Hier sind die Ergebnisse:
mbam: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 17.04.2014
Suchlauf-Zeit: 19:39:48
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.1.1004
Malware Datenbank: v2014.04.17.05
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Philipp
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 295760
Verstrichene Zeit: 41 Min, 43 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 1
Adware.Adpeak, C:\Program Files\002\bukgmhvrux64.exe, 1880, Löschen bei Neustart, [0ff11be541bfca36e39e46d643c11fe1]
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 4
Adware.Adpeak, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\bukgmhvrux64, In Quarantäne, [0ff11be541bfca36e39e46d643c11fe1],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}, In Quarantäne, [d32d956b29d75aa64922b85cb44e619f],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, In Quarantäne, [d32d956b29d75aa64922b85cb44e619f],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\Rr Savings, In Quarantäne, [ab558779cc34b54bb1d2f478ee140af6],
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 0
(No malicious items detected)
Dateien: 5
Adware.Adpeak, C:\Program Files\002\bukgmhvrux64.exe, Löschen bei Neustart, [0ff11be541bfca36e39e46d643c11fe1],
PUP.Optional.AdPeak.A, C:\Program Files (x86)\Rr Savings\RrSavings.dll, In Quarantäne, [d32d956b29d75aa64922b85cb44e619f],
PUP.Optional.Conduit.A, C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://search.conduit.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=M01D17269-0734-40BC-BCDD-693A38C728F4&SearchSource=55&CUI=&UM=5&UP=SP19056D87-D38B-4DAC-A3F6-489594B21E14&SSPV=",), Ersetzt,[c040867a0cf4e51b394e1a384abad030]
PUP.Optional.Conduit.A, C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://search.conduit.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=M01D17269-0734-40BC-BCDD-693A38C728F4&SearchSource=55&CUI=&UM=5&UP=SP19056D87-D38B-4DAC-A3F6-489594B21E14&SSPV=" ],), Ersetzt,[8e725aa6bd43ad53eacf4a08f50fb44c]
PUP.Optional.Conduit.A, C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "search_url": "hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=M01D17269-0734-40BC-BCDD-693A38C728F4&SearchSource=58&CUI=&UM=5&UP=SP19056D87-D38B-4DAC-A3F6-489594B21E14&q={searchTerms}&SSPV=",), Ersetzt,[45bb000004fc6b95b62f0b47d2320cf4]
Physische Sektoren: 0
(No malicious items detected)
(end)
adwcleaner
AdwCleaner Logfile: Code:
# AdwCleaner v3.023 - Bericht erstellt am 17/04/2014 um 19:55:16
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Philipp - PC-COMPUTER
# Gestartet von : C:\Users\Philipp\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Windows\Installer\{813BA625-B0FA-48D8-9B75-59759C88C219}
Datei Gelöscht : C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage
Datei Gelöscht : C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage-journal
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photofiltre_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photofiltre_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{813BA625-B0FA-48D8-9B75-59759C88C219}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\526AB318AF0B8D84B9579557C9882C91
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\526AB318AF0B8D84B9579557C9882C91
***** [ Browser ] *****
-\\ Internet Explorer v0.0.0.0
-\\ Google Chrome v34.0.1847.116
[ Datei : C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
Gelöscht : search_url
Gelöscht : keyword
*************************
AdwCleaner[R0].txt - [3430 octets] - [17/04/2014 19:54:14]
AdwCleaner[S0].txt - [3253 octets] - [17/04/2014 19:55:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3313 octets] ########## --- --- ---
JRT: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Philipp on 17.04.2014 at 20:03:15,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2976728306-3877539080-648663649-1002\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.04.2014 at 20:12:19,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014
Ran by Philipp (administrator) on PC-COMPUTER on 17-04-2014 20:21:49
Running from C:\Users\Philipp\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
