Trojaner-Board - Bikiniland Trojaner erfolgreich entