Win 7: Mozilla öffnet keine Seiten: Iminent-Adware/Virus/Toolbar
Hallo,
ich habe bei einer Installation nicht aufgepasst und mir die Adware Iminent und ich denke noch mehr eingefangen. Auf jeden Fall hatte ich danach die Toolbar und Startseite Iminent im Mozilla Firefox.
Ich habe dann Malwarebytes Antimalware laufen lassen und der hat auch einiges gefunden: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10.04.2014
Scan Time: 14:13:49
Logfile: malwarebytes 1.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.04.09.03
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Greg
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 244239
Time Elapsed: 59 min, 47 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssist.exe, 3140, Delete-on-Reboot, [390e6cbc631856e04a3b1f43bc46847c]
Modules: 0
(No malicious items detected)
Registry Keys: 46
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\CLASSES\APPID\{76A60138-58B3-4e27-85FB-8FEF344A8998}, Quarantined, [0641f830fb803501f326d638857d03fd],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{76A60138-58B3-4E27-85FB-8FEF344A8998}, Quarantined, [0641f830fb803501f326d638857d03fd],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\Rr Savings, Quarantined, [192e2602ff7c142235f469f85ba7f50b],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\suprasavings, Quarantined, [86c1a97f7506181e5f4f6003ab577888],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\Rr Savings, Quarantined, [ef585ccc4f2c4de99d8c8ed30ef4a957],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\SupraSavings, Quarantined, [c58250d8641748ee88a3e08127db19e7],
PUP.Optional.SupraSavings.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SECUREASSIST, Quarantined, [390e6cbc631856e04a3b1f43bc46847c],
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-571916134-4208678346-963886956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupraSavings, Quarantined, [c7801b0d790256e03d725c07d131c33d],
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-571916134-4208678346-963886956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, Quarantined, [7fc840e82f4cd363e6aee67caf53936d],
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-571916134-4208678346-963886956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings, Quarantined, [a7a008209fdca294228e451ed929db25],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{039D611A-7085-4E78-99E1-1BC6F49314C1}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{37A2ED38-A271-4338-92F0-2597C63AB0D6}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F54B9ED-DBB6-4AC2-9136-9598304A4088}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{60EEBE82-A0B9-4D4B-A227-ECF69CE21BB5}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{70215BB2-D45B-4D40-A467-32AF0FF8036F}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{820B6267-576D-4A2D-94C4-980D227A0C4E}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EF718B4-A84D-4E46-B365-7DF81E4CF73E}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C1F5E799-B218-4C32-B189-3C389BA140BB}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E8D63DD4-ACE0-47F1-836C-69E60B5366FD}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F60C9408-3110-4C98-A139-ABE1EE1111DD}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{039D611A-7085-4E78-99E1-1BC6F49314C1}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{37A2ED38-A271-4338-92F0-2597C63AB0D6}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3F54B9ED-DBB6-4AC2-9136-9598304A4088}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{60EEBE82-A0B9-4D4B-A227-ECF69CE21BB5}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{70215BB2-D45B-4D40-A467-32AF0FF8036F}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{820B6267-576D-4A2D-94C4-980D227A0C4E}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EF718B4-A84D-4E46-B365-7DF81E4CF73E}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C1F5E799-B218-4C32-B189-3C389BA140BB}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E8D63DD4-ACE0-47F1-836C-69E60B5366FD}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F60C9408-3110-4C98-A139-ABE1EE1111DD}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
Registry Values: 1
PUP.Optional.SupraSavings.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SECUREASSIST|ImagePath, C:\Program Files\SupraSavings\SecureAssist.exe, Quarantined, [390e6cbc631856e04a3b1f43bc46847c]
Registry Data: 0
(No malicious items detected)
Folders: 2
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings, Delete-on-Reboot, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings, Quarantined, [e067d454057642f4b392035c60a28f71],
Files: 38
PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, Quarantined, [63e4c06847349a9c1b58dd6006fa07f9],
PUP.Optional.SupraSavings.A, C:\temp\t.msi, Quarantined, [d96eda4e78034de96bc6709f7f857f81],
PUP.Optional.AdPeak.A, C:\Windows\SysWOW64\SecureAssist.dll, Delete-on-Reboot, [59eec66295e6c5714f24b88541bfb749],
PUP.Optional.Iminent.A, C:\Users\Greg\AppData\Local\Temp\n3155\Iminent_1712-b2fcad5e.exe, Quarantined, [5deac0681c5fbf777ab0f14cbf420df3],
PUP.Optional.Rapiddown, C:\Users\Greg\AppData\Local\Temp\n3155\s3155.exe, Quarantined, [c0875fc98deefa3ca3f624366e937789],
PUP.Optional.AdPeak.A, C:\Windows\Installer\10319f.msi, Quarantined, [48ff48e00c6fa78f9fd43607b54b1be5],
PUP.Optional.SupraSavings.A, C:\Windows\Installer\ecdaf.msi, Quarantined, [5ceb8d9bf08b8da951e0d73820e49d63],
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssist.exe, Delete-on-Reboot, [390e6cbc631856e04a3b1f43bc46847c],
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\Installbat.dll, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\Installbat64.dll, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\InstallDLL.dll, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\InstallDLL64.dll, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\Microsoft.Deployment.WindowsInstaller.dll, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\Microsoft.Deployment.WindowsInstaller.xml, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\PCProxyDLL64.dll, Delete-on-Reboot, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssist.dll, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssist.tlb, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssist64.dll, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssistLSP.exe, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssistLSP.ini, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssistLSP64.exe, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\uninstaller.exe, Quarantined, [9cab9791df9ca5915