D:\Windows\system32\ie4uinit.exe
2014-03-13 19:03 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) D:\Windows\system32\msrating.dll
2014-03-13 19:03 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) D:\Windows\system32\jscript9.dll
2014-03-13 19:03 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) D:\Windows\system32\msfeeds.dll
2014-03-13 19:03 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) D:\Windows\system32\inetcpl.cpl
2014-03-13 19:03 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) D:\Windows\system32\ieframe.dll
2014-03-13 19:03 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) D:\Windows\system32\wininet.dll
2014-03-13 19:03 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) D:\Windows\system32\urlmon.dll
2014-03-13 19:03 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) D:\Windows\system32\ieapfltr.dll
2014-03-13 19:03 - 2014-02-07 02:07 - 02349056 _____ (Microsoft Corporation) D:\Windows\system32\win32k.sys
2014-03-13 19:03 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) D:\Windows\system32\qedit.dll
2014-03-13 19:03 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) D:\Windows\system32\wer.dll
2014-03-09 13:19 - 2014-03-09 13:19 - 00000000 ____D () D:\ProgramData\SMR410
2014-03-09 13:17 - 2014-03-09 13:35 - 00000000 ____D () D:\Users\Brainwash\AppData\Local\NPE
2014-03-05 22:31 - 2014-03-05 22:31 - 00000000 ____D () D:\Users\Brainwash\AppData\Local\Skype
2014-03-05 22:30 - 2014-03-05 22:30 - 00002717 _____ () D:\Users\Public\Desktop\Skype.lnk
2014-03-05 22:30 - 2014-03-05 22:30 - 00000000 ____D () D:\Program Files\Common Files\Skype
2014-03-02 20:43 - 2014-03-24 01:27 - 00000000 ____D () D:\Users\Brainwash\AppData\Local\Battle.net
2014-03-02 20:43 - 2014-03-24 01:26 - 00000000 ____D () D:\Program Files\Battle.net
2014-03-02 20:43 - 2014-03-05 18:53 - 00000000 ____D () D:\Users\Brainwash\AppData\Roaming\Battle.net
2014-03-02 20:43 - 2014-03-02 20:43 - 00001118 _____ () D:\Users\Public\Desktop\Battle.net.lnk
2014-03-02 20:21 - 2014-03-02 20:21 - 00000000 ____D () D:\Users\Brainwash\AppData\Local\Blizzard Entertainment
2014-02-28 22:35 - 2014-02-28 22:35 - 00000000 ____D () D:\Users\Brainwash\AppData\Local\CrashDumps
2014-02-27 17:51 - 2014-02-27 17:51 - 00000000 ____D () D:\Users\Brainwash\Documents\Criterion Games
2014-02-27 17:05 - 2014-03-16 19:06 - 00000000 ____D () D:\Program Files\MediaViewV1
2014-02-26 20:21 - 2014-02-26 20:24 - 00000000 ____D () D:\Users\Brainwash\AppData\Local\Runic Games
2014-02-26 20:18 - 2014-02-26 20:18 - 00000000 ____D () D:\Users\Public\Games
2014-02-26 18:00 - 2014-02-26 18:00 - 00000000 ____D () D:\Program Files\MediaViewerV1