() c:\Program Files\RrFilter\RrFilterService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [17412200 2010-03-27] (NVIDIA Corporation)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [635784 2010-01-13] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-10-28] ()
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2976728306-3877539080-648663649-1000\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-2976728306-3877539080-648663649-1002\...\Run: [ICQ] => C:\Program Files (x86)\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\S-1-5-21-2976728306-3877539080-648663649-1002\...\Run: [Steam] => D:\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://search.conduit.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=M01D17269-0734-40BC-BCDD-693A38C728F4&SearchSource=55&CUI=&UM=5&UP=SP19056D87-D38B-4DAC-A3F6-489594B21E14&SSPV="
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=M01D17269-0734-40BC-BCDD-693A38C728F4&SearchSource=58&CUI=&UM=5&UP=SP19056D87-D38B-4DAC-A3F6-489594B21E14&q={searchTerms}&SSPV=
CHR DefaultNewTabURL:
CHR Extension: (Google Wallet) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 RrFilterService64; c:\Program Files\RrFilter\RrFilterService64.exe [171008 2014-03-06] ()
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61736 2014-02-28] (NetFilterSDK.com)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 tmlwf;
U3 tmwfp;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-17 20:17 - 2014-04-17 20:17 - 00000000 ____D () C:\Users\Philipp\Desktop\FRST-OlderVersion
2014-04-17 20:12 - 2014-04-17 20:12 - 00001486 _____ () C:\Users\Philipp\Desktop\JRT.txt
2014-04-17 20:01 - 2014-04-17 20:01 - 01016261 _____ (Thisisu) C:\Users\Philipp\Desktop\JRT.exe
2014-04-17 20:00 - 2014-04-17 20:00 - 00003405 _____ () C:\Users\Philipp\Desktop\AdwCleaner[S0].txt
2014-04-17 19:54 - 2014-04-17 19:55 - 00000000 ____D () C:\AdwCleaner
2014-04-17 19:53 - 2014-04-17 19:53 - 01426178 _____ () C:\Users\Philipp\Desktop\adwcleaner.exe
2014-04-17 19:52 - 2014-04-17 19:52 - 00003161 _____ () C:\Users\Philipp\Desktop\mbam.txt
2014-04-17 18:56 - 2014-04-17 19:51 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 18:56 - 2014-04-17 18:56 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-17 18:56 - 2014-04-17 18:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-17 18:56 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-17 18:56 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-17 18:56 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-17 18:55 - 2014-04-17 18:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Philipp\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-16 20:17 - 2014-04-16 20:17 - 00018625 _____ () C:\ComboFix.txt
2014-04-16 20:00 - 2014-04-16 20:17 - 00000000 ____D () C:\Qoobox
2014-04-16 20:00 - 2014-04-16 20:14 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 20:00 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-16 20:00 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-16 20:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-16 20:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-16 20:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-16 20:00 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-16 20:00 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-16 20:00 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-16 19:58 - 2014-04-16 19:58 - 05194807 ____R (Swearware) C:\Users\Philipp\Desktop\ComboFix.exe
2014-04-16 19:31 - 2014-04-16 19:31 - 00001266 _____ () C:\Users\Philipp\Desktop\Revo Uninstaller.lnk
2014-04-16 19:31 - 2014-04-16 19:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-16 19:30 - 2014-04-16 19:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Philipp\Desktop\revosetup95.exe
2014-04-16 18:03 - 2014-04-16 18:03 - 00003992 _____ () C:\Users\Philipp\Desktop\GMER.log
2014-04-16 17:51 - 2014-04-16 17:51 - 00380416 _____ () C:\Users\Philipp\Desktop\Gmer-19357.exe
2014-04-16 17:50 - 2014-04-16 17:50 - 00013096 _____ () C:\Users\Philipp\Desktop\AVSCAN-20140416-174023-5223DA7D.LOG
2014-04-16 17:49 - 2014-04-16 17:50 - 00027186 _____ () C:\Users\Philipp\Desktop\Addition.txt
2014-04-16 17:48 - 2014-04-17 20:21 - 00012079 _____ () C:\Users\Philipp\Desktop\FRST.txt
2014-04-16 17:48 - 2014-04-17 20:21 - 00000000 ____D () C:\FRST
2014-04-16 17:47 - 2014-04-17 20:17 - 02158592 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe
2014-04-16 17:46 - 2014-04-16 17:46 - 00050477 _____ () C:\Users\Philipp\Desktop\Defogger.exe
2014-04-16 17:46 - 2014-04-16 17:46 - 00000476 _____ () C:\Users\Philipp\Desktop\defogger_disable.log
2014-04-16 17:46 - 2014-04-16 17:46 - 00000000 _____ () C:\Users\Philipp\defogger_reenable
2014-04-16 17:25 - 2014-04-16 19:35 - 00000000 ____D () C:\Program Files\RrFilter
2014-04-16 17:24 - 2014-04-17 19:40 - 00000000 ____D () C:\Program Files (x86)\Rr Savings
2014-04-16 17:24 - 2014-04-16 17:24 - 00000000 ____D () C:\Program Files\rrsavings
2014-04-16 17:23 - 2014-04-17 19:41 - 00000000 ____D () C:\Program Files\002
2014-04-16 17:23 - 2014-04-16 17:23 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Security System 2
2014-04-16 17:23 - 2014-04-16 17:23 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\BupSystem
2014-04-16 01:35 - 2014-04-16 22:45 - 00000152 _____ () C:\Users\Philipp\Desktop\TITEL.txt
2014-04-09 18:36 - 2014-03-13 08:33 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 18:36 - 2014-03-13 08:33 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 18:36 - 2014-03-13 08:33 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-09 18:36 - 2014-03-13 08:32 - 19273728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 18:36 - 2014-03-13 08:32 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 18:36 - 2014-03-13 08:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-09 18:36 - 2014-03-13 08:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 18:36 - 2014-03-13 08:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-09 18:36 - 2014-03-13 08:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 18:36 - 2014-03-13 08:31 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 18:36 - 2014-03-13 08:31 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 18:36 - 2014-03-13 08:31 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 18:36 - 2014-03-13 08:31 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-09 18:36 - 2014-03-13 08:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-09 18:36 - 2014-03-13 08:31 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-09 18:36 - 2014-03-13 07:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-09 18:36 - 2014-03-13 07:10 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 18:36 - 2014-03-13 07:09 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 18:36 - 2014-03-13 07:09 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-09 18:36 - 2014-03-13 07:09 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-09 18:36 - 2014-03-13 07:09 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-09 18:36 - 2014-03-13 07:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-09 18:36 - 2014-03-13 07:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-09 18:36 - 2014-03-13 07:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-09 18:36 - 2014-03-13 07:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-09 18:36 - 2014-03-13 07:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-09 18:36 - 2014-03-13 07:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-09 18:36 - 2014-03-13 07:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-09 18:36 - 2014-03-13 07:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-09 18:36 - 2014-03-13 06:57 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 18:36 - 2014-03-13 06:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 18:35 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 18:35 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 18:35 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 18:35 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 18:35 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 18:35 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 18:35 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 18:35 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 18:35 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 18:35 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 18:35 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 18:35 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 18:35 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 18:35 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 18:35 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 18:35 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 18:35 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 12:30 - 2014-04-10 21:29 - 00000000 ____D () C:\Users\Philipp\Desktop\Wirklichkeitsmaschinen
2014-04-07 12:25 - 2014-04-10 21:35 - 00000000 ____D () C:\Users\Philipp\Desktop\Many
2014-04-05 19:56 - 2014-03-14 23:58 - 00002104 _____ () C:\Users\Philipp\Desktop\zeitlos.txt
2014-04-03 17:53 - 2014-04-15 15:10 - 00000000 ____D () C:\Users\Philipp\Desktop\Pollesch
2014-03-30 23:15 - 2014-04-16 13:49 - 00003033 _____ () C:\Users\Philipp\Desktop\TWEE.txt
2014-03-25 22:07 - 2014-03-25 22:07 - 00007602 _____ () C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg
==================== One Month Modified Files and Folders =======
2014-04-17 20:21 - 2014-04-16 17:48 - 00012079 _____ () C:\Users\Philipp\Desktop\FRST.txt
2014-04-17 20:21 - 2014-04-16 17:48 - 00000000 ____D () C:\FRST
2014-04-17 20:17 - 2014-04-17 20:17 - 00000000 ____D () C:\Users\Philipp\Desktop\FRST-OlderVersion
2014-04-17 20:17 - 2014-04-16 17:47 - 02158592 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe
2014-04-17 20:12 - 2014-04-17 20:12 - 00001486 _____ () C:\Users\Philipp\Desktop\JRT.txt
2014-04-17 20:09 - 2014-03-17 12:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-17 20:04 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-17 20:04 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-17 20:03 - 2014-03-17 12:05 - 00000000 ____D () C:\Windows\ERUNT
2014-04-17 20:01 - 2014-04-17 20:01 - 01016261 _____ (Thisisu) C:\Users\Philipp\Desktop\JRT.exe
2014-04-17 20:01 - 2009-08-04 11:51 - 00700126 _____ () C:\Windows\system32\perfh007.dat
2014-04-17 20:01 - 2009-08-04 11:51 - 00149976 _____ () C:\Windows\system32\perfc007.dat
2014-04-17 20:01 - 2009-07-14 07:13 - 01622196 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-17 20:00 - 2014-04-17 20:00 - 00003405 _____ () C:\Users\Philipp\Desktop\AdwCleaner[S0].txt
2014-04-17 20:00 - 2010-10-28 14:39 - 01243886 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 19:58 - 2010-10-28 14:53 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 19:57 - 2010-10-28 14:53 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 19:56 - 2013-01-15 19:32 - 00035495 _____ () C:\Windows\setupact.log
2014-04-17 19:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-17 19:55 - 2014-04-17 19:54 - 00000000 ____D () C:\AdwCleaner
2014-04-17 19:53 - 2014-04-17 19:53 - 01426178 _____ () C:\Users\Philipp\Desktop\adwcleaner.exe
2014-04-17 19:52 - 2014-04-17 19:52 - 00003161 _____ () C:\Users\Philipp\Desktop\mbam.txt
2014-04-17 19:51 - 2014-04-17 18:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 19:41 - 2014-04-16 17:23 - 00000000 ____D () C:\Program Files\002
2014-04-17 19:41 - 2013-01-15 19:32 - 00266714 _____ () C:\Windows\PFRO.log
2014-04-17 19:40 - 2014-04-16 17:24 - 00000000 ____D () C:\Program Files (x86)\Rr Savings
2014-04-17 19:40 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Performance
2014-04-17 18:56 - 2014-04-17 18:56 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-17 18:56 - 2014-04-17 18:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-17 18:56 - 2013-01-12 22:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-17 18:55 - 2014-04-17 18:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Philipp\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-16 22:45 - 2014-04-16 01:35 - 00000152 _____ () C:\Users\Philipp\Desktop\TITEL.txt
2014-04-16 20:17 - 2014-04-16 20:17 - 00018625 _____ () C:\ComboFix.txt
2014-04-16 20:17 - 2014-04-16 20:00 - 00000000 ____D () C:\Qoobox
2014-04-16 20:17 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-16 20:14 - 2014-04-16 20:00 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 20:13 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-16 19:58 - 2014-04-16 19:58 - 05194807 ____R (Swearware) C:\Users\Philipp\Desktop\ComboFix.exe