ce9055a72907b85],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\2rs3.dll, Quarantined, [e067d454057642f4b392035c60a28f71],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\background.js, Quarantined, [e067d454057642f4b392035c60a28f71],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\CustomActionInstall, Quarantined, [e067d454057642f4b392035c60a28f71],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\CustomActionUninstall, Quarantined, [e067d454057642f4b392035c60a28f71],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon128.png, Quarantined, [e067d454057642f4b392035c60a28f71],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon16.png, Quarantined, [e067d454057642f4b392035c60a28f71],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon32.png, Quarantined, [e067d454057642f4b392035c60a28f71],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon48.png, Quarantined, [e067d454057642f4b392035c60a28f71],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon64.png, Quarantined, [e067d454057642f4b392035c60a28f71],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon8.png, Quarantined, [e067d454057642f4b392035c60a28f71],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\iwalyk.js, Quarantined, [e067d454057642f4b392035c60a28f71],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\manifest.json, Quarantined, [e067d454057642f4b392035c60a28f71],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\marcopolo.js, Quarantined, [e067d454057642f4b392035c60a28f71],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\Microsoft.Deployment.WindowsInstaller.dll, Quarantined, [e067d454057642f4b392035c60a28f71],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\Microsoft.Deployment.WindowsInstaller.xml, Quarantined, [e067d454057642f4b392035c60a28f71],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\SendJson.dll, Quarantined, [e067d454057642f4b392035c60a28f71],
Physical Sectors: 0
(No malicious items detected)
(end)
Im zweiten Scan wurde dann nichts mehr gefunden: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10.04.2014
Scan Time: 14:39:26
Logfile: malwarebytes 2.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.04.09.03
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Greg
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 244081
Time Elapsed: 11 min, 50 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Wollte den ESET-Scanner laufen lassen, aber der sagt mir: Update hat nicht funktioniert, Proxy? (habe keinen Proxy) Ich habe dann Firefox deinstalliert (mit Revo Uninstaller) und neu installiert. Seit dem kann ich keine Website mehr öffnen. Ganz kurz versucht Firefox zu verbinden, dann tut sich nichts mehr und die Seite bleibt leer.
Hier also meine Logfiles:
FRST.txt: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by Greg (administrator) on ZENBOOKG on 10-04-2014 16:34:04
Running from C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DOT3Q6KK
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG2014\avgwdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
() C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
() C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
() C:\Program Files\003\xmkysecqun64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems, Inc.) C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe
(Dropbox, Inc.) C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Windows\AsScrPro.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG2014\avgui.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Sphinx Software) C:\Program Files\Windows8FirewallControl\Windows8FirewallControl.exe
(Sphinx Software) C:\Program Files\Windows8FirewallControl\Windows8FirewallService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F6L2U10S\Defogger.exe
() C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MousewithoutBordersHelper.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2661672 2012-02-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12460136 2012-03-29] (Realtek Semiconductor)
HKLM\...\Run: [BLEServicesCtrl] - C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11407120 2012-03-27] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows8FirewallControl] - C:\Program Files\Windows8FirewallControl\Windows8FirewallControl.exe [1205248 2013-09-30] (Sphinx Software)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-03] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3058304 2012-09-18] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UIExec] - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe [153424 2012-01-17] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-571916134-4208678346-963886956-1000\...\Run: [AdobeBridge] - C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe [20761960 2012-03-13] (Adobe Systems, Inc.)
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://watch.nba.com/nba/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Adobe\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Adobe\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\system32\SecureAssist.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\SecureAssist.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\SecureAssist.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\SecureAssist.dll File Not found ()
Winsock: Catalog9 16 C:\Windows\system32\SecureAssist.dll File Not found ()
Winsock: Catalog9-x64 01 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 02 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 03 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 04 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 16 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\luzyy51h.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
==================== Services (Whitelisted) =================
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 DptfParticipantProcessorService; C:\Windows\SysWOW64\DptfParticipantProcessorService.exe [18944 2012-02-20] ()
R2 DptfPolicyConfigTDPService; C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe [19968 2012-02-20] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-04-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S2 MouseWithoutBordersSvc; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [27872 2012-12-28] (Microsoft)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
S3 RMWPService; C:\Program Files (x86)\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe [20537 2004-01-28] (Apache Software Foundation)
S2 SkypeUpdate; C:\Program Files (x86)\Adobe\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [728328 2014-03-31] (DEVGURU Co., LTD.)
