| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus-Attacke vor Bachelor-Verteidigung!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.08.2014, 12:57
| #1 |
 |  Virus-Attacke vor Bachelor-Verteidigung! Liebes trojaneer-board-Helfer, ich habe morgen früh meine Bachelor-Verteidigung und kämpfe mit einer Virus-Attacke auf meinen Laptop. Vllt. schaffe ich es ja mit eurer Hilfe diesen heute wieder sauber zu kriegen. Mein Aver Aspire 7745G wurde eigentlich erst vor ein paar Wochen aufgrund eines Festplattendefekts innerhalb der Garantiezeit neu formatiert. Als Anti-Viren-Programm habe ich Avast! Free Antivirus verwendet. Nun erhalte ich ständig verschiedenste Fehler- und Warnmeldungen, die sich mit normalem Anti-Viren Check nicht entfernen lassen. Genaueres zeigen euch wahrscheinlich die log-files. Ich hoffe ihr könnt mir helfen! Danke! Ronyafee23 Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2014
Ran by Acer at 2014-08-31 13:01:17
Running from C:\Users\Acer\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Age of Empires III (HKLM-x32\...\InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}) (Version: 1.3.17.05006 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.3.17.05006 - Alcor Micro Corp.) Hidden
AMD APP SDK Runtime (Version: 2.4.595.1 - Advanced Micro Devices Inc.) Hidden
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.24 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{0B674B1E-1905-4830-ABD1-F6892F1C4394}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Browsers Apps (HKLM-x32\...\Browsers Apps) (Version: 1.34.8.12 - app)
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (x32 Version: 2011.0613.2238.38801 - Ihr Firmenname) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0613.2238.38801 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0613.2238.38801 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0613.2238.38801 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help English (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help French (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help German (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0613.2237.38801 - ATI) Hidden
ccc-utility64 (Version: 2011.0613.2238.38801 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
Dia (nur entfernen) (HKLM-x32\...\Dia) (Version: - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
FreeRIP MP3 Converter 4.5.2 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.5.2 - GreenTree Applications SRL)
FreeSoftToday 014.139 (HKLM-x32\...\fst_de_139_is1) (Version: - FREESOFTTODAY) <==== ATTENTION
Glary Utilities 2.56.0.1822 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.56.0.1822 - Glarysoft Ltd)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.00.1005 - Intel Corporation)
istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version: - istartsurf) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
Nero ControlCenter (x32 Version: 11.0.15500 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden
Nero CoverDesigner (HKLM-x32\...\{3143E3EB-17A5-48F9-90FC-D7CA556CA210}) (Version: 12.0.01500 - Nero AG)
Nero CoverDesigner (x32 Version: 12.0.10003 - Nero AG) Hidden
Nero CoverDesigner Help (CHM) (x32 Version: 12.0.2000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.9.1 - pdfforge)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6050 - Realtek Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.16.31.75 - Client Connect LTD) <==== ATTENTION
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.4.0 - Uniblue Systems Limited) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
ToggleMark (HKLM\...\ToggleMark) (Version: 2014.08.23.083657 - ToggleMark) <==== ATTENTION
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
WindowsMangerProtect20.0.0.502 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED) <==== ATTENTION
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
ZDATA (HKLM-x32\...\{52B97371-A2FA-4888-ACEB-EAE515226950}) (Version: 4.0 - Verlag Dieter Zimpel)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4176456405-1835366957-2564523001-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4176456405-1835366957-2564523001-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4176456405-1835366957-2564523001-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4176456405-1835366957-2564523001-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4176456405-1835366957-2564523001-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4176456405-1835366957-2564523001-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4176456405-1835366957-2564523001-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4176456405-1835366957-2564523001-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4176456405-1835366957-2564523001-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
15-08-2014 08:12:44 Windows Update
16-08-2014 01:00:10 Windows Update
16-08-2014 18:23:12 Uniblue SpeedUpMyPC installation
19-08-2014 06:44:57 Windows Update
21-08-2014 06:54:12 Windows Update
26-08-2014 07:22:55 Windows Update
29-08-2014 06:19:31 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1F7D6763-17C0-4AB2-943E-C67F50BE5F77} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {31919A1A-ED27-4702-9B31-068ECFDB3F00} - System32\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-3 => C:\Program Files (x86)\Browsers Apps\5a68d3d9-199d-44ef-8c83-1381a3dd6959-3.exe [2014-08-16] (app)
Task: {3684E39E-48A6-4124-82AC-2C17F0B72177} - System32\Tasks\9bb4abbc-f0f4-4bee-95d2-6af96119964c => C:\Program Files (x86)\Browsers Apps\5a68d3d9-199d-44ef-8c83-1381a3dd6959-4.exe [2014-08-16] (app)
Task: {376698B9-7816-4FE0-BB0D-CC7AE7F9057E} - System32\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-2 => C:\Program Files (x86)\Browsers Apps\5a68d3d9-199d-44ef-8c83-1381a3dd6959-2.exe [2014-08-16] (app)
Task: {4A972885-A7BA-413E-9380-8F7DFAC1332C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-09] (Google Inc.)
Task: {4BB18B3F-3003-43ED-BA91-5B6EC5ADF911} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-16] (globalUpdate) <==== ATTENTION
Task: {5EFF4B62-4569-431E-B6C3-005F3CA3BBD5} - System32\Tasks\f7a1f89a-506f-4193-938d-d7e90e4c7c76 => C:\Program Files (x86)\Browsers Apps\f7a1f89a-506f-4193-938d-d7e90e4c7c76.exe [2014-08-16] ()
Task: {646DD72A-0E98-4262-9ABE-C65BD6F68BCA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-05] (AVAST Software)
Task: {6B6F7BBA-395B-49AB-BFE1-2FB21C10D148} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-08-14] (MyPC Backup) <==== ATTENTION
Task: {73538F23-B093-4A9B-B837-7BF92E149F4C} - System32\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-5 => C:\Program Files (x86)\Browsers Apps\5a68d3d9-199d-44ef-8c83-1381a3dd6959-5.exe [2014-08-16] (app)
Task: {86526EC2-F8BE-4C76-8F3C-2CF92BC66982} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-08-08] (Uniblue Systems Limited) <==== ATTENTION
Task: {8881A92A-3812-4588-BF51-62E90EC80B26} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-08-08] (Uniblue Systems Limited) <==== ATTENTION
Task: {9B3EC7D0-BDC5-4DC4-942A-0AB9F6E4740C} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-03-20] (TuneUp Software)
Task: {A06C3920-56FA-45A6-9F45-7A01BD4534C0} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-16] (globalUpdate) <==== ATTENTION
Task: {A7846A37-C978-4BA6-A40E-BCE3EE128B08} - System32\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-5_user => C:\Program Files (x86)\Browsers Apps\5a68d3d9-199d-44ef-8c83-1381a3dd6959-5.exe [2014-08-16] (app)
Task: {B9731D8C-744D-4419-AC2A-3DD9D0DAEE1D} - System32\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-11 => C:\Program Files (x86)\Browsers Apps\5a68d3d9-199d-44ef-8c83-1381a3dd6959-11.exe [2014-08-16] (app)
Task: {BA0BDBEA-5A03-451B-BFA3-F6010812A878} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd)
Task: {CFCE010A-6C5C-4AAC-8A61-FB9514B4EB59} - System32\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-4 => C:\Program Files (x86)\Browsers Apps\5a68d3d9-199d-44ef-8c83-1381a3dd6959-4.exe [2014-08-16] (app)
Task: {E086AB0D-C464-47C8-BAB4-0BAD53D15441} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-09] (Google Inc.)
Task: {EB51BE7D-5FC5-4FDF-96F6-DBD9ADF698A7} - System32\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-1 => C:\Program Files (x86)\Browsers Apps\Browsers Apps-codedownloader.exe [2014-08-16] (app)
Task: {F8846281-9550-44D4-A922-278610359A23} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-1.job => C:\Program Files (x86)\Browsers Apps\Browsers Apps-codedownloader.exe
Task: C:\Windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-11.job => C:\Program Files (x86)\Browsers Apps\5a68d3d9-199d-44ef-8c83-1381a3dd6959-11.exe
Task: C:\Windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-2.job => C:\Program Files (x86)\Browsers Apps\5a68d3d9-199d-44ef-8c83-1381a3dd6959-2.exe
Task: C:\Windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-3.job => C:\Program Files (x86)\Browsers Apps\5a68d3d9-199d-44ef-8c83-1381a3dd6959-3.exe
Task: C:\Windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-4.job => C:\Program Files (x86)\Browsers Apps\5a68d3d9-199d-44ef-8c83-1381a3dd6959-4.exe
Task: C:\Windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-5.job => C:\Program Files (x86)\Browsers Apps\5a68d3d9-199d-44ef-8c83-1381a3dd6959-5.exe
Task: C:\Windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-5_user.job => C:\Program Files (x86)\Browsers Apps\5a68d3d9-199d-44ef-8c83-1381a3dd6959-5.exe
Task: C:\Windows\Tasks\9bb4abbc-f0f4-4bee-95d2-6af96119964c.job => C:\Program Files (x86)\Browsers Apps\5a68d3d9-199d-44ef-8c83-1381a3dd6959-4.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\f7a1f89a-506f-4193-938d-d7e90e4c7c76.job => C:\Program Files (x86)\Browsers Apps\f7a1f89a-506f-4193-938d-d7e90e4c7c76.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-07-28 18:17 - 2014-08-16 20:24 - 00098816 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll
2014-07-28 18:17 - 2014-08-16 20:24 - 00724480 _____ () C:\Program Files (x86)\SupTab\HpUI.exe
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe
2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe
2014-03-20 14:44 - 2014-03-20 14:44 - 00675640 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2014-08-23 10:44 - 2014-08-30 10:17 - 00323360 _____ () C:\Program Files (x86)\ToggleMark\updateToggleMark.exe
2014-08-23 13:14 - 2014-08-30 10:16 - 00323360 _____ () C:\Program Files (x86)\ToggleMark\bin\utilToggleMark.exe
2014-08-16 20:23 - 2014-08-14 11:23 - 03353592 _____ () C:\Users\Acer\AppData\Local\fst_de_139\upfst_de_139.exe
2014-08-30 10:17 - 2014-08-30 14:26 - 00162080 _____ () C:\Program Files (x86)\ToggleMark\bin\ToggleMark.BRT.Helper.exe
2014-08-16 20:23 - 2014-08-14 11:23 - 03980744 _____ () C:\Program Files (x86)\fst_de_139\fst_de_139.exe
2014-08-14 16:09 - 2014-08-14 16:09 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-08-14 16:05 - 2014-08-14 16:05 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2014-08-05 23:03 - 2014-08-05 23:03 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-31 12:19 - 2014-08-31 12:19 - 02805248 _____ () C:\Program Files\AVAST Software\Avast\defs\14083100\algo.dll
2014-07-28 18:17 - 2014-08-16 20:24 - 00086016 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
2014-01-23 17:18 - 2009-12-23 18:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-08-05 23:03 - 2014-08-05 23:03 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-31 12:28 - 2014-08-31 12:28 - 00043008 _____ () c:\users\acer\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpizqgob.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Acer\AppData\Roaming\Dropbox\bin\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/31/2014 00:22:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17239, Zeitstempel: 0x53d22946
Name des fehlerhaften Moduls: urlmon.dll, Version: 11.0.9600.17239, Zeitstempel: 0x53d22abd
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012124
ID des fehlerhaften Prozesses: 0x14c4
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (08/30/2014 00:45:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 12.0.4518.1014, Zeitstempel: 0x45428028
Name des fehlerhaften Moduls: mso.dll, Version: 12.0.4518.1014, Zeitstempel: 0x4542867b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x008f4f36
ID des fehlerhaften Prozesses: 0x14b8
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3
Error: (08/30/2014 10:18:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 31.0.0.5310 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1610
Startzeit: 01cfc42af76476eb
Endzeit: 0
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 43b87255-301e-11e4-b948-60eb69e20f15
Error: (08/27/2014 09:58:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17239, Zeitstempel: 0x53d22946
Name des fehlerhaften Moduls: Flash32_14_0_0_145.ocx, Version: 14.0.0.145, Zeitstempel: 0x53aa18ec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00f24a80
ID des fehlerhaften Prozesses: 0x3084
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (08/27/2014 06:40:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17239, Zeitstempel: 0x53d22946
Name des fehlerhaften Moduls: urlmon.dll, Version: 11.0.9600.17239, Zeitstempel: 0x53d22abd
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012124
ID des fehlerhaften Prozesses: 0x14c8
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (08/27/2014 06:12:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17239, Zeitstempel: 0x53d22946
Name des fehlerhaften Moduls: urlmon.dll, Version: 11.0.9600.17239, Zeitstempel: 0x53d22abd
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012124
ID des fehlerhaften Prozesses: 0x1984
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (08/27/2014 06:11:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17239, Zeitstempel: 0x53d22946
Name des fehlerhaften Moduls: urlmon.dll, Version: 11.0.9600.17239, Zeitstempel: 0x53d22abd
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012124
ID des fehlerhaften Prozesses: 0x27ec
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (08/27/2014 06:08:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17239, Zeitstempel: 0x53d22946
Name des fehlerhaften Moduls: urlmon.dll, Version: 11.0.9600.17239, Zeitstempel: 0x53d22abd
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012124
ID des fehlerhaften Prozesses: 0x22b8
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (08/27/2014 06:04:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17239 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 247c
Startzeit: 01cfc2107a25e443
Endzeit: 38
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (08/23/2014 01:15:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xb94
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
System errors:
=============
Error: (08/31/2014 00:27:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/31/2014 00:27:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
Error: (08/31/2014 00:25:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (08/31/2014 00:24:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (08/30/2014 04:42:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/30/2014 04:42:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
Error: (08/30/2014 04:38:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (08/30/2014 04:38:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (08/28/2014 08:00:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/28/2014 08:00:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
Microsoft Office Sessions:
=========================
Error: (08/30/2014 00:45:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 67812 seconds with 8520 seconds of active time. This session ended with a crash.