2014-04-16 19:35 - 2014-04-16 17:25 - 00000000 ____D () C:\Program Files\RrFilter
2014-04-16 19:31 - 2014-04-16 19:31 - 00001266 _____ () C:\Users\Philipp\Desktop\Revo Uninstaller.lnk
2014-04-16 19:31 - 2014-04-16 19:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-16 19:30 - 2014-04-16 19:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Philipp\Desktop\revosetup95.exe
2014-04-16 18:03 - 2014-04-16 18:03 - 00003992 _____ () C:\Users\Philipp\Desktop\GMER.log
2014-04-16 17:51 - 2014-04-16 17:51 - 00380416 _____ () C:\Users\Philipp\Desktop\Gmer-19357.exe
2014-04-16 17:50 - 2014-04-16 17:50 - 00013096 _____ () C:\Users\Philipp\Desktop\AVSCAN-20140416-174023-5223DA7D.LOG
2014-04-16 17:50 - 2014-04-16 17:49 - 00027186 _____ () C:\Users\Philipp\Desktop\Addition.txt
2014-04-16 17:46 - 2014-04-16 17:46 - 00050477 _____ () C:\Users\Philipp\Desktop\Defogger.exe
2014-04-16 17:46 - 2014-04-16 17:46 - 00000476 _____ () C:\Users\Philipp\Desktop\defogger_disable.log
2014-04-16 17:46 - 2014-04-16 17:46 - 00000000 _____ () C:\Users\Philipp\defogger_reenable
2014-04-16 17:46 - 2010-12-01 16:23 - 00000000 ____D () C:\Users\Philipp
2014-04-16 17:31 - 2010-10-28 15:21 - 00001385 _____ () C:\Windows\system32\ServiceFilter.ini
2014-04-16 17:31 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-16 17:24 - 2014-04-16 17:24 - 00000000 ____D () C:\Program Files\rrsavings
2014-04-16 17:23 - 2014-04-16 17:23 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Security System 2
2014-04-16 17:23 - 2014-04-16 17:23 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\BupSystem
2014-04-16 15:54 - 2013-02-26 20:29 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\FreeDoko
2014-04-16 13:49 - 2014-03-30 23:15 - 00003033 _____ () C:\Users\Philipp\Desktop\TWEE.txt
2014-04-15 15:20 - 2010-12-10 01:52 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\SoftGrid Client
2014-04-15 15:10 - 2014-04-03 17:53 - 00000000 ____D () C:\Users\Philipp\Desktop\Pollesch
2014-04-14 23:41 - 2010-10-28 14:51 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-12 17:43 - 2010-12-01 16:31 - 00000000 ___RD () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-12 17:43 - 2010-12-01 16:31 - 00000000 ___RD () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-12 13:43 - 2010-10-28 14:53 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-04-11 20:25 - 2011-04-03 16:43 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{16DBA992-64F2-45F2-85B2-D3E8DF52B32D}
2014-04-10 21:35 - 2014-04-07 12:25 - 00000000 ____D () C:\Users\Philipp\Desktop\Many
2014-04-10 21:29 - 2014-04-07 12:30 - 00000000 ____D () C:\Users\Philipp\Desktop\Wirklichkeitsmaschinen
2014-04-10 16:49 - 2014-03-02 22:14 - 00000000 ____D () C:\Users\Philipp\Desktop\Arno Schmidt
2014-04-10 00:36 - 2013-08-23 10:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 00:34 - 2012-01-09 16:20 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-05 23:28 - 2012-03-12 17:53 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\vlc
2014-04-05 21:17 - 2012-03-14 23:41 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\dvdcss
2014-04-04 15:14 - 2013-11-29 00:56 - 00000000 ____D () C:\Users\Philipp\Desktop\Kracht
2014-04-03 17:53 - 2013-11-11 18:57 - 00000000 ____D () C:\Users\Philipp\Desktop\POPSEMINAR
2014-04-03 17:51 - 2014-02-09 23:25 - 00000000 ____D () C:\Users\Philipp\Desktop\HH
2014-04-03 09:51 - 2014-04-17 18:56 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-17 18:56 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-17 18:56 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-30 13:53 - 2010-10-28 14:53 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 13:53 - 2010-10-28 14:53 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 21:24 - 2011-05-23 18:06 - 00003146 _____ () C:\Users\Philipp\Desktop\Wachsmalstift.txt
2014-03-29 21:19 - 2013-11-20 21:23 - 00001396 _____ () C:\Users\Philipp\Desktop\AKTÜLL.txt
2014-03-29 21:18 - 2012-01-07 04:28 - 00001122 _____ () C:\Users\Philipp\Desktop\txt.txt
2014-03-27 18:50 - 2014-03-12 22:08 - 18318842 _____ () C:\Users\Philipp\Downloads\02 Titelnummer 2.wma