==================== One Month Modified Files and Folders =======

2014-03-26 11:21 - 2014-03-26 11:20 - 00027926 _____ () D:\Users\Brainwash\Desktop\FRST.txt
2014-03-26 11:20 - 2014-03-26 11:19 - 00000000 ____D () D:\FRST
2014-03-26 11:18 - 2014-03-26 11:18 - 01145856 _____ (Farbar) D:\Users\Brainwash\Desktop\FRST.exe
2014-03-26 11:10 - 2013-10-20 20:54 - 00035766 _____ () D:\Windows\setupact.log
2014-03-26 11:08 - 2013-09-18 10:07 - 00000884 _____ () D:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-26 10:14 - 2014-02-19 10:13 - 00000354 _____ () D:\Windows\Tasks\Re-markit_wd.job
2014-03-26 10:03 - 2014-02-19 10:13 - 00000368 _____ () D:\Windows\Tasks\Re-markit Update.job
2014-03-26 03:00 - 2013-03-15 15:50 - 01425371 _____ () D:\Windows\WindowsUpdate.log
2014-03-25 22:33 - 2009-07-14 05:34 - 00014016 ____H () D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-25 22:33 - 2009-07-14 05:34 - 00014016 ____H () D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-25 22:28 - 2009-07-14 05:53 - 00032640 _____ () D:\Windows\Tasks\SCHEDLGU.TXT
2014-03-25 22:28 - 2009-07-14 05:53 - 00000006 ____H () D:\Windows\Tasks\SA.DAT
2014-03-24 01:27 - 2014-03-02 20:43 - 00000000 ____D () D:\Users\Brainwash\AppData\Local\Battle.net
2014-03-24 01:26 - 2014-03-02 20:43 - 00000000 ____D () D:\Program Files\Battle.net
2014-03-21 14:29 - 2011-12-26 14:04 - 00000000 ____D () D:\Users\Brainwash\AppData\Roaming\Skype
2014-03-20 22:31 - 2013-10-24 20:24 - 00388940 _____ () D:\Windows\PFRO.log
2014-03-19 13:39 - 2014-02-23 17:09 - 00000000 ____D () D:\Windows\system32\Drivers\N360
2014-03-18 12:32 - 2013-08-14 23:42 - 00000000 ____D () D:\Windows\system32\MRT
2014-03-18 12:26 - 2009-10-14 03:21 - 87350280 _____ (Microsoft Corporation) D:\Windows\system32\MRT.exe
2014-03-18 12:18 - 2014-02-16 15:02 - 00000000 ____D () D:\Program Files\Mozilla Firefox
2014-03-16 19:54 - 2011-12-05 17:32 - 00000000 ____D () D:\Program Files\Battlelog Web Plugins
2014-03-16 19:17 - 2014-01-28 20:12 - 00000000 ____D () D:\Program Files\SupTab
2014-03-16 19:15 - 2014-01-28 20:12 - 00000000 ____D () D:\ProgramData\WPM
2014-03-16 19:12 - 2014-01-28 20:16 - 00000000 ____D () D:\Users\Brainwash\AppData\Local\Mobogenie
2014-03-16 19:12 - 2014-01-28 20:15 - 00000000 ____D () D:\Program Files\Mobogenie
2014-03-16 19:07 - 2014-02-14 03:01 - 00001274 __RSH () D:\ProgramData\ntuser.pol
2014-03-16 19:06 - 2014-02-27 17:05 - 00000000 ____D () D:\Program Files\MediaViewV1
2014-03-13 19:43 - 2012-05-15 18:32 - 00000000 ____D () D:\Program Files\Diablo III
2014-03-13 19:22 - 2012-04-19 10:06 - 00692616 _____ (Adobe Systems Incorporated) D:\Windows\system32\FlashPlayerApp.exe
2014-03-13 19:22 - 2011-09-15 11:43 - 00071048 _____ (Adobe Systems Incorporated) D:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-13 19:21 - 2014-01-28 20:16 - 00000000 ____D () D:\Users\Brainwash\AppData\Roaming\newnext.me
2014-03-13 19:20 - 2013-10-24 20:24 - 03667568 _____ () D:\Windows\system32\FNTCACHE.DAT
2014-03-09 18:36 - 2014-02-23 20:20 - 00000000 ____D () D:\Users\Brainwash\Desktop\40 Jahre
2014-03-09 13:35 - 2014-03-09 13:17 - 00000000 ____D () D:\Users\Brainwash\AppData\Local\NPE
2014-03-09 13:19 - 2014-03-09 13:19 - 00000000 ____D () D:\ProgramData\SMR410
2014-03-09 13:19 - 2011-11-20 16:02 - 00000000 ____D () D:\ProgramData\Norton
2014-03-07 21:47 - 2013-03-12 16:35 - 00000000 ____D () D:\ProgramData\CanonIJPLM
2014-03-07 17:06 - 2010-02-21 16:14 - 01620684 _____ () D:\Windows\system32\PerfStringBackup.INI
2014-03-05 22:31 - 2014-03-05 22:31 - 00000000 ____D () D:\Users\Brainwash\AppData\Local\Skype
2014-03-05 22:30 - 2014-03-05 22:30 - 00002717 _____ () D:\Users\Public\Desktop\Skype.lnk
2014-03-05 22:30 - 2014-03-05 22:30 - 00000000 ____D () D:\Program Files\Common Files\Skype
2014-03-05 22:30 - 2011-12-26 14:04 - 00000000 ___RD () D:\Program Files\Skype
2014-03-05 22:30 - 2011-12-26 14:04 - 00000000 ____D () D:\ProgramData\Skype
2014-03-05 18:53 - 2014-03-02 20:43 - 00000000 ____D () D:\Users\Brainwash\AppData\Roaming\Battle.net
2014-03-02 20:43 - 2014-03-02 20:43 - 00001118 _____ () D:\Users\Public\Desktop\Battle.net.lnk
2014-03-02 20:43 - 2012-05-15 18:32 - 00000000 ____D () D:\Program Files\Common Files\Blizzard Entertainment
2014-03-02 20:21 - 2014-03-02 20:21 - 00000000 ____D () D:\Users\Brainwash\AppData\Local\Blizzard Entertainment
2014-03-01 05:30 - 2014-03-13 19:03 - 17074688 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.dll
2014-03-01 05:11 - 2014-03-13 19:03 - 02724864 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.tlb
2014-03-01 05:10 - 2014-03-13 19:03 - 00004096 _____ (Microsoft Corporation) D:\Windows\system32\ieetwcollectorres.dll
2014-03-01 04:52 - 2014-03-13 19:03 - 00061952 _____ (Microsoft Corporation) D:\Windows\system32\iesetup.dll
2014-03-01 04:51 - 2014-03-13 19:03 - 00051200 _____ (Microsoft Corporation) D:\Windows\system32\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 19:03 - 02168320 _____ (Microsoft Corporation) D:\Windows\system32\iertutil.dll
2014-03-01 04:43 - 2014-03-13 19:03 - 00043008 _____ (Microsoft Corporation) D:\Windows\system32\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 19:03 - 00032768 _____ (Microsoft Corporation) D:\Windows\system32\iernonce.dll
2014-03-01 04:40 - 2014-03-13 19:03 - 00440832 _____ (Microsoft Corporation) D:\Windows\system32\ieui.dll
2014-03-01 04:38 - 2014-03-13 19:03 - 00112128 _____ (Microsoft Corporation) D:\Windows\system32\ieUnatt.exe
2014-03-01 04:38 - 2014-03-13 19:03 - 00108032 _____ (Microsoft Corporation) D:\Windows\system32\ieetwcollector.exe
2014-03-01 04:37 - 2014-03-13 19:03 - 00553472 _____ (Microsoft Corporation) D:\Windows\system32\jscript9diag.dll
2014-03-01 04:31 - 2014-03-13 19:03 - 00646144 _____ (Microsoft Corporation) D:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:25 - 2014-03-13 19:03 - 00208896 _____ (Microsoft Corporation) D:\Windows\system32\ie4uinit.exe
2014-03-01 04:16 - 2014-03-13 19:03 - 00164864 _____ (Microsoft Corporation) D:\Windows\system32\msrating.dll
2014-03-01 04:14 - 2014-03-13 19:03 - 04244480 _____ (Microsoft Corporation) D:\Windows\system32\jscript9.dll
2014-03-01 04:03 - 2014-03-13 19:03 - 00524288 _____ (Microsoft Corporation) D:\Windows\system32\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 19:03 - 01964032 _____ (Microsoft Corporation) D:\Windows\system32\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 19:03 - 11266048 _____ (Microsoft Corporation) D:\Windows\system32\ieframe.dll
2014-03-01 03:32 - 2014-03-13 19:03 - 01820160 _____ (Microsoft Corporation) D:\Windows\system32\wininet.dll
2014-03-01 03:27 - 2014-03-13 19:03 - 01156096 _____ (Microsoft Corporation) D:\Windows\system32\urlmon.dll
2014-03-01 03:25 - 2014-03-13 19:03 - 00703488 _____ (Microsoft Corporation) D:\Windows\system32\ieapfltr.dll
2014-02-28 22:35 - 2014-02-28 22:35 - 00000000 ____D () D:\Users\Brainwash\AppData\Local\CrashDumps
2014-02-28 18:23 - 2011-09-15 14:16 - 00000000 ____D () D:\Users\Brainwash\Desktop\Games
2014-02-27 17:51 - 2014-02-27 17:51 - 00000000 ____D () D:\Users\Brainwash\Documents\Criterion Games
2014-02-27 17:14 - 2011-09-15 13:53 - 00000000 ____D () D:\Program Files\Games
2014-02-27 17:12 - 2011-12-05 15:50 - 00000000 ____D () D:\ProgramData\Origin
2014-02-27 11:34 - 2014-02-05 00:40 - 00000000 ____D () D:\Users\Brainwash\Desktop\QS Test
2014-02-26 20:27 - 2010-02-21 18:56 - 00000000 ____D () D:\Users\Brainwash\Documents\My Games
2014-02-26 20:27 - 2010-02-21 16:18 - 00000000 ____D () D:\Users\Brainwash
2014-02-26 20:24 - 2014-02-26 20:21 - 00000000 ____D () D:\Users\Brainwash\AppData\Local\Runic Games
2014-02-26 20:18 - 2014-02-26 20:18 - 00000000 ____D () D:\Users\Public\Games
2014-02-26 20:18 - 2009-07-14 03:37 - 00000000 ___RD () D:\Users\Public
2014-02-26 18:00 - 2014-02-26 18:00 - 00000000 ____D () D:\Program Files\MediaViewerV1