Error: (05/23/2014 00:21:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1633 seconds with 900 seconds of active time. This session ended with a crash.
Error: (05/23/2014 11:53:12 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/12/2014 02:39:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 50 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-08-29 15:50:44.596
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-28 18:14:32.094
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-28 16:51:15.795
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-27 18:36:42.373
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-27 18:19:06.757
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-26 17:03:15.390
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-26 16:59:58.661
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-26 16:47:23.141
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-26 16:46:29.417
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-26 16:41:30.250
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 60%
Total physical RAM: 3764.48 MB
Available physical RAM: 1473.64 MB
Total Pagefile: 7527.15 MB
Available Pagefile: 4711.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:419.23 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CDF7DE9A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-08-2014
Ran by Acer (administrator) on ACER-PC on 31-08-2014 13:00:29
Running from C:\Users\Acer\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\ToggleMark\updateToggleMark.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
() C:\Program Files (x86)\ToggleMark\bin\utilToggleMark.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
() C:\Users\Acer\AppData\Local\fst_de_139\upfst_de_139.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
() C:\Program Files (x86)\ToggleMark\bin\ToggleMark.BRT.Helper.exe
() C:\Program Files (x86)\fst_de_139\fst_de_139.exe
(Dropbox, Inc.) C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Farbar) C:\Users\Acer\Desktop\2. FRST64.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-02-22] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-02-05] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-05] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [fst_de_139] => C:\Program Files (x86)\fst_de_139\fst_de_139.exe [3980744 2014-08-14] ()
HKLM-x32\...\RunOnce: [upfst_de_139.exe] => C:\Users\Acer\AppData\Local\fst_de_139\upfst_de_139.exe [3353592 2014-08-14] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4176456405-1835366957-2564523001-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-09] (Google Inc.)
HKU\S-1-5-21-4176456405-1835366957-2564523001-1000\...\MountPoints2: {70581620-18ce-11e4-b22d-60eb69e20f15} - E:\Startme.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [232896 2014-08-15] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187328 2014-08-15] (Client Connect LTD)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=MBD78D631-DEA1-46C7-B527-5708ACD7C86F&SearchSource=55&CUI=&UM=2&UP=SP6BC68B77-E619-473C-85B7-D484BE855FF5&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F&q={searchTerms}
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F&q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=MBD78D631-DEA1-46C7-B527-5708ACD7C86F&SearchSource=58&CUI=&UM=2&UP=SP6BC68B77-E619-473C-85B7-D484BE855FF5&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=MBD78D631-DEA1-46C7-B527-5708ACD7C86F&SearchSource=58&CUI=&UM=2&UP=SP6BC68B77-E619-473C-85B7-D484BE855FF5&q={searchTerms}&SSPV=
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F&q={searchTerms}
BHO: Browsers Apps -> {11111111-1111-1111-1111-110611171187} -> C:\Program Files (x86)\Browsers Apps\Browsers Apps-bho64.dll (app)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: ToggleMark -> {dc59a866-959c-4638-a191-c13177d0bd68} -> C:\Program Files (x86)\ToggleMark\ToggleMarkbho.dll (ToggleMark)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istartsurf.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-07]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-03-07]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\jxs2304l.default\extensions\faststartff@gmail.com
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-05]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - C:\Program Files (x86)\Citavi 4\Pickers\Chrome\ChromePicker.crx [2014-02-07]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-05] (AVAST Software)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36424 2014-08-14] (Just Develop It)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2991552 2014-08-15] (Client Connect LTD)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-16] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-16] (globalUpdate) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-08-16] (Cherished Technololgy LIMITED) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
R2 Update ToggleMark; C:\Program Files (x86)\ToggleMark\updateToggleMark.exe [323360 2014-08-30] ()
R2 Util ToggleMark; C:\Program Files (x86)\ToggleMark\bin\utilToggleMark.exe [323360 2014-08-30] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-05] ()
S3 FARMNTIO; c:\windows\system32\drivers\farmntio.sys [25144 2013-04-11] () [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)
R1 {9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64; C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys [61120 2014-08-16] (StdLib)
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-31 13:00 - 2014-08-31 13:00 - 00018578 _____ () C:\Users\Acer\Desktop\FRST.txt
2014-08-31 13:00 - 2014-08-31 13:00 - 00000000 ____D () C:\FRST
2014-08-31 12:59 - 2014-08-31 12:59 - 02103808 _____ (Farbar) C:\Users\Acer\Desktop\2. FRST64.exe
2014-08-31 12:58 - 2014-08-31 12:58 - 00000470 _____ () C:\Users\Acer\Desktop\defogger_disable.log
2014-08-31 12:58 - 2014-08-31 12:58 - 00000000 _____ () C:\Users\Acer\defogger_reenable
2014-08-31 12:57 - 2014-08-31 12:57 - 00050477 _____ () C:\Users\Acer\Desktop\1. Defogger.exe
2014-08-30 16:33 - 2014-08-31 12:31 - 00000000 ____D () C:\Users\Acer\Desktop\Alte Firefox-Daten
2014-08-30 15:37 - 2014-08-30 15:39 - 00000000 ____D () C:\Users\Acer\Desktop\Dateien Ronya 30.08.2014
2014-08-30 15:37 - 2014-08-30 15:37 - 00000000 ____D () C:\Users\Acer\Desktop\Alte Firefox-Daten - Kopie
2014-08-30 10:17 - 2014-08-30 10:18 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\BRT
2014-08-28 08:06 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 08:06 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 08:06 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 08:32 - 2014-08-24 10:30 - 00000000 ____D () C:\Users\Acer\AppData\Local\Microsoft Games
2014-08-23 13:15 - 2014-08-16 23:49 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys
2014-08-23 12:13 - 2014-08-28 08:09 - 00000000 ____D () C:\Program Files (x86)\ToggleMark
2014-08-23 12:13 - 2014-08-23 12:13 - 00000000 ____D () C:\Users\Acer\AppData\Local\SearchProtect
2014-08-23 12:13 - 2014-08-23 12:13 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-08-21 08:55 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-21 08:55 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-21 08:55 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-21 08:55 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-21 08:54 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-21 08:54 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-21 08:54 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-21 08:54 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-21 08:54 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-21 08:54 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-21 08:54 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-21 08:54 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-21 08:54 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-21 08:54 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-16 20:24 - 2014-08-31 12:27 - 00000614 _____ () C:\Windows\Tasks\f7a1f89a-506f-4193-938d-d7e90e4c7c76.job
2014-08-16 20:24 - 2014-08-31 12:26 - 00003796 _____ () C:\Windows\Tasks\9bb4abbc-f0f4-4bee-95d2-6af96119964c.job
2014-08-16 20:24 - 2014-08-31 12:26 - 00002494 _____ () C:\Windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-4.job
2014-08-16 20:24 - 2014-08-31 12:26 - 00001826 _____ () C:\Windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-1.job
2014-08-16 20:24 - 2014-08-31 12:26 - 00001718 _____ () C:\Windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-5_user.job
2014-08-16 20:24 - 2014-08-31 12:26 - 00001698 _____ () C:\Windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-5.job
2014-08-16 20:24 - 2014-08-31 12:26 - 00001438 _____ () C:\Windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-2.job
2014-08-16 20:24 - 2014-08-31 12:24 - 00000276 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-08-16 20:24 - 2014-08-16 20:24 - 00006826 _____ () C:\Windows\System32\Tasks\9bb4abbc-f0f4-4bee-95d2-6af96119964c
2014-08-16 20:24 - 2014-08-16 20:24 - 00005524 _____ () C:\Windows\System32\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-4
2014-08-16 20:24 - 2014-08-16 20:24 - 00004856 _____ () C:\Windows\System32\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-1
2014-08-16 20:24 - 2014-08-16 20:24 - 00004728 _____ () C:\Windows\System32\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-5
2014-08-16 20:24 - 2014-08-16 20:24 - 00004468 _____ () C:\Windows\System32\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-2
2014-08-16 20:24 - 2014-08-16 20:24 - 00004022 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-08-16 20:24 - 2014-08-16 20:24 - 00003636 _____ () C:\Windows\System32\Tasks\f7a1f89a-506f-4193-938d-d7e90e4c7c76
2014-08-16 20:24 - 2014-08-16 20:24 - 00003210 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance
2014-08-16 20:24 - 2014-08-16 20:24 - 00002498 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Startup
2014-08-16 20:24 - 2014-08-16 20:24 - 00001973 _____ () C:\Users\Acer\Desktop\Sync Folder.lnk
2014-08-16 20:24 - 2014-08-16 20:24 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-08-16 20:24 - 2014-08-16 20:24 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-08-16 20:24 - 2014-08-16 20:24 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-08-16 20:23 - 2014-08-31 12:31 - 00000270 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
2014-08-16 20:23 - 2014-08-31 12:30 - 00000000 ____D () C:\Users\Acer\AppData\Local\fst_de_139
2014-08-16 20:23 - 2014-08-31 12:26 - 00004478 _____ () C:\Windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-11.job
2014-08-16 20:23 - 2014-08-31 12:26 - 00003796 _____ () C:\Windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-3.job
2014-08-16 20:23 - 2014-08-31 12:26 - 00000884 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-08-16 20:23 - 2014-08-31 12:19 - 00000888 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-08-16 20:23 - 2014-08-16 20:24 - 00007508 _____ () C:\Windows\System32\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-11
2014-08-16 20:23 - 2014-08-16 20:24 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-08-16 20:23 - 2014-08-16 20:23 - 00006826 _____ () C:\Windows\System32\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-3
2014-08-16 20:23 - 2014-08-16 20:23 - 00003886 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-08-16 20:23 - 2014-08-16 20:23 - 00003632 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-08-16 20:23 - 2014-08-16 20:23 - 00001169 _____ () C:\Users\Public\Desktop\SpeedUpMyPC.lnk
2014-08-16 20:23 - 2014-08-16 20:23 - 00001091 _____ () C:\Users\Acer\Desktop\MyPC Backup.lnk
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\VOPackage
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Uniblue
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\istartsurf
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\Users\Acer\AppData\Local\globalUpdate
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREESOFTTODAY
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\Program Files (x86)\fst_de_139
2014-08-16 20:22 - 2014-08-16 20:22 - 01373824 _____ () C:\Users\Acer\Downloads\Player.exe
2014-08-15 10:14 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 10:14 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 10:14 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 10:14 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 10:14 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 10:14 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 10:13 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 10:13 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 06:50 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 06:50 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 06:50 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 06:50 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 06:50 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 06:50 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 06:50 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 06:50 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 06:50 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 06:50 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 06:50 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 06:50 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 06:50 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 06:50 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 06:50 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 06:50 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 06:50 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 06:50 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 06:50 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 06:50 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 06:50 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 06:49 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 06:49 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 06:49 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 06:49 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 06:49 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 06:49 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 06:49 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 06:49 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 06:49 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 06:49 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 06:49 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 06:49 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 06:49 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 06:49 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 06:49 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 06:49 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 06:49 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 06:49 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 06:49 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 06:49 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 06:49 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 06:49 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 06:49 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 06:49 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 06:49 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 06:49 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 06:49 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 06:49 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 06:49 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 06:49 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 06:49 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 06:49 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 06:49 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 06:49 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 06:49 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 06:49 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 06:49 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 06:49 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 06:49 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 06:49 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 06:49 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 06:49 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 06:49 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 06:49 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 06:49 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 06:49 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 06:49 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 06:49 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 06:49 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 06:49 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 06:49 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 06:49 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 06:49 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 06:49 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 06:49 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 06:49 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 06:49 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 06:49 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 06:49 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 06:49 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 06:49 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 06:49 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 06:49 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-09 12:21 - 2014-08-09 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZIMPEL
2014-08-09 12:21 - 2014-08-09 12:21 - 00000000 ____D () C:\Program Files (x86)\ZDATA2
2014-08-05 23:03 - 2014-08-05 23:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-05 23:03 - 2014-08-05 23:03 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-31 13:00 - 2014-08-31 13:00 - 00018578 _____ () C:\Users\Acer\Desktop\FRST.txt
2014-08-31 13:00 - 2014-08-31 13:00 - 00000000 ____D () C:\FRST
2014-08-31 12:59 - 2014-08-31 12:59 - 02103808 _____ (Farbar) C:\Users\Acer\Desktop\2. FRST64.exe
2014-08-31 12:58 - 2014-08-31 12:58 - 00000470 _____ () C:\Users\Acer\Desktop\defogger_disable.log
2014-08-31 12:58 - 2014-08-31 12:58 - 00000000 _____ () C:\Users\Acer\defogger_reenable
2014-08-31 12:58 - 2014-01-23 14:20 - 00000000 ____D () C:\Users\Acer
2014-08-31 12:57 - 2014-08-31 12:57 - 00050477 _____ () C:\Users\Acer\Desktop\1. Defogger.exe
2014-08-31 12:53 - 2014-02-09 15:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-31 12:50 - 2014-03-18 16:03 - 00000000 ___RD () C:\Users\Acer\Desktop\Dropbox
2014-08-31 12:35 - 2009-07-14 06:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-31 12:35 - 2009-07-14 06:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-31 12:33 - 2009-07-14 19:58 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2014-08-31 12:33 - 2009-07-14 19:58 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2014-08-31 12:33 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-31 12:32 - 2014-01-23 13:18 - 01793156 _____ () C:\Windows\WindowsUpdate.log
2014-08-31 12:31 - 2014-08-30 16:33 - 00000000 ____D () C:\Users\Acer\Desktop\Alte Firefox-Daten
2014-08-31 12:31 - 2014-08-16 20:23 - 00000270 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
2014-08-31 12:30 - 2014-08-16 20:23 - 00000000 ____D () C:\Users\Acer\AppData\Local\fst_de_139
2014-08-31 12:29 - 2014-02-09 15:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-31 12:28 - 2014-03-07 11:07 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Dropbox
2014-08-31 12:27 - 2014-08-16 20:24 - 00000614 _____ () C:\Windows\Tasks\f7a1f89a-506f-4193-938d-d7e90e4c7c76.job
2014-08-31 12:27 - 2009-07-14 04:34 - 00000580 _____ () C:\Windows\win.ini
2014-08-31 12:26 - 2014-08-16 20:24 - 00003796 _____ () C:\Windows\Tasks\9bb4abbc-f0f4-4bee-95d2-6af96119964c.job
2014-08-31 12:26 - 2014-08-16 20:24 - 00002494 _____ () C:\Windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-4.job
2014-08-31 12:26 - 2014-08-16 20:24 - 00001826 _____ () C:\Windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-1.job
2014-08-31 12:26 - 2014-08-16 20:24 - 00001718 _____ () C:\Windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-5_user.job
2014-08-31 12:26 - 2014-08-16 20:24 - 00001698 _____ () C:\Windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-5.job
2014-08-31 12:26 - 2014-08-16 20:24 - 00001438 _____ () C:\Windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-2.job