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [270672 2012-01-17] ()
R2 Windows8FirewallService; C:\Program Files\Windows8FirewallControl\Windows8FirewallService.exe [3806720 2013-09-30] (Sphinx Software)
R2 xmkysecqun64; C:\Program Files\003\xmkysecqun64.exe [706560 2014-04-09] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R0 assd; C:\Windows\System32\Drivers\assd.sys [27056 2011-10-29] (ASUS Corporation)
S3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2011-12-21] (Windows (R) Win 7 DDK provider)
S3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2011-11-08] (Windows (R) Win 7 DDK provider)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [110592 2012-04-05] (ASIX Electronics Corp.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 DptfDevDram; C:\Windows\System32\DRIVERS\DptfDevDram.sys [107288 2012-02-20] (Intel Corporation)
R3 DptfDevFan; C:\Windows\System32\DRIVERS\DptfDevFan.sys [42776 2012-02-20] (Intel Corporation)
R3 DptfDevGen; C:\Windows\System32\DRIVERS\DptfDevGen.sys [64792 2012-02-20] (Intel Corporation)
R3 DptfDevPch; C:\Windows\System32\DRIVERS\DptfDevPch.sys [96024 2012-02-20] (Intel Corporation)
R3 DptfDevProc; C:\Windows\System32\DRIVERS\DptfDevProc.sys [220952 2012-02-20] (Intel Corporation)
R3 DptfManager; C:\Windows\System32\DRIVERS\DptfManager.sys [357656 2012-02-20] (Intel Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-25] (DT Soft Ltd)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-04-10] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2014-04-04] (hxxp://libusb-win32.sourceforge.net)
S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2014-04-04] (hxxp://libusb-win32.sourceforge.net)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U3 DfSdkS;
S3 DIRECTIO; \??\c:\BIT_TEMP\DirectIo.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-10 16:33 - 2014-04-10 16:34 - 00000000 ____D () C:\FRST
2014-04-10 16:32 - 2014-04-10 16:32 - 00000540 _____ () C:\Users\Greg\Desktop\defogger_disable.log
2014-04-10 16:32 - 2014-04-10 16:32 - 00000168 _____ () C:\Users\Greg\defogger_reenable
2014-04-10 16:26 - 2014-04-10 16:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-10 16:17 - 2014-04-10 16:17 - 00000000 ____D () C:\Program Files\Windows8FirewallControl
2014-04-10 14:56 - 2014-04-10 14:56 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-10 14:50 - 2014-04-10 14:50 - 00000000 ____D () C:\Windows\ERUNT
2014-04-10 13:13 - 2014-04-10 14:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 13:13 - 2014-04-10 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 13:13 - 2014-04-10 13:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-10 13:13 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-10 13:13 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-10 13:13 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-10 13:12 - 2014-04-10 13:13 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Greg\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-10 13:11 - 2014-04-10 13:11 - 00613200 _____ (Chip Digital GmbH) C:\Users\Greg\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-04-10 12:59 - 2014-04-10 14:45 - 00000000 ____D () C:\AdwCleaner
2014-04-10 12:58 - 2014-04-10 12:58 - 01426178 _____ () C:\Users\Greg\Downloads\adwcleaner.exe
2014-04-10 12:16 - 2014-04-10 12:16 - 00000000 ___HD () C:\$AVG
2014-04-10 12:16 - 2014-04-10 12:16 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\TuneUp Software
2014-04-10 12:16 - 2014-04-10 12:16 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\AVG2014
2014-04-10 12:16 - 2014-04-10 12:16 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-10 12:15 - 2014-04-10 12:28 - 00000000 ____D () C:\Program Files (x86)\AVG2014
2014-04-10 12:13 - 2014-04-10 12:31 - 00000000 ____D () C:\Users\Greg\AppData\Local\Avg2014
2014-04-10 12:13 - 2014-04-10 12:29 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-10 12:13 - 2014-04-10 12:13 - 00000000 ____D () C:\Users\Greg\AppData\Local\MFAData
2014-04-10 12:03 - 2014-04-10 12:03 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Auslogics
2014-04-09 00:12 - 2014-04-09 00:12 - 00000000 ____D () C:\Program Files (x86)\zebNet® Thunderbird Backup 2012
2014-04-09 00:12 - 2012-02-22 00:12 - 00069632 _____ (S.A.Dittrich) C:\Windows\SysWOW64\cXPIBrowser.ocx
2014-04-09 00:12 - 2011-12-07 21:38 - 00126976 ____N (S.A.Dittrich) C:\Windows\SysWOW64\cXPINET.ocx
2014-04-09 00:12 - 2011-09-25 23:24 - 00061440 ____N (ASX) C:\Windows\SysWOW64\cXPIInternet.ocx
2014-04-09 00:12 - 2011-09-25 23:22 - 00196608 ____N (ASX) C:\Windows\SysWOW64\CXPICOMCTL.OCX
2014-04-09 00:12 - 2005-04-15 20:58 - 01351392 ____N (Microsoft Corporation) C:\Windows\SysWOW64\COMCTL32.OCX
2014-04-09 00:07 - 2014-03-12 16:00 - 00338120 _____ (SecureAssist) C:\Windows\system32\SecureAssist64.dll
2014-04-09 00:05 - 2014-04-09 00:05 - 00000000 ____D () C:\Program Files\003
2014-04-09 00:02 - 2014-04-10 00:12 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\zebNet
2014-04-08 23:59 - 2014-04-09 00:12 - 00000000 ____D () C:\ProgramData\InstallMate
2014-04-08 23:59 - 2014-04-08 23:59 - 00001162 _____ () C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\zebNet® Backup for Thunderbird® TNG.lnk
2014-04-08 23:59 - 2014-04-08 23:59 - 00000000 ____D () C:\ProgramData\zebNet
2014-04-08 23:59 - 2014-04-08 23:59 - 00000000 ____D () C:\Program Files\zebNet
2014-04-08 23:55 - 2014-04-08 23:55 - 00000000 ____D () C:\Program Files (x86)\MozBackup
2014-04-08 23:55 - 2014-04-08 16:05 - 00000830 _____ () C:\Users\Greg\Documents\indexfile.txt
2014-04-05 00:31 - 2014-03-31 06:49 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-04-05 00:31 - 2014-03-31 06:48 - 00188232 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadmdm.sys
2014-04-05 00:31 - 2014-03-31 06:48 - 00169288 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadbus.sys
2014-04-05 00:31 - 2014-03-31 06:48 - 00158024 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadserd.sys
2014-04-05 00:31 - 2014-03-31 06:48 - 00021320 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadmdfl.sys
2014-04-05 00:31 - 2014-03-31 06:48 - 00017736 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadwhnt.sys
2014-04-05 00:31 - 2014-03-31 06:48 - 00017736 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadwh.sys
2014-04-05 00:31 - 2014-03-31 06:48 - 00017224 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadcmnt.sys