ZeroAccess:
D:\$Recycle.Bin\S-1-5-18\$3f462aebacf836edb7ea03fd46b4c436

ZeroAccess:
D:\$Recycle.Bin\S-1-5-21-1037492137-1555187610-2593971898-1001\$3f462aebacf836edb7ea03fd46b4c436

Files to move or delete:
====================
D:\ProgramData\0tbpw.pad
D:\ProgramData\lsass.exe


Some content of TEMP:
====================
D:\Users\Brainwash\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

D:\Windows\explorer.exe => MD5 is legit
D:\Windows\system32\winlogon.exe => MD5 is legit
D:\Windows\system32\wininit.exe => MD5 is legit
D:\Windows\system32\svchost.exe => MD5 is legit
D:\Windows\system32\services.exe => MD5 is legit
D:\Windows\system32\User32.dll => MD5 is legit
D:\Windows\system32\userinit.exe => MD5 is legit
D:\Windows\system32\rpcss.dll => MD5 is legit
D:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-26 00:40

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Brainwash at 2014-03-26 11:21:13
Running from D:\Users\Brainwash\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.0.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.30921 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO Codecs (Version: 11.7.0.11016 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (Version: 2013.0921.356.5161 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{7FA82E6A-F132-9752-FEE8-55F1A1D79A47}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0921.356.5161 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.80921.0504 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.04.0000 - AMD) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
ANNO 1404 (HKLM\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.03.0000 - Ubisoft)
Anno 1404 (Version: 1.00.0000 - Ubisoft) Hidden
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.1.0.1 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BleachBit (HKLM\...\BleachBit) (Version:  - BleachBit)
Browser Configuration Utility (HKLM\...\{E8AEA11B-E60A-455E-B008-E4E763604612}) (Version: 1.0.4.9 - DeviceVM Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG3200 series Benutzerregistrierung (HKLM\...\Canon MG3200 series Benutzerregistrierung) (Version:  - Canon Inc.‎)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.0921.356.5161 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0921.356.5161 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0921.356.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0921.0355.5161 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0921.356.5161 - Advanced Micro Devices, Inc.) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Darksiders II (HKLM\...\Steam App 50650) (Version:  - Vigil Games)
Diablo III (HKLM\...\Diablo III) (Version:  - Blizzard Entertainment)
DiRT 3 (Version: 1.0.0003.130 - Codemasters) Hidden
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
EasySaver B9.0205.1  (HKLM\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Facemoods Toolbar (HKLM\...\facemoods) (Version:  - ) <==== ATTENTION
Far Cry 3 (HKLM\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.04 - Ubisoft)
Futuremark SystemInfo (HKLM\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.0.0.0 - Futuremark Corporation)
Gigabyte Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - Gigabyte Technology Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM\...\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}) (Version: 4.3.7284.3916 - Google)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
GRID 2 (HKLM\...\Steam App 44350) (Version:  - Codemasters Racing)
High-Definition Video Playback (Version: 11.1.10400.2.65 - Nero AG) Hidden
HydraVision (Version: 4.2.216.0 - Advanced Micro Devices, Inc.) Hidden
Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 33 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Media Player (HKLM\...\MediaPlayerV1alpha1446) (Version: 1.1 - Media Player)
Media View (HKLM\...\MediaViewV1alpha2335) (Version: 1.1 - Media View)
Media View (HKLM\...\MediaViewV1alpha4888) (Version: 1.1 - Media View)
Media Viewer (HKLM\...\MediaViewerV1alpha8483) (Version: 1.1 - Media Viewer)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.1 (HKLM\...\{66F0AC35-4805-44BC-A3D4-347D4196F9B3}) (Version: 1.10.123.0 - Microsoft)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
NASA World Wind 1.4 (HKLM\...\NASA World Wind 1.4) (Version:  - )
Need for Speed™ Most Wanted (HKLM\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.0.0.0 - Electronic Arts)
Nero 11 (HKLM\...\{F021D637-BBDA-486B-96F0-225B62596C3B}) (Version: 11.0.11000 - Nero AG)
Nero 11 Disc Menus Basic (Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Effects Basic (Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Image Samples (Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Kwik Themes Basic (Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 PiP Effects Basic (Version: 11.0.11300.12.0 - Nero AG) Hidden
Nero Audio Pack 1 (Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp 11 (Version: 6.0.16000.13.100 - Nero AG) Hidden
Nero BackItUp 11 Help (CHM) (Version: 11.0.10200 - Nero AG) Hidden
Nero Backup Drivers (HKLM\...\{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}) (Version: 1.0.10000.1.0 - Nero AG)
Nero Burning ROM 11 (Version: 11.0.12200.23.100 - Nero AG) Hidden
Nero Burning ROM 11 Help (CHM) (Version: 11.0.10300 - Nero AG) Hidden
Nero ControlCenter 11 (Version: 11.0.12300.0.23 - Nero AG) Hidden
Nero ControlCenter 11 Help (CHM) (Version: 11.0.10300 - Nero AG) Hidden
Nero Core Components 11 (Version: 11.0.15000.1.12 - Nero AG) Hidden
Nero CoverDesigner 11 (Version: 6.0.10800.11.100 - Nero AG) Hidden
Nero CoverDesigner 11 Help (CHM) (Version: 11.0.10300 - Nero AG) Hidden
Nero Express 11 (Version: 11.0.11700.23.100 - Nero AG) Hidden
Nero Express 11 Help (CHM) (Version: 11.0.10300 - Nero AG) Hidden
Nero Kwik Media (Version: 1.10.19300.93.100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (Version: 11.0.10200 - Nero AG) Hidden
Nero Recode 11 (Version: 5.0.13300.32.100 - Nero AG) Hidden
Nero Recode 11 Help (CHM) (Version: 11.0.10300 - Nero AG) Hidden
Nero RescueAgent 11 (Version: 4.0.10600.10.100 - Nero AG) Hidden
Nero RescueAgent 11 Help (CHM) (Version: 11.0.10400 - Nero AG) Hidden
Nero SoundTrax 11 (Version: 5.0.10400.4.100 - Nero AG) Hidden
Nero SoundTrax 11 Help (CHM) (Version: 11.0.10400 - Nero AG) Hidden
Nero Update (Version: 11.0.10623.22.0 - Nero AG) Hidden
Nero Video 11 (Version: 8.0.14000.21.100 - Nero AG) Hidden
Nero Video 11 Help (CHM) (Version: 11.0.10300 - Nero AG) Hidden
Nero WaveEditor 11 (Version: 6.0.10800.5.100 - Nero AG) Hidden
Nero WaveEditor 11 Help (CHM) (Version: 11.0.10400 - Nero AG) Hidden
nero.prerequisites.msi (Version: 11.0.20008 - Nero AG) Hidden
Norton 360 (HKLM\...\N360) (Version: 21.1.0.18 - Symantec Corporation)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Origin (HKLM\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Rapture3D 2.4.8 Game (HKLM\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5780 - Realtek Semiconductor Corp.)
Re-markit (HKLM\...\d3d35679-b737-410b-b7b7-f11c6d1a8fe8) (Version:  - Re-markit Software) <==== ATTENTION
SHIFT 2 UNLEASHED™ (HKLM\...\{E8C37E27-5205-4C8A-BECB-B00533045AAE}) (Version: 1.0.0.0 - Electronic Arts)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sweet Home 3D version 3.5 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