2014-08-31 12:26 - 2014-08-16 20:23 - 00004478 _____ () C:\Windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-11.job
2014-08-31 12:26 - 2014-08-16 20:23 - 00003796 _____ () C:\Windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-3.job
2014-08-31 12:26 - 2014-08-16 20:23 - 00000884 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-08-31 12:26 - 2014-03-07 11:28 - 00000324 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-08-31 12:26 - 2014-02-09 15:21 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-31 12:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-31 12:26 - 2009-07-14 06:51 - 00045369 _____ () C:\Windows\setupact.log
2014-08-31 12:24 - 2014-08-16 20:24 - 00000276 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-08-31 12:19 - 2014-08-16 20:23 - 00000888 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-08-31 12:19 - 2014-02-09 15:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-30 16:41 - 2009-07-14 06:45 - 00413984 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-30 16:16 - 2014-03-07 11:39 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Skype
2014-08-30 15:39 - 2014-08-30 15:37 - 00000000 ____D () C:\Users\Acer\Desktop\Dateien Ronya 30.08.2014
2014-08-30 15:37 - 2014-08-30 15:37 - 00000000 ____D () C:\Users\Acer\Desktop\Alte Firefox-Daten - Kopie
2014-08-30 10:18 - 2014-08-30 10:17 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\BRT
2014-08-28 08:09 - 2014-08-23 12:13 - 00000000 ____D () C:\Program Files (x86)\ToggleMark
2014-08-24 18:46 - 2014-02-09 15:32 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Google
2014-08-24 10:30 - 2014-08-24 08:32 - 00000000 ____D () C:\Users\Acer\AppData\Local\Microsoft Games
2014-08-23 20:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-23 12:13 - 2014-08-23 12:13 - 00000000 ____D () C:\Users\Acer\AppData\Local\SearchProtect
2014-08-23 12:13 - 2014-08-23 12:13 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-08-23 04:07 - 2014-08-28 08:06 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 08:06 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 08:06 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 14:28 - 2014-01-23 17:18 - 00038554 _____ () C:\Windows\PFRO.log
2014-08-16 23:49 - 2014-08-23 13:15 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys
2014-08-16 20:24 - 2014-08-16 20:24 - 00006826 _____ () C:\Windows\System32\Tasks\9bb4abbc-f0f4-4bee-95d2-6af96119964c
2014-08-16 20:24 - 2014-08-16 20:24 - 00005524 _____ () C:\Windows\System32\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-4
2014-08-16 20:24 - 2014-08-16 20:24 - 00004856 _____ () C:\Windows\System32\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-1
2014-08-16 20:24 - 2014-08-16 20:24 - 00004728 _____ () C:\Windows\System32\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-5
2014-08-16 20:24 - 2014-08-16 20:24 - 00004468 _____ () C:\Windows\System32\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-2
2014-08-16 20:24 - 2014-08-16 20:24 - 00004022 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-08-16 20:24 - 2014-08-16 20:24 - 00003636 _____ () C:\Windows\System32\Tasks\f7a1f89a-506f-4193-938d-d7e90e4c7c76
2014-08-16 20:24 - 2014-08-16 20:24 - 00003210 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance
2014-08-16 20:24 - 2014-08-16 20:24 - 00002498 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Startup
2014-08-16 20:24 - 2014-08-16 20:24 - 00001973 _____ () C:\Users\Acer\Desktop\Sync Folder.lnk
2014-08-16 20:24 - 2014-08-16 20:24 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-08-16 20:24 - 2014-08-16 20:24 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-08-16 20:24 - 2014-08-16 20:24 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-08-16 20:24 - 2014-08-16 20:23 - 00007508 _____ () C:\Windows\System32\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-11
2014-08-16 20:24 - 2014-08-16 20:23 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-08-16 20:23 - 2014-08-16 20:23 - 00006826 _____ () C:\Windows\System32\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-3
2014-08-16 20:23 - 2014-08-16 20:23 - 00003886 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-08-16 20:23 - 2014-08-16 20:23 - 00003632 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-08-16 20:23 - 2014-08-16 20:23 - 00001169 _____ () C:\Users\Public\Desktop\SpeedUpMyPC.lnk
2014-08-16 20:23 - 2014-08-16 20:23 - 00001091 _____ () C:\Users\Acer\Desktop\MyPC Backup.lnk
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\VOPackage
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Uniblue
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\istartsurf
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\Users\Acer\AppData\Local\globalUpdate
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREESOFTTODAY
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-16 20:23 - 2014-08-16 20:23 - 00000000 ____D () C:\Program Files (x86)\fst_de_139
2014-08-16 20:23 - 2014-02-09 15:32 - 00001369 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-16 20:23 - 2014-01-23 14:20 - 00001643 _____ () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-16 20:22 - 2014-08-16 20:22 - 01373824 _____ () C:\Users\Acer\Downloads\Player.exe
2014-08-16 19:18 - 2014-03-07 11:39 - 00000000 ____D () C:\ProgramData\Skype
2014-08-16 13:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 17:11 - 2014-03-07 11:09 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-15 10:19 - 2014-01-24 09:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 10:18 - 2014-01-24 09:49 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 10:13 - 2014-05-23 11:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-09 12:21 - 2014-08-09 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZIMPEL
2014-08-09 12:21 - 2014-08-09 12:21 - 00000000 ____D () C:\Program Files (x86)\ZDATA2
2014-08-07 04:06 - 2014-08-14 06:49 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-14 06:49 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 23:03 - 2014-08-05 23:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-05 23:03 - 2014-08-05 23:03 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-05 23:03 - 2014-02-09 15:23 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-05 23:03 - 2014-02-09 15:21 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-05 23:03 - 2014-02-09 15:21 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-05 23:03 - 2014-02-09 15:21 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-05 23:03 - 2014-02-09 15:21 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-05 23:03 - 2014-02-09 15:21 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-05 23:03 - 2014-02-09 15:21 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-05 23:03 - 2014-02-09 15:21 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-05 23:03 - 2014-02-09 15:21 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-05 09:20 - 2014-01-24 09:42 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-01 01:41 - 2014-08-14 06:49 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-14 06:49 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
Some content of TEMP:
====================
C:\Users\Acer\AppData\Local\Temp\BackupSetup.exe
C:\Users\Acer\AppData\Local\Temp\dlLogic.exe
C:\Users\Acer\AppData\Local\Temp\dltr.exe
C:\Users\Acer\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpizqgob.dll
C:\Users\Acer\AppData\Local\Temp\GCVerifier.dll
C:\Users\Acer\AppData\Local\Temp\nscF38A.exe
C:\Users\Acer\AppData\Local\Temp\nshB530.exe
C:\Users\Acer\AppData\Local\Temp\nsrAF55.exe
C:\Users\Acer\AppData\Local\Temp\nswFF9B.exe
C:\Users\Acer\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Acer\AppData\Local\Temp\verifier.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-27 20:04
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-31 13:20:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.MH00 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Acer\AppData\Local\Temp\kxldrpob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fbb000 45 bytes [00, 00, 84, 02, 4D, 6D, 64, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574 fffff80002fbb02e 17 bytes [C0, 02, 00, 00, B8, 0F, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[708] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62]
.text C:\Windows\system32\winlogon.exe[744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62]
.text C:\Windows\system32\services.exe[808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[344] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62]
.text C:\Windows\System32\svchost.exe[596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[476] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62]
.text C:\Windows\system32\Dwm.exe[1532] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62]
.text C:\Windows\Explorer.EXE[1540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62]
.text C:\ProgramData\IePluginServices\PluginService.exe[1656] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\Program Files (x86)\SupTab\HpUI.exe[1720] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1996] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\Program Files (x86)\SupTab\Loader32.exe[2024] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3060] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\Program Files (x86)\ToggleMark\updateToggleMark.exe[2300] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\Program Files (x86)\ToggleMark\bin\utilToggleMark.exe[2576] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\Program Files (x86)\ToggleMark\bin\utilToggleMark.exe[2576] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076b31465 2 bytes [B3, 76]
.text C:\Program Files (x86)\ToggleMark\bin\utilToggleMark.exe[2576] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076b314bb 2 bytes [B3, 76]
.text ... * 2
.text C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe[2848] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe[2848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b31465 2 bytes [B3, 76]
.text C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe[2848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b314bb 2 bytes [B3, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2876] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[2396] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b31465 2 bytes [B3, 76]
.text C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b314bb 2 bytes [B3, 76]
.text ... * 2
.text C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe[3368] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b31465 2 bytes [B3, 76]
.text C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b314bb 2 bytes [B3, 76]
.text ... * 2
.text C:\Users\Acer\AppData\Local\fst_de_139\upfst_de_139.exe[3848] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\Users\Acer\AppData\Local\fst_de_139\upfst_de_139.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b31465 2 bytes [B3, 76]
.text C:\Users\Acer\AppData\Local\fst_de_139\upfst_de_139.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b314bb 2 bytes [B3, 76]
.text ... * 2
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3512] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62]
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3676] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4024] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[4048] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4168] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4236] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000771d8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4236] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\Program Files (x86)\PDF24\pdf24.exe[4368] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\Program Files (x86)\ToggleMark\bin\ToggleMark.BRT.Helper.exe[4400] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\Program Files (x86)\ToggleMark\bin\ToggleMark.BRT.Helper.exe[4400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076b31465 2 bytes [B3, 76]
.text C:\Program Files (x86)\ToggleMark\bin\ToggleMark.BRT.Helper.exe[4400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076b314bb 2 bytes [B3, 76]
.text ... * 2
.text C:\Program Files (x86)\fst_de_139\fst_de_139.exe[4488] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4700] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62]
.text C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076b31465 2 bytes [B3, 76]
.text C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000076b314bb 2 bytes [B3, 76]
.text ... * 2
.text C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe[4912] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[4408] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2920] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077813b10 6 bytes {NOP ; JMP 0xffffffff889ecc4c}
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077817ac0 6 bytes {NOP ; JMP 0xffffffff889e88e4}
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007762ef8d 1 byte [62]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[616] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b31465 2 bytes [B3, 76]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b314bb 2 bytes [B3, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[8080] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a0c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[8080] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a11287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[8080] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[8080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b31465 2 bytes [B3, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[8080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b314bb 2 bytes [B3, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11116] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a0c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11116] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a11287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11116] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b31465 2 bytes [B3, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b314bb 2 bytes [B3, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11148] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a0c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11148] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a11287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11148] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b31465 2 bytes [B3, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b314bb 2 bytes [B3, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1420] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a0c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1420] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a11287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1420] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b31465 2 bytes [B3, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b314bb 2 bytes [B3, 76]
.text ... * 2
.text C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KMEIB7Q\Gmer-19357.exe[7548] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771fa2fd 1 byte [62]
---- Processes - GMER 2.1 ----
Process C:\ProgramData\IePluginServices\PluginService.exe (*** suspicious ***) @ C:\ProgramData\IePluginServices\PluginService.exe [1656] (IePlugin Service/Cherished Technololgy LIMITED)(2014-08-16 18:24:34) 00000000010b0000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [4896](2014-07-30 00:20:20) 0000000004090000
Library c:\users\acer\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpizqgob.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [4896](2014-08-31 10:28:08) 00000000044e0000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [4896](2013-08-23 19:01:44) 0000000063870000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [4896] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 00000000651b0000
Process C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KMEIB7Q\Gmer-19357.exe (*** suspicious ***) @ C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KMEIB7Q\Gmer-19357.exe [7548](2014-08-31 11:04:58) 0000000000400000
---- EOF - GMER 2.1 ----
|
|
31.08.2014, 13:34
| #2 |
| /// the machine /// TB-Ausbilder    |  Virus-Attacke vor Bachelor-Verteidigung! hi,
__________________Adware & Co. deinstallieren
Scan mit Combofix
__________________ |
|
31.08.2014, 16:31
| #3 |
| |  Virus-Attacke vor Bachelor-Verteidigung! Hallo Schreiber,
__________________danke dass du mir so schnell geantwortet hast. Anbei die gewünschte log-Datei! Code:
ATTFilter ComboFix 14-08-31.01 - Acer 31.08.2014 17:02:05.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3764.2201 [GMT 2:00]
ausgeführt von:: c:\users\Acer\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome.manifest
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\1e89c45c1108700f162b469471ed9f0c.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\309c3a4ae8cc4c972ce6ea701b5118a0.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\457b78235608c2e3b85d5d310dce94f6.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\54e4d53679f9269669f4be91c278f3ba.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\714c13d6c2d2775844af893a8904712e.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\904321a364222562a9fcdc78a7390367.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\api\0cb10e1c78d04c5f5c087603095aae19.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\api\15a7d4c44ea4f7ec7dd5dec6c9411a54.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\api\2f81515a1c1fd0596b322fbaa4a62ab2.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\api\397150062765da0bc0801b2ad27c22f2.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\api\6f43007b5a6b32150e456eebb59a0412.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\api\7427c71c6d8b1539ce6d8942e83064da.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\api\81f429afa70938e51f5f9ce082d44fba.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\api\8c1bf3a88b6f47bbcfabe0b82940590c.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\api\8d0160b184a292b488f823f2aebb3d6e.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\api\8f6031d191fcba396c9251619af518a8.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\api\9184588fad5b8fe035dea47365c1d3b3.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\api\962b55b08d88d44d1e0ae1e0cd9eb368.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\api\a7fa8d6a7059cf10d1783e9a2293e84f.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\api\ae092c05ab85bcaf7420975fc92d16b6.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\api\c11566a5a4c1373ea8e22e3010aa79d1.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\api\dd63a532cfb57bf8634ec10d0c47d784.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\background.html
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\browser.xul
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\core\032cbfdf48610909988c6c4d520edc28.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\core\0bf712bc06d04e30ee933d63d05c0243.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\core\21e1c6ab53c7be192324e00ad8ea5436.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\core\2ad1d7c95c952e49d9263aab3aaec424.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\core\3d36d78a54e3734772756904dbdef9d3.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\core\43d7643b43947abaf1fca820390027e5.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\core\457d0fa0c633a49d91513ae8734aa894.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\core\46005e1a619a427308fe3008261730a4.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\core\4cf2d2d98a5dafd31fad4dd7dd34fb5f.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\core\6ffb4a9f71505d2d9755cb46b901a173.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\core\7a3741a5f1524f53ace04e73711dc7bc.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\core\83706c1dccff920b6ec7c7761a290311.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\core\8f8f3a5ba7af11c3a890a2005bf73d09.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\core\a9953ba8b74fa07dfd4f52751bc51677.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\core\be072f31b4136d2b5c241438046ccb9c.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\core\c02e664e7000cca858bc13e255913a1d.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\core\df262e2e73ef9f95bc0c54e566430d8a.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\core\e4d9ce28ad7743e131ffed7d02e3982f.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\core\eb55e1231106c5247b80d7aa348143f9.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\core\f4b7d3336a04cdedb7a3f52ad6e640b9.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\core\installer.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\dialog.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\ffCoreFilesIndex.txt