2014-03-25 22:07 - 2014-03-25 22:07 - 00007602 _____ () C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg
2014-03-25 00:17 - 2010-12-10 01:51 - 01596476 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\Temp\avgnt.exe
C:\Users\Philipp\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-28 12:04
==================== End Of Log ============================ --- --- ---
Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014
Ran by Philipp at 2014-04-17 20:22:21
Running from C:\Users\Philipp\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.9 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.35 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0003 - ASUS)
Audacity 1.3.12 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrainVoyager Brain Tutor (HKLM-x32\...\{6265E1CF-F90F-4A56-8EAB-864085A44790}) (Version: 2.5.0 - Brain Innovation)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
EasyBits GO (HKCU\...\Game Organizer) (Version: - EasyBits Media)
ER Mapper ECW JPEG 2000 Plug-in for Internet Explorer [3.4.0.242] (HKLM-x32\...\ER Mapper ECW JPEG 2000 Plug-in for Internet Explorer) (Version: 8.1 - ER Mapper)
ETDWare PS/2-x64 7.0.5.10_WHQL (HKLM\...\Elantech) (Version: 7.0.5.10 - ELAN Microelectronics Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
FreeDoko 0.7.11 (HKLM-x32\...\FreeDoko) (Version: 0.7.11 - Borg Enders und Diether Knof)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GTA2 (HKLM-x32\...\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}) (Version: 1.00.001 - )
Guitar Pro 5.0 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
Hedgewars (HKLM-x32\...\hedgewars) (Version: 0.9.17 - Hedgewars Project)
ICQ7.2 (HKLM-x32\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.17.1 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version: - )
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - )
Live 8.2.8 (HKLM-x32\...\Live 8.2.8) (Version: - )
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.58.36 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
NVIDIA Updatus (x32 Version: 1.0.3 - NVIDIA Corporation) Hidden
OpenOffice.org 3.2 (HKLM-x32\...\{8D1E61D1-1395-4E97-997F-D002DB3A5074}) (Version: 3.2.9502 - OpenOffice.org)
PhotoFiltre (HKCU\...\PhotoFiltre) (Version: - )
Protegere (HKLM-x32\...\Protegere) (Version: - )
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6088 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
rrsavings (HKLM\...\rrsavings) (Version: 2.0.1 - rrsavings)
RrSavings (x32 Version: 1.0.0.0 - RrSavings) Hidden
SP-404SX Wave Converter (HKLM-x32\...\{119266B3-708B-4904-96E1-F43F5C115499}) (Version: 1.00.0014 - Roland Corporation)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.5300 - SRS Labs, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version: - )
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.5.500 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) (HKLM\...\F9FD5BBF579A4BFD40D38BE291F731666B27DC28) (Version: 07/17/2009 6.2.0.9403 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) (HKLM\...\2AA10AB519DC7432D599A0E860206A7DDCC27764) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500) (HKLM\...\0E74EB10C05C955C24243E6D3120CDC972FC5B1D) (Version: 06/11/2009 6.2.0.9500 - Broadcom)
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.1 - ASUS)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)
Zotero Standalone 4.0.15 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.15 (x86 en-US)) (Version: 4.0.15 - Zotero)
==================== Restore Points =========================
09-04-2014 22:32:52 Windows Update
16-04-2014 17:34:38 Revo Uninstaller's restore point - Search Protect
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-04-16 20:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0B839BEC-4D99-4E9E-B7F2-E9AB6AC8D5AB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-17] (Adobe Systems Incorporated)
Task: {1A99B99B-FCFE-4C99-BD52-3872AFBE5B54} - System32\Tasks\{ACA0D690-57BA-415F-A80A-0B5444BA69B3} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {1EEE263E-7220-4D8C-8647-A8E7EE654B5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28] (Google Inc.)
Task: {730A69CA-5B6A-4B3C-91F5-F5665FD23457} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {89D7C422-F3FF-4689-B0B4-E1EB1EB52CAB} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {8DC7B438-229A-4E43-BF23-3E505FEC1D22} - System32\Tasks\{9298421F-21E8-484F-A990-6278B0996F95} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.120.259/de/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;systemlevelpresent
Task: {8E3080AD-D7B8-4BDA-A1D5-284FBB0DCD1D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28] (Google Inc.)
Task: {902C3386-7F4A-4FB7-AEF0-3685B3BE4EEF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9C0CA9B9-A8CD-4946-87EB-0E87BEEC593B} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: {CB722210-763D-4A61-95A8-BC08033BA621} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {F4005F2F-7E26-4D42-BADB-7D7C4A912925} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-04-09] (ATK)
Task: {FD3222D2-3242-410B-9C9F-E7EC6B9CA424} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-03-06 15:52 - 2014-03-06 15:52 - 00171008 _____ () c:\Program Files\RrFilter\RrFilterService64.exe
2014-03-04 13:25 - 2014-03-04 13:25 - 00110080 _____ () c:\Program Files\RrFilter\nfapi.dll
2014-03-04 13:25 - 2014-03-04 13:25 - 00317952 _____ () c:\Program Files\RrFilter\ProtocolFilters.dll
2010-10-28 15:21 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-11-24 22:45 - 2009-11-24 22:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2010-01-11 19:27 - 2010-01-11 19:27 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2010-02-04 02:14 - 2010-02-04 02:14 - 00033792 _____ () C:\Program Files\P4G\OvrClk.dll
2008-10-01 08:02 - 2008-10-01 08:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-01-05 02:43 - 2010-01-05 02:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-03-16 03:48 - 2010-03-16 03:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2009-08-03 01:54 - 2009-08-03 01:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-03-16 03:48 - 2010-03-16 03:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-10-28 14:53 - 2010-10-28 14:53 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-10-28 14:53 - 2010-10-28 14:53 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2013-01-15 19:01 - 2013-07-07 16:28 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2010-05-04 16:36 - 2010-05-04 16:36 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-04-10 23:02 - 2014-04-02 03:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-10 23:02 - 2014-04-02 03:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-10 23:02 - 2014-04-02 03:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-10 23:02 - 2014-04-02 03:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-10 23:02 - 2014-04-02 03:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-10 23:02 - 2014-04-02 03:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-10 23:02 - 2014-04-02 03:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:3E7393FC
AlternateDataStreams: C:\ProgramData\TEMP:D20FFA63
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: NVIDIA GeForce GT 335M
Description: NVIDIA GeForce GT 335M
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvlddmkm
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-04-16 20:12:14.496
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-16 20:12:14.262
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 43%
Total physical RAM: 3884.49 MB
Available physical RAM: 2189.16 MB
Total Pagefile: 7767.16 MB
Available Pagefile: 5756.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:66.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:225.89 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=20 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=330 GB) - (Type=OF Extended)
==================== End Of Log ============================ |