System Requirements Lab CYRI (HKLM\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.7 - TeamSpeak Systems GmbH)
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.2020.20 - TuneUp Software) Hidden
Uplay (HKLM\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.0.0 (HKLM\...\VLC media player) (Version: 1.0.0 - VideoLAN Team)
welcome (Version: 11.0.21500.0.4 - Nero AG) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N D:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {06D97EA4-8F96-4180-BE5B-AAB3AC5C6065} - System32\Tasks\Java Update Scheduler => D:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18] (Sun Microsystems, Inc.)
Task: {29962410-69EC-4612-978D-A59656758FE4} - System32\Tasks\Norton WSC Integration => D:\Program Files\Norton 360\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {32F2FBA9-75B0-4896-82D9-FED9D11F1044} - System32\Tasks\Re-markit Update => D:\Program Files\Re-markit\ReMarkit_up.exe [2014-02-19] () <==== ATTENTION
Task: {4F2C5637-990A-4B0B-9A94-372AE980F8DC} - System32\Tasks\Norton 360\Norton Error Analyzer => D:\Program Files\Norton 360\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {63101CB3-99A8-4CFC-BE16-7710A310FDE7} - System32\Tasks\Norton 360\Norton Error Processor => D:\Program Files\Norton 360\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {71DF87C5-8A7C-482D-B0C8-70D1792695DA} - System32\Tasks\AdobeFlashPlayerUpdate 2 => D:\Windows\system32\FlashPlayerUpdateService.exe
Task: {7963AC4A-6B1A-43F4-8325-685D6D690A3E} - System32\Tasks\Apple\AppleSoftwareUpdate => D:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {79BF25F6-8338-49B0-8C89-B65C5B6772CA} - System32\Tasks\AdobeAAMUpdater-1.0-Brainwash-PC-Brainwash => D:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {8038DB71-7340-4E3A-8E20-12C361485C84} - System32\Tasks\GoogleUpdateTaskMachineUA => D:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-15] (Google Inc.)
Task: {8B255BDE-5B72-4AEA-8BDA-3C3BAC153257} - System32\Tasks\Re-markit_wd => D:\Program Files\Re-markit\Re-markit_wd.exe [2014-02-19] () <==== ATTENTION
Task: {A1E20D94-06E0-4658-9DA3-9204CEA53CD1} - System32\Tasks\GoogleUpdateTaskMachineCore => D:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-15] (Google Inc.)
Task: {B4996922-53FC-4E03-ABF9-9D8FB7FA49FC} - System32\Tasks\AdobeFlashPlayerUpdate => D:\Windows\system32\FlashPlayerUpdateService.exe
Task: {C3BD2A6F-7B80-4A9F-BD88-8DC4352014BE} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {F38A3029-ABB8-44E3-A15C-46C6135E8D50} - System32\Tasks\Adobe Flash Player Updater => D:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {F94966AA-D648-4B9B-BEEE-8CD4FA871598} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => D:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29] ()
Task: {FC7BCF90-77CE-4547-958E-638A417F0DA7} - System32\Tasks\GoforFilesUpdate => D:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: D:\Windows\Tasks\Adobe Flash Player Updater.job => D:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: D:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files\Google\Update\GoogleUpdate.exe
Task: D:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files\Google\Update\GoogleUpdate.exe
Task: D:\Windows\Tasks\Re-markit Update.job => D:\Program Files\Re-markit\ReMarkit_up.exe <==== ATTENTION
Task: D:\Windows\Tasks\Re-markit_wd.job => D:\Program Files\Re-markit\Re-markit_wd.exe <==== ATTENTION
Task: D:\Windows\Tasks\Wise Care 365.job => D:\Program Files\Wise\Wise Care 365\WiseTray.exe