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\options.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\options.xul
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\chrome\content\search_dialog.xul
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\defaults\preferences\prefs.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\manifest.xml
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins.json
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\102.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\104.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\13.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\14.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\16.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\17.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\180.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\184.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\190.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\191.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\192.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\195.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\220.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\221.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\223.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\226.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\233.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\242.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\246.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\260.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\262.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\263.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\268.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\273.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\275.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\281.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\289.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\300.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\4.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\47.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\64.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\7.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\78.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\9.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\91.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\plugins\93.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\userCode\background.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\extensionData\userCode\extension.js
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\install.rdf
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\locale\en-US\translations.dtd
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\skin\button1.png
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\skin\button2.png
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\skin\button3.png
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\skin\button4.png
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\skin\button5.png
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\skin\crossrider_statusbar.png
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\skin\icon128.png
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\skin\icon16.png
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\skin\icon24.png
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\skin\icon48.png
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\skin\panelarrow-up.png
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\skin\popup.html
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\skin\skin.css
c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\extensions\herman.thorne45@outlook.com\skin\update.css
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-07-28 bis 2014-08-31 ))))))))))))))))))))))))))))))
.
.
2074-05-07 16:38 . 2006-11-21 18:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2014-08-31 15:07 . 2014-08-31 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-31 15:07 . 2014-08-31 15:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-08-31 13:35 . 2014-08-31 13:35 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-08-31 11:00 . 2014-08-31 11:02 -------- d-----w- C:\FRST
2014-08-30 08:17 . 2014-08-30 08:18 -------- d-----w- c:\users\Acer\AppData\Roaming\BRT
2014-08-29 06:22 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{007997E7-F75A-4446-A36A-1FA5994CA5FB}\mpengine.dll
2014-08-28 06:06 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 06:06 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-28 06:06 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-24 06:32 . 2014-08-24 08:30 -------- d-----w- c:\users\Acer\AppData\Local\Microsoft Games
2014-08-23 11:15 . 2014-08-16 21:49 61120 ----a-w- c:\windows\system32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys
2014-08-23 10:13 . 2014-08-28 06:09 -------- d-----w- c:\program files (x86)\ToggleMark
2014-08-23 10:13 . 2014-08-23 10:13 -------- d-----w- c:\users\Acer\AppData\Local\SearchProtect
2014-08-21 06:55 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-21 06:55 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-21 06:55 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-21 06:55 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-21 06:54 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-21 06:54 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-21 06:54 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-21 06:54 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-21 06:54 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-21 06:54 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-21 06:54 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-21 06:54 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-21 06:54 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-21 06:54 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-16 18:24 . 2014-08-16 18:24 -------- d-----w- c:\programdata\IePluginServices
2014-08-16 18:24 . 2014-08-16 18:24 -------- d-----w- c:\program files (x86)\SupTab
2014-08-16 18:24 . 2014-08-16 18:24 -------- d-----w- c:\programdata\WindowsMangerProtect
2014-08-16 18:23 . 2014-08-16 18:23 -------- d-----w- c:\users\Acer\AppData\Roaming\VOPackage
2014-08-16 18:23 . 2014-08-16 18:23 -------- d-----w- c:\users\Acer\AppData\Local\globalUpdate
2014-08-16 18:23 . 2014-08-16 18:23 -------- d-----w- c:\program files (x86)\globalUpdate
2014-08-16 18:23 . 2014-08-31 13:51 -------- d-----w- c:\program files (x86)\Uniblue
2014-08-16 18:23 . 2014-08-16 18:23 -------- d-----w- c:\users\Acer\AppData\Roaming\Uniblue
2014-08-16 18:23 . 2014-08-21 17:47 -------- d-----w- c:\program files (x86)\Browsers Apps
2014-08-16 18:23 . 2014-08-16 18:23 -------- d-----w- c:\users\Acer\AppData\Roaming\istartsurf
2014-08-16 18:23 . 2014-08-31 13:33 -------- d-----w- c:\users\Acer\AppData\Local\fst_de_139
2014-08-16 18:23 . 2014-08-16 18:23 -------- d-----w- c:\program files (x86)\fst_de_139
2014-08-15 08:14 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-15 08:14 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-15 08:14 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-15 08:14 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-15 08:14 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-15 08:14 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-15 08:13 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-15 08:13 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 04:49 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-09 10:21 . 2014-08-09 10:21 -------- d-----w- c:\program files (x86)\ZDATA2
2014-08-05 21:03 . 2014-08-05 21:03 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-05 21:03 . 2014-08-05 21:03 43152 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-15 08:18 . 2014-01-24 07:49 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-15 06:04 . 2014-08-15 06:04 232896 ----a-w- c:\windows\apppatch\AppPatch64\SPVCLdr64.dll
2014-08-05 21:03 . 2014-02-09 13:21 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-05 21:03 . 2014-02-09 13:21 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-08-05 21:03 . 2014-02-09 13:21 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-05 21:03 . 2014-02-09 13:21 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-05 21:03 . 2014-02-09 13:21 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-08-05 21:03 . 2014-02-09 13:21 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-05 21:03 . 2014-02-09 13:21 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-05 21:03 . 2014-02-09 13:21 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-05 07:20 . 2014-01-24 07:42 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-08 19:29 . 2014-02-09 13:59 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 19:29 . 2014-02-09 13:59 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-18 02:18 . 2014-07-09 06:56 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 06:56 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-09 06:56 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 06:56 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 06:55 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 06:55 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 06:55 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-08-16 18:24 507904 ----a-w- c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{dc59a866-959c-4638-a191-c13177d0bd68}]
2014-08-23 08:44 250144 ----a-w- c:\program files (x86)\ToggleMark\ToggleMarkBHO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-02-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-13 336384]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-05 4085896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-02-06 189480]
"fst_de_139"="c:\program files (x86)\fst_de_139\fst_de_139.exe" [2014-08-14 3980744]
.