2014-04-05 00:31 - 2014-03-31 06:48 - 00017224 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadcm.sys
2014-04-05 00:29 - 2014-04-05 00:29 - 00000000 ____D () C:\Users\Greg\.android
2014-04-04 23:07 - 2014-04-04 23:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-04-04 23:03 - 2014-03-31 06:49 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-04-04 23:03 - 2014-03-31 06:49 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-04-04 23:03 - 2014-03-31 06:49 - 00109056 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-04-04 22:07 - 2014-04-10 14:17 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-04-04 22:07 - 2014-04-04 22:42 - 00000000 ____D () C:\usb_driver
2014-04-04 22:07 - 2014-04-04 22:31 - 00067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2014-04-04 22:07 - 2014-04-04 22:31 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2014-04-04 22:07 - 2014-04-04 22:19 - 00238176 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusbK.dll
2014-04-04 22:07 - 2014-04-04 22:19 - 00170080 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusbK.dll
2014-04-04 22:07 - 2014-04-04 22:19 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2014-04-04 22:07 - 2014-04-04 22:19 - 00047200 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusbK.sys
2014-04-04 22:07 - 2014-04-04 22:07 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2014-04-04 22:07 - 2014-04-04 22:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-04-04 21:55 - 2014-04-04 21:55 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-04-04 21:54 - 2014-04-04 21:54 - 00000000 ____D () C:\ProgramData\Samsung
2014-04-04 21:26 - 2014-04-04 21:26 - 00000000 ____D () C:\Users\Greg\AppData\Local\Downloaded Installations
2014-04-04 21:18 - 2014-04-04 21:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-26 22:30 - 2013-11-20 11:26 - 55279480 _____ () C:\Users\Greg\Desktop\gardaseetour 002.tif
2014-03-25 21:52 - 2014-03-25 21:52 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\MPC-HC
2014-03-25 21:51 - 2014-03-25 21:51 - 00000000 ____D () C:\Program Files (x86)\Combined Community Codec Pack
2014-03-22 11:13 - 2014-03-23 14:28 - 00000000 ____D () C:\Users\Greg\Desktop\pIKKß
2014-03-21 12:27 - 2014-04-09 00:07 - 00005552 _____ () C:\Windows\system32\SecureAssist.ini
2014-03-21 12:27 - 2014-04-09 00:07 - 00002504 _____ () C:\Windows\SysWOW64\SecureAssistOff.ini
2014-03-21 12:27 - 2014-04-09 00:07 - 00002504 _____ () C:\Windows\system32\SecureAssistOff.ini
2014-03-21 12:27 - 2014-03-21 12:27 - 00005696 _____ () C:\Windows\SysWOW64\SecureAssist.ini
2014-03-21 11:46 - 2014-03-21 11:46 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-03-14 16:52 - 2014-04-10 16:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-14 16:52 - 2014-03-14 16:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-13 20:43 - 2014-03-13 20:43 - 00000000 ____D () C:\Users\Greg\AppData\Local\gtk-2.0
2014-03-13 20:42 - 2014-03-13 20:45 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\banshee-1
2014-03-13 20:42 - 2014-03-13 20:42 - 00000000 ____D () C:\Users\Greg\Documents\.cache
2014-03-13 20:34 - 2014-03-13 20:34 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\MusicBrainz
2014-03-13 20:34 - 2014-03-13 20:34 - 00000000 ____D () C:\Users\Greg\AppData\Local\cache
==================== One Month Modified Files and Folders =======
2014-04-10 16:34 - 2014-04-10 16:33 - 00000000 ____D () C:\FRST
2014-04-10 16:32 - 2014-04-10 16:32 - 00000540 _____ () C:\Users\Greg\Desktop\defogger_disable.log
2014-04-10 16:32 - 2014-04-10 16:32 - 00000168 _____ () C:\Users\Greg\defogger_reenable
2014-04-10 16:32 - 2013-02-11 05:56 - 00000000 ____D () C:\Users\Greg
2014-04-10 16:26 - 2014-04-10 16:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-10 16:26 - 2013-02-11 11:58 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Mozilla
2014-04-10 16:26 - 2013-02-11 11:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-10 16:20 - 2009-07-14 07:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-10 16:19 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 16:19 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 16:17 - 2014-04-10 16:17 - 00000000 ____D () C:\Program Files\Windows8FirewallControl
2014-04-10 16:15 - 2012-09-18 00:11 - 01402701 _____ () C:\Windows\WindowsUpdate.log
2014-04-10 16:13 - 2013-07-13 10:10 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Dropbox
2014-04-10 16:13 - 2012-09-18 00:14 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-04-10 16:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-10 16:11 - 2009-07-14 06:51 - 00129801 _____ () C:\Windows\setupact.log
2014-04-10 16:03 - 2014-03-14 16:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-10 14:56 - 2014-04-10 14:56 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-10 14:50 - 2014-04-10 14:50 - 00000000 ____D () C:\Windows\ERUNT
2014-04-10 14:45 - 2014-04-10 12:59 - 00000000 ____D () C:\AdwCleaner
2014-04-10 14:27 - 2014-04-10 13:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 14:17 - 2014-04-04 22:07 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-04-10 14:17 - 2011-08-28 10:59 - 00495880 _____ () C:\Windows\PFRO.log
2014-04-10 13:13 - 2014-04-10 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 13:13 - 2014-04-10 13:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-10 13:13 - 2014-04-10 13:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Greg\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-10 13:11 - 2014-04-10 13:11 - 00613200 _____ (Chip Digital GmbH) C:\Users\Greg\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-04-10 13:10 - 2013-02-14 14:06 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\vlc
2014-04-10 13:03 - 2014-01-25 17:09 - 00000000 ___RD () C:\Users\Greg\Dropbox
2014-04-10 12:58 - 2014-04-10 12:58 - 01426178 _____ () C:\Users\Greg\Downloads\adwcleaner.exe
2014-04-10 12:31 - 2014-04-10 12:13 - 00000000 ____D () C:\Users\Greg\AppData\Local\Avg2014
2014-04-10 12:29 - 2014-04-10 12:13 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-10 12:28 - 2014-04-10 12:15 - 00000000 ____D () C:\Program Files (x86)\AVG2014
2014-04-10 12:16 - 2014-04-10 12:16 - 00000000 ___HD () C:\$AVG
2014-04-10 12:16 - 2014-04-10 12:16 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\TuneUp Software
2014-04-10 12:16 - 2014-04-10 12:16 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\AVG2014
2014-04-10 12:16 - 2014-04-10 12:16 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-10 12:13 - 2014-04-10 12:13 - 00000000 ____D () C:\Users\Greg\AppData\Local\MFAData
2014-04-10 12:07 - 2013-03-22 22:20 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Auslogics
2014-04-10 12:03 - 2014-04-10 12:03 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Auslogics
2014-04-10 00:15 - 2013-02-14 15:39 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Thunderbird
2014-04-10 00:12 - 2014-04-09 00:02 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\zebNet
2014-04-09 00:12 - 2014-04-09 00:12 - 00000000 ____D () C:\Program Files (x86)\zebNet® Thunderbird Backup 2012
2014-04-09 00:12 - 2014-04-08 23:59 - 00000000 ____D () C:\ProgramData\InstallMate
2014-04-09 00:07 - 2014-03-21 12:27 - 00005552 _____ () C:\Windows\system32\SecureAssist.ini
2014-04-09 00:07 - 2014-03-21 12:27 - 00002504 _____ () C:\Windows\SysWOW64\SecureAssistOff.ini
2014-04-09 00:07 - 2014-03-21 12:27 - 00002504 _____ () C:\Windows\system32\SecureAssistOff.ini
2014-04-09 00:05 - 2014-04-09 00:05 - 00000000 ____D () C:\Program Files\003
2014-04-09 00:00 - 2013-02-14 15:39 - 00000000 ____D () C:\Users\Greg\AppData\Local\Thunderbird
2014-04-09 00:00 - 2013-02-14 15:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-08 23:59 - 2014-04-08 23:59 - 00001162 _____ () C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\zebNet® Backup for Thunderbird® TNG.lnk
2014-04-08 23:59 - 2014-04-08 23:59 - 00000000 ____D () C:\ProgramData\zebNet
2014-04-08 23:59 - 2014-04-08 23:59 - 00000000 ____D () C:\Program Files\zebNet
2014-04-08 23:55 - 2014-04-08 23:55 - 00000000 ____D () C:\Program Files (x86)\MozBackup
2014-04-08 18:51 - 2012-09-18 00:14 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-04-08 16:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-08 16:05 - 2014-04-08 23:55 - 00000830 _____ () C:\Users\Greg\Documents\indexfile.txt
2014-04-05 00:29 - 2014-04-05 00:29 - 00000000 ____D () C:\Users\Greg\.android
2014-04-04 23:07 - 2014-04-04 23:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-04-04 22:42 - 2014-04-04 22:07 - 00000000 ____D () C:\usb_driver
2014-04-04 22:31 - 2014-04-04 22:07 - 00067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2014-04-04 22:31 - 2014-04-04 22:07 - 00052320 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2014-04-04 22:19 - 2014-04-04 22:07 - 00238176 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusbK.dll
2014-04-04 22:19 - 2014-04-04 22:07 - 00170080 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusbK.dll
2014-04-04 22:19 - 2014-04-04 22:07 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2014-04-04 22:19 - 2014-04-04 22:07 - 00047200 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusbK.sys
2014-04-04 22:07 - 2014-04-04 22:07 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2014-04-04 22:07 - 2014-04-04 22:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-04-04 22:07 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-04 21:55 - 2014-04-04 21:55 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-04-04 21:54 - 2014-04-04 21:54 - 00000000 ____D () C:\ProgramData\Samsung
2014-04-04 21:26 - 2014-04-04 21:26 - 00000000 ____D () C:\Users\Greg\AppData\Local\Downloaded Installations
2014-04-04 21:18 - 2014-04-04 21:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-03 09:51 - 2014-04-10 13:13 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-10 13:13 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-10 13:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 06:49 - 2014-04-05 00:31 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-03-31 06:49 - 2014-04-04 23:03 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-03-31 06:49 - 2014-04-04 23:03 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-03-31 06:49 - 2014-04-04 23:03 - 00109056 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-03-31 06:48 - 2014-04-05 00:31 - 00188232 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadmdm.sys
2014-03-31 06:48 - 2014-04-05 00:31 - 00169288 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadbus.sys
2014-03-31 06:48 - 2014-04-05 00:31 - 00158024 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadserd.sys
2014-03-31 06:48 - 2014-04-05 00:31 - 00021320 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadmdfl.sys
2014-03-31 06:48 - 2014-04-05 00:31 - 00017736 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadwhnt.sys
2014-03-31 06:48 - 2014-04-05 00:31 - 00017736 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadwh.sys
2014-03-31 06:48 - 2014-04-05 00:31 - 00017224 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadcmnt.sys
2014-03-31 06:48 - 2014-04-05 00:31 - 00017224 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadcm.sys
2014-03-30 23:03 - 2013-02-14 14:08 - 00000000 ____D () C:\Users\Greg\AppData\Local\QuickPar
2014-03-30 22:31 - 2013-02-11 12:12 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\GrabIt
2014-03-27 11:36 - 2013-03-07 22:20 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\dvdcss
2014-03-25 21:52 - 2014-03-25 21:52 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\MPC-HC
2014-03-25 21:51 - 2014-03-25 21:51 - 00000000 ____D () C:\Program Files (x86)\Combined Community Codec Pack
2014-03-23 14:28 - 2014-03-22 11:13 - 00000000 ____D () C:\Users\Greg\Desktop\pIKKß
2014-03-21 12:27 - 2014-03-21 12:27 - 00005696 _____ () C:\Windows\SysWOW64\SecureAssist.ini
2014-03-21 11:46 - 2014-03-21 11:46 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-03-14 16:56 - 2014-03-14 16:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-14 16:56 - 2013-03-13 13:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-14 16:56 - 2013-03-13 13:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-13 20:45 - 2014-03-13 20:42 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\banshee-1
2014-03-13 20:43 - 2014-03-13 20:43 - 00000000 ____D () C:\Users\Greg\AppData\Local\gtk-2.0
2014-03-13 20:42 - 2014-03-13 20:42 - 00000000 ____D () C:\Users\Greg\Documents\.cache
2014-03-13 20:34 - 2014-03-13 20:34 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\MusicBrainz
2014-03-13 20:34 - 2014-03-13 20:34 - 00000000 ____D () C:\Users\Greg\AppData\Local\cache
2014-03-12 16:00 - 2014-04-09 00:07 - 00338120 _____ (SecureAssist) C:\Windows\system32\SecureAssist64.dll
Some content of TEMP:
====================
C:\Users\Greg\AppData\Local\Temp\amazonicon.exe
C:\Users\Greg\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Greg\AppData\Local\Temp\CMInstaller.exe
C:\Users\Greg\AppData\Local\Temp\Quarantine.exe
C:\Users\Greg\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Greg\AppData\Local\Temp\SpOrder.dll
C:\Users\Greg\AppData\Local\Temp\VSUSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-10 13:35
==================== End Of Log ============================
Addition.txt: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Greg at 2014-04-10 16:34:27
Running from C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DOT3Q6KK
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
1&1 Surf-Stick (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )
7-Zip 9.30 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0930-000001000000}) (Version: 9.30.00.0 - Igor Pavlov)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS PWR Option (HKLM-x32\...\{B7B60C4F-0DB8-42EF-8EDC-5F21D4C2D73F}) (Version: 1.2.1 - ASUS)
ASUS Secure Delete (HKLM\...\{761C6783-D3BC-48AB-8E7C-61CE918A8436}) (Version: 1.00.0009 - ASUS)
ASUS_Scr_ZenbookPrime (HKLM-x32\...\ASUS_Scr_ZenbookPrime) (Version: 1.0.0001 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0020 - ASUS)
AutoUnpack 4.5.2 (HKLM-x32\...\AutoUnpack_is1) (Version: - )
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4355 - AVG Technologies)
AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4355 - AVG Technologies) Hidden
AX88772B Windows 7 Drivers (HKLM-x32\...\InstallShield_{54A168C9-2250-4058-80EB-1F4A4192548A}) (Version: 1.0.2.0 - ASIX Electronics Corporation)
AX88772B Windows 7 Drivers (x32 Version: 1.0.2.0 - ASIX Electronics Corporation) Hidden
Caesar 3 (HKLM-x32\...\Caesar 3_is1) (Version: - GOG.com)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
Combined Community Codec Pack 2014-03-09 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.03.09.0 - CCCP Project)
CrystalDiskInfo 5.4.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.4.2 - Crystal Dew World)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ETDWare PS/2-X64 10.5.9.0 (HKLM\...\Elantech) (Version: 10.5.9.0 - ELAN Microelectronic Corp.)
Free Video Call Recorder for Skype version 1.2.3.827 (HKLM-x32\...\Free Video Call Recorder for Skype_is1) (Version: 1.2.3.827 - DVDVideoSoft Ltd.)
GrabIt 1.7.2 Beta 6 (build 1008) (HKLM-x32\...\GrabIt_is1) (Version: - Ilan Shemes)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.3.2 - ASUS)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Dynamic Platform & Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.1.1067 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{90F00673-A276-4A58-B675-B426D39D1E09}) (Version: 15.3.0.0398 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1024 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Joe (HKLM-x32\...\{F8C986EA-13F8-4B39-91C3-A6B9A851CD34}) (Version: 4.01.0000 - Wirth IT Design)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Access MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Garage Mouse without Borders (HKLM-x32\...\{D3BC954F-D661-474C-B367-30EB6E56542E}) (Version: 2.1.2.1212 - Microsoft Garage)
Microsoft Groove MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}) (Version: - )
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Proofing (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Word MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 22.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 22.0 (x86 de)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Rayman 2 (HKLM-x32\...\Rayman 2_is1) (Version: - GOG.com)
Rayman 2: The Great Escape GOG Edition (HKLM\...\{0e82bf4c-b906-4635-a97e-6a9740686b33}.sdb) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6608 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Reference Manager 12 Professional Edition (HKLM-x32\...\{8BCAC105-C501-41F9-AED1-587024ABCA8C}) (Version: 12.0.3.3262 - Thomson Reuters)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.42.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13348 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Stellarium 0.12.1 (HKLM\...\Stellarium_is1) (Version: 0.12.1 - Stellarium team)
suprasavings (HKLM\...\suprasavings) (Version: 2.0.1 - suprasavings)
SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden
SupraSavings (x32 Version: 1.0.0.0 - SupraSavings) Hidden
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows8FirewallControl (x64) 6.1.9.53 (HKLM\...\Windows8FirewallControl_is1) (Version: 6.1.9.53 - Sphinx Software)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
Wise Registry Cleaner 7.65 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: - WiseCleaner.com, Inc.)
zebNet® Backup for Thunderbird® TNG 4.0.3.6 (HKLM\...\{252C8AFD-9F76-492C-8075-FEA02AC712E6}) (Version: 4.0.3.6 - zebNet® Ltd)
zebNet® Thunderbird Backup 2012 3.4.20 (HKLM\...\{C56ED89A-ADA0-4CAD-80AF-7E22AD3FE66D}) (Version: 3.4.20 - zebNet® Ltd)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-02-11 23:09 - 00005810 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 crl.verisign.net
127.0.0.1 CRL.VERISIGN.NET.*
127.0.0.1 ereg.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 ereg.wip.adobe.com
127.0.0.1 ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 ereg.wip4.adobe.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 ood.opsource.net
127.0.0.1 practivate.adobe
127.0.0.1 practivate.adobe.*
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.ipp
127.0.0.1 practivate.adobe.newoa
127.0.0.1 practivate.adobe.ntp
127.0.0.1 tss-geotrust-crl.thawte.com
127.0.0.1 wip.adobe.com
127.0.0.1 wip1.adobe.com
127.0.0.1 wip2.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wip4.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {08668315-17CF-411C-B9BA-835A5E420DCF} - System32\Tasks\Secure Delete => C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe [2011-11-28] ()
Task: {25DA7FC5-6397-4998-B92A-3B3FB4D8514B} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-16] (ASUS)
Task: {3E7B422A-3F36-42C1-AA17-BCCD05B4B3A4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {492173E0-4A3F-4653-A3D4-75E9569B71A3} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {5D80DACF-DDFD-49F3-AFBB-C6A6DE67666F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {67473FE2-DADF-4867-ACD5-8CA8651EF76A} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-06-25] (ASUSTek Computer Inc.)