==================== Loaded Modules (whitelisted) =============

2014-02-16 16:32 - 2013-12-09 11:37 - 00394808 _____ () D:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2014-02-19 10:13 - 2014-02-19 10:13 - 00093184 _____ () D:\Program Files\Re-markit\Re-markit_wd.exe
2013-03-12 16:46 - 2012-03-28 13:49 - 00140456 _____ () D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2011-12-04 15:24 - 2013-10-30 19:19 - 00076888 _____ () D:\Windows\system32\PnkBstrA.exe
2014-02-19 10:13 - 2014-02-19 10:13 - 00182272 _____ () D:\Program Files\Re-markit\Re-markit155.exe
2013-09-06 11:37 - 2013-09-06 11:37 - 03233806 _____ () D:\Program Files\Tor\tor.exe
2014-02-16 15:02 - 2014-02-16 15:02 - 03578992 _____ () D:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-13 19:22 - 2014-03-13 19:22 - 16276872 _____ () D:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: D:\ProgramData:gs5sys
AlternateDataStreams: D:\Users\All Users:gs5sys
AlternateDataStreams: D:\Users\Brainwash:gs5sys
AlternateDataStreams: D:\ProgramData\Anwendungsdaten:gs5sys
AlternateDataStreams: D:\ProgramData\TEMP:B606BA34
AlternateDataStreams: D:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: D:\ProgramData\TEMP:FB1B13D8
AlternateDataStreams: D:\Users\Brainwash\Anwendungsdaten:gs5sys
AlternateDataStreams: D:\Users\Brainwash\Cookies:gs5sys
AlternateDataStreams: D:\Users\Brainwash\Lokale Einstellungen:gs5sys
AlternateDataStreams: D:\Users\Brainwash\Vorlagen:gs5sys
AlternateDataStreams: D:\Users\Brainwash\Desktop\desktop.ini:gs5sys
AlternateDataStreams: D:\Users\Brainwash\AppData\Local:gs5sys
AlternateDataStreams: D:\Users\Brainwash\AppData\Roaming:gs5sys
AlternateDataStreams: D:\Users\Brainwash\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: D:\Users\Brainwash\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: D:\Users\Brainwash\Documents\desktop.ini:gs5sys
AlternateDataStreams: D:\Users\Public\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: D:^Users^Brainwash^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => D:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2014 10:32:26 PM) (Source: SecurityCenter) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.

Error: (03/25/2014 10:28:29 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (03/24/2014 01:43:41 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Re-markit155.exe, Version: 1.155.0.0, Zeitstempel: 0x53022b02
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb10c6
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x0000812f
ID des fehlerhaften Prozesses: 0x89c
Startzeit der fehlerhaften Anwendung: 0xRe-markit155.exe0
Pfad der fehlerhaften Anwendung: Re-markit155.exe1
Pfad des fehlerhaften Moduls: Re-markit155.exe2
Berichtskennung: Re-markit155.exe3

Error: (03/21/2014 11:51:37 AM) (Source: SecurityCenter) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.

Error: (03/21/2014 11:47:06 AM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (03/21/2014 03:18:06 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Re-markit155.exe, Version: 1.155.0.0, Zeitstempel: 0x53022b02
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb10c6
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x0000812f
ID des fehlerhaften Prozesses: 0x914
Startzeit der fehlerhaften Anwendung: 0xRe-markit155.exe0
Pfad der fehlerhaften Anwendung: Re-markit155.exe1
Pfad des fehlerhaften Moduls: Re-markit155.exe2
Berichtskennung: Re-markit155.exe3

Error: (03/21/2014 03:16:43 AM) (Source: SecurityCenter) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.

Error: (03/20/2014 10:31:36 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (03/20/2014 00:42:42 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Re-markit155.exe, Version: 1.155.0.0, Zeitstempel: 0x53022b02
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb10c6
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x0000812f
ID des fehlerhaften Prozesses: 0x8e8
Startzeit der fehlerhaften Anwendung: 0xRe-markit155.exe0
Pfad der fehlerhaften Anwendung: Re-markit155.exe1
Pfad des fehlerhaften Moduls: Re-markit155.exe2
Berichtskennung: Re-markit155.exe3

Error: (03/19/2014 00:33:40 AM) (Source: SecurityCenter) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.