c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-30 36414496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginService.exe;c:\programdata\IePluginServices\PluginService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\farmntio.sys;c:\windows\SYSNATIVE\drivers\farmntio.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SPPD;SPPD;c:\windows\system32\drivers\SPPD.sys;c:\windows\SYSNATIVE\drivers\SPPD.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 {9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64;{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64;c:\windows\system32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys;c:\windows\SYSNATIVE\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Update ToggleMark;Update ToggleMark;c:\program files (x86)\ToggleMark\updateToggleMark.exe;c:\program files (x86)\ToggleMark\updateToggleMark.exe [x]
S2 Util ToggleMark;Util ToggleMark;c:\program files (x86)\ToggleMark\bin\utilToggleMark.exe;c:\program files (x86)\ToggleMark\bin\utilToggleMark.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-31 c:\windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-1.job
- c:\program files (x86)\Browsers Apps\Browsers Apps-codedownloader.exe [2014-08-16 18:24]
.
2014-08-31 c:\windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-11.job
- c:\program files (x86)\Browsers Apps\5a68d3d9-199d-44ef-8c83-1381a3dd6959-11.exe [2014-08-16 18:24]
.
2014-08-31 c:\windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-2.job
- c:\program files (x86)\Browsers Apps\5a68d3d9-199d-44ef-8c83-1381a3dd6959-2.exe [2014-08-16 18:24]
.
2014-08-31 c:\windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-3.job
- c:\program files (x86)\Browsers Apps\5a68d3d9-199d-44ef-8c83-1381a3dd6959-3.exe [2014-08-16 18:23]
.
2014-08-31 c:\windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-4.job
- c:\program files (x86)\Browsers Apps\5a68d3d9-199d-44ef-8c83-1381a3dd6959-4.exe [2014-08-16 18:24]
.
2014-08-31 c:\windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-5.job
- c:\program files (x86)\Browsers Apps\5a68d3d9-199d-44ef-8c83-1381a3dd6959-5.exe [2014-08-16 18:24]
.
2014-08-31 c:\windows\Tasks\5a68d3d9-199d-44ef-8c83-1381a3dd6959-5_user.job
- c:\program files (x86)\Browsers Apps\5a68d3d9-199d-44ef-8c83-1381a3dd6959-5.exe [2014-08-16 18:24]
.
2014-08-31 c:\windows\Tasks\9bb4abbc-f0f4-4bee-95d2-6af96119964c.job
- c:\program files (x86)\Browsers Apps\5a68d3d9-199d-44ef-8c83-1381a3dd6959-4.exe [2014-08-16 18:24]
.
2014-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-09 19:29]
.
2014-08-31 c:\windows\Tasks\f7a1f89a-506f-4193-938d-d7e90e4c7c76.job
- c:\program files (x86)\Browsers Apps\f7a1f89a-506f-4193-938d-d7e90e4c7c76.exe [2014-08-16 18:24]
.
2014-08-31 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2014-03-07 15:51]
.
2014-08-31 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-16 18:23]
.
2014-08-31 c:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-16 18:23]
.
2014-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-09 13:21]
.
2014-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-09 13:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-05 21:03 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-22 10081312]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-02-22 877600]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-02-05 324608]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=MBD78D631-DEA1-46C7-B527-5708ACD7C86F&SearchSource=55&CUI=&UM=2&UP=SP6BC68B77-E619-473C-85B7-D484BE855FF5&SSPV=
mDefault_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F&q={searchTerms}
mDefault_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F
mStart Page = hxxp://www.istartsurf.com/?type=hp&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F&q={searchTerms}
IE: &Citavi Picker... - file://c:\program files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\exk1qoof.default-1409481081161\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{11111111-1111-1111-1111-110611171187} - (no file)
AddRemove-SearchProtect - c:\progra~2\SearchProtect\Main\bin\uninstall.exe
AddRemove-{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1 - c:\program files (x86)\Uniblue\SpeedUpMyPC\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-08-31 17:09:07
ComboFix-quarantined-files.txt 2014-08-31 15:09
ComboFix2.txt 2014-08-31 13:58
.
Vor Suchlauf: 12 Verzeichnis(se), 450.328.969.216 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 450.030.739.456 Bytes frei
.
- - End Of File - - B0A4F30057397D56C2C1EC845FB98031
|
|
01.09.2014, 10:53
| #4 |
| /// the machine /// TB-Ausbilder | Virus-Attacke vor Bachelor-Verteidigung! Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Virus-Attacke vor Bachelor-Verteidigung! |
| 4d36e972-e325-11ce-bfc1-08002be10318, antivirus, branding, computer, cpu, device driver, entfernen, failed, fehlercode 0x5, fehlercode 0x80000003, fehlercode 0xc0000005, festplatte, flash player, help, home, iexplore.exe, internet, internet explorer, scan, security, svchost.exe, teredo, usb, vcredist |
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
WARNUNG an die MITLESER: 
Linear-Darstellung