Task: {705F2FDA-C0C0-4D2C-9678-1A3F069EDC78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-14] (Adobe Systems Incorporated)
Task: {835C2E8C-5324-4BCD-9708-763ABC9D0AAD} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {9AA1CC86-371F-4AFE-BFF5-F6FCB933F6B7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {A0561424-CC51-4FF5-A035-5F8E7BAD9774} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {A414D2F6-49AC-4891-B16F-5082788D3344} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-17] (ASUSTek Computer Inc.)
Task: {B430CCC3-4277-433C-A28E-12AB5E4575D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
==================== Loaded Modules (whitelisted) =============
2012-04-30 10:10 - 2012-02-20 05:31 - 00018944 _____ () C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
2012-04-30 10:10 - 2012-02-20 05:31 - 00019968 _____ () C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
2012-09-18 00:14 - 2012-02-21 21:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2013-10-04 11:35 - 2012-01-17 18:49 - 00270672 _____ () C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
2014-04-09 00:05 - 2014-04-09 00:05 - 00706560 _____ () C:\Program Files\003\xmkysecqun64.exe
2011-11-28 18:58 - 2011-11-28 18:58 - 00556976 _____ () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
2010-07-15 01:11 - 2010-07-15 01:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-04-30 10:09 - 2012-04-02 10:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-13 13:07 - 2012-03-13 13:07 - 00074752 _____ () C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Symlib.dll
2013-10-04 11:35 - 2012-01-17 18:49 - 00153424 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
2014-04-10 16:32 - 2014-04-10 16:32 - 00050477 _____ () C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F6L2U10S\Defogger.exe
2012-12-28 10:44 - 2012-12-28 10:44 - 00039648 _____ () C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MousewithoutBordersHelper.exe
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Greg\AppData\Roaming\Dropbox\bin\libcef.dll
2012-01-31 18:25 - 2012-01-31 18:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2012-09-18 00:14 - 2012-02-21 21:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^Users^Greg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^slimKEYS.lnk => C:\Windows\pss\slimKEYS.lnk.Startup
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
==================== Faulty Device Manager Devices =============
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/10/2014 04:17:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/10/2014 04:17:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/10/2014 04:14:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/10/2014 04:14:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/10/2014 04:13:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: obexsrv.exe, version: 2.0.0.128, time stamp: 0x4ed5d3d0
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58
Exception code: 0xc0000005
Fault offset: 0x000332ff
Faulting process id: 0xb14
Faulting application start time: 0xobexsrv.exe0
Faulting application path: obexsrv.exe1
Faulting module path: obexsrv.exe2
Report Id: obexsrv.exe3
Error: (04/10/2014 04:12:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: ss_conn_service.exe, version: 2.3.1.0, time stamp: 0x5305caea
Faulting module name: ss_conn_service.exe, version: 2.3.1.0, time stamp: 0x5305caea
Exception code: 0x40000015
Fault offset: 0x0005fbf6
Faulting process id: 0xbb8
Faulting application start time: 0xss_conn_service.exe0
Faulting application path: ss_conn_service.exe1
Faulting module path: ss_conn_service.exe2
Report Id: ss_conn_service.exe3
Error: (04/10/2014 04:10:14 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Revo Uninstaller\Revouninstaller.exe Files (x86)\Revo Uninstaller\Revouninstaller.exe" ; Description = Revo Uninstaller's restore point - Mozilla Firefox 28.0 (x86 de); Error = 0x80070422).
Error: (04/10/2014 04:09:06 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Revo Uninstaller\Revouninstaller.exe Files (x86)\Revo Uninstaller\Revouninstaller.exe" ; Description = Revo Uninstaller's restore point - ISI ResearchSoft - Export Helper; Error = 0x80070422).
System errors:
=============
Error: (04/10/2014 04:13:49 PM) (Source: Service Control Manager) (User: )
Description: The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s).
Error: (04/10/2014 04:12:09 PM) (Source: Service Control Manager) (User: )
Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
Error: (04/10/2014 04:03:52 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Microsoft Office Sessions:
=========================
Error: (04/10/2014 04:17:57 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Greg\Desktop\esetsmartinstaller_deu.exe
Error: (04/10/2014 04:17:54 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Greg\Desktop\esetsmartinstaller_deu.exe
Error: (04/10/2014 04:14:54 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Greg\Desktop\esetsmartinstaller_deu.exe
Error: (04/10/2014 04:14:52 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Greg\Desktop\esetsmartinstaller_deu.exe
Error: (04/10/2014 04:13:49 PM) (Source: Application Error)(User: )
Description: obexsrv.exe2.0.0.1284ed5d3d0ntdll.dll6.1.7601.175144ce7ba58c0000005000332ffb1401cf54c6d319f317C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exeC:\Windows\SysWOW64\ntdll.dll5567aba4-c0ba-11e3-b2d8-c485082b1ec9
Error: (04/10/2014 04:12:09 PM) (Source: Application Error)(User: )
Description: ss_conn_service.exe2.3.1.05305caeass_conn_service.exe2.3.1.05305caea400000150005fbf6bb801cf54c6d3013a9aC:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exeC:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe19cc8f93-c0ba-11e3-b2d8-c485082b1ec9
Error: (04/10/2014 04:10:14 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Revo Uninstaller\Revouninstaller.exe Files (x86)\Revo Uninstaller\Revouninstaller.exe" Revo Uninstaller's restore point - Mozilla Firefox 28.0 (x86 de)0x80070422
Error: (04/10/2014 04:09:06 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Revo Uninstaller\Revouninstaller.exe Files (x86)\Revo Uninstaller\Revouninstaller.exe" Revo Uninstaller's restore point - ISI ResearchSoft - Export Helper0x80070422
CodeIntegrity Errors:
===================================
Date: 2013-02-11 11:01:21.272
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Greg\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-02-11 11:01:21.257
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Greg\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-02-11 11:01:21.241
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Everest Home\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-02-11 11:01:21.226
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Everest Home\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 43%
Total physical RAM: 3981.93 MB
Available physical RAM: 2239.12 MB
Total Pagefile: 7962.05 MB
Available Pagefile: 5876.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:104.7 GB) (Free:52.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (UDISK 2.0) (Removable) (Total:0.96 GB) (Free:0.89 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119 GB) (Disk ID: D89D9D33)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 984 MB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
GMER hat zwei Fehlermeldungen aufgezeichnet. Einmal zu Beginn, direkt beim Start: C:\\Windows\system32\config\system: The process cannot access the file because it is being used by another process.