System errors:
=============
Error: (03/25/2014 11:28:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update SerialTrunc" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/25/2014 11:28:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Util SerialTrunc" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/25/2014 10:29:18 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/25/2014 10:28:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/25/2014 10:28:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/24/2014 01:43:45 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Re-markit" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/23/2014 10:26:02 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/21/2014 11:47:58 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/21/2014 11:47:34 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/21/2014 11:46:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (03/25/2014 10:32:26 PM) (Source: SecurityCenter)(User: )
Description: 

Error: (03/25/2014 10:28:29 PM) (Source: WinMgmt)(User: )
Description: 0x8007007e

Error: (03/24/2014 01:43:41 AM) (Source: Application Error)(User: )
Description: Re-markit155.exe1.155.0.053022b02KERNELBASE.dll6.1.7601.1822951fb10c6e06d73630000812f89c01cf44f2e30947f7D:\Program Files\Re-markit\Re-markit155.exeD:\Windows\system32\KERNELBASE.dll57e6be34-b2ed-11e3-88c3-00241dc1498e

Error: (03/21/2014 11:51:37 AM) (Source: SecurityCenter)(User: )
Description: 

Error: (03/21/2014 11:47:06 AM) (Source: WinMgmt)(User: )
Description: 0x8007007e

Error: (03/21/2014 03:18:06 AM) (Source: Application Error)(User: )
Description: Re-markit155.exe1.155.0.053022b02KERNELBASE.dll6.1.7601.1822951fb10c6e06d73630000812f91401cf4483bf4c91c4D:\Program Files\Re-markit\Re-markit155.exeD:\Windows\system32\KERNELBASE.dll098f4b7a-b09f-11e3-bab7-00241dc1498e

Error: (03/21/2014 03:16:43 AM) (Source: SecurityCenter)(User: )
Description: 

Error: (03/20/2014 10:31:36 PM) (Source: WinMgmt)(User: )
Description: 0x8007007e

Error: (03/20/2014 00:42:42 AM) (Source: Application Error)(User: )
Description: Re-markit155.exe1.155.0.053022b02KERNELBASE.dll6.1.7601.1822951fb10c6e06d73630000812f8e801cf42efce24cb31D:\Program Files\Re-markit\Re-markit155.exeD:\Windows\system32\KERNELBASE.dll296b42da-afc0-11e3-9dc8-00241dc1498e

Error: (03/19/2014 00:33:40 AM) (Source: SecurityCenter)(User: )
Description: 


==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 3326.49 MB
Available physical RAM: 1771.63 MB
Total Pagefile: 6651.27 MB
Available Pagefile: 4762.48 MB
Total Virtual: 2499.88 MB
Available Virtual: 2327.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:6.97 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:32.35 GB) NTFS
Drive e: (NFS_MOSTWANTED) (CDROM) (Total:6.59 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: A59DA59D)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 76936D7B)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 26.03.2014, 12:48

Zitat:

Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Microsoft Office Professional Edition 2003
Adobe Photoshop CS5.1

Was haste denn da für teure Software drauf, Ultimate und Professional Editionen, ist das ein gewebrlich genutztes System, wenn nicht wer nutzt sowas rein privat?

Zitat:

ZeroAccess:
D:\$Recycle.Bin\S-1-5-18\$3f462aebacf836edb7ea03fd46b4c436

Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?

Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.
Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.
Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, da sie sich praktisch "jeder" ansehen konnte.

Teile mir also mit, wie du dich entschieden hast.

Brainwash · 26.03.2014, 13:22

werde gleich meiner bank wegen online banking bescheid geben.

Ich will kein Risiko eingehen.

Vorschlag:
Ich besorge mir eine neue Festplatte, ziehe Bilder, Videos, word/excel/pp dateien... alles wichtige rüber und mache den PC platt und installiere Windows neu.

Kann ich die einzelnen Dateien kopieren ohne das Viren/Trojaner mit auf die neue HDD kommen?
Kann ich die alten HDDs weiter nutzen?

cosinus · 26.03.2014, 13:30

Lesestoff:
Sichern von Daten eines infizierten Systems

Mit einem Live-System sind keine Schädlinge des infizierten Windows-Systems aktiv, damit ist dann auch eine negative Beeinflussung des Backups durch Schädlinge ausgeschlossen.

Du brauchst natürlich auch ein Sicherungsmedium, am besten dürfte eine externe Platte sein. Sofern du nicht allzuviel sichern musst, kann auch ein USB-Stick ausreichen.

Anleitung: Parted Magic

Brainwash · 30.03.2014, 13:37

werde jetzt Windows auf einer neuen festplatte installieren und dann die wichtigsten Dateien rüberziehen.

Vielen Dank für Deine Hilfe!

mfg Brainwash

Serial Trunc, PopUps, Werbebanner, lahmer Browser

Plagegeister aller Art und deren Bekämpfung: Serial Trunc, PopUps, Werbebanner, lahmer Browser