Und dann während des Scans nochmal diesselbe Meldung. Direkt danach dann noch die hier:
C:\\Users\Greg\ntuser.dat: The process cannot access the file because it is being used by another process.
GMER.txt: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-10 16:54:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ADATA_XM rev.5.0. 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\Greg\AppData\Local\Temp\uxdyypog.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\services.exe[816] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes 0000000076b70550 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[1092] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes 0000000076b70550 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes 0000000076b70550 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes 0000000076b70550 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files\003\xmkysecqun64.exe[2608] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes 0000000076b70550 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe[4092] C:\Windows\system32\KERNEL32.dll!SetFileCompletionNotificationModes 0000000076b70550 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe[3296] C:\Windows\system32\KERNEL32.dll!SetFileCompletionNotificationModes 0000000076b70550 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\AsScrPro.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f11465 2 bytes [F1, 75]
.text C:\Windows\AsScrPro.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f114bb 2 bytes [F1, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f11465 2 bytes [F1, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f114bb 2 bytes [F1, 75]
.text ... * 2
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5304] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes 0000000076b70550 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files\Windows8FirewallControl\Windows8FirewallService.exe[2204] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes 0000000076b70550 14 bytes {JMP QWORD [RIP+0x0]}
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\services.exe [816:3772] 00000000018ff430
Thread C:\Windows\system32\services.exe [816:3776] 00000000018ff430
Thread C:\Windows\system32\services.exe [816:3780] 00000000018ff430
Thread C:\Windows\system32\services.exe [816:3784] 00000000018ff430
Thread C:\Windows\system32\services.exe [816:3792] 000000000191dc30
Thread C:\Windows\system32\services.exe [816:3956] 000000000191dc30
Thread C:\Windows\system32\svchost.exe [1092:1132] 000000000017f430
Thread C:\Windows\system32\svchost.exe [1092:1136] 000000000017f430
Thread C:\Windows\system32\svchost.exe [1092:1140] 000000000017f430
Thread C:\Windows\system32\svchost.exe [1092:1144] 000000000017f430
Thread C:\Windows\system32\svchost.exe [1092:1152] 000000000019dc30
Thread C:\Windows\system32\svchost.exe [1260:1936] 00000000015df430
Thread C:\Windows\system32\svchost.exe [1260:1940] 00000000015df430
Thread C:\Windows\system32\svchost.exe [1260:1944] 00000000015df430
Thread C:\Windows\system32\svchost.exe [1260:1948] 00000000015df430
Thread C:\Windows\system32\svchost.exe [1260:1956] 00000000015fdc30
Thread C:\Windows\system32\svchost.exe [1260:1076] 00000000015fdc30
Thread C:\Windows\System32\spoolsv.exe [1984:4792] 00000000025cf430
Thread C:\Windows\System32\spoolsv.exe [1984:4796] 00000000025cf430
Thread C:\Windows\System32\spoolsv.exe [1984:4800] 00000000025cf430
Thread C:\Windows\System32\spoolsv.exe [1984:4804] 00000000025cf430
Thread C:\Windows\system32\svchost.exe [2016:4460] 000000000142f430
Thread C:\Windows\system32\svchost.exe [2016:4464] 000000000142f430
Thread C:\Windows\system32\svchost.exe [2016:4468] 000000000142f430
Thread C:\Windows\system32\svchost.exe [2016:4472] 000000000142f430
Thread C:\Windows\system32\svchost.exe [2016:4480] 000000000144dc30
Thread C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe [4092:1728] 000000000057f430
Thread C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe [4092:1716] 000000000057f430
Thread C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe [4092:1692] 000000000057f430
Thread C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe [4092:1588] 000000000057f430
Thread C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe [4092:3700] 000000000059dc30
Thread C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe [4092:3688] 000000000059dc30
Thread C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe [3296:1732] 00000000006af430
Thread C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe [3296:1700] 00000000006af430
Thread C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe [3296:1696] 00000000006af430
Thread C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe [3296:3664] 00000000006af430
Thread C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe [3296:3708] 00000000006cdc30
Thread C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe [3296:3692] 00000000006cdc30
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5304:3204] 0000000001f3f430
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5304:3220] 0000000001f3f430
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5304:2860] 0000000001f3f430
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5304:4144] 0000000001f3f430
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5304:6004] 0000000001f5dc30
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5304:2068] 0000000001f5dc30
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Ich hoffe, ich habe alles richtig gemacht soweit und bedanke mich schonmal herzlich für etwaige Hilfe! Ärgere mich sehr über mich, dass mir das passiert ist.
Es läuft eine geupdatete Win 7 x64 Version, AVG-Antivirus (kostenlos) und Windows8 FirewallControl.
Viele Grüße,
-zabbn- |
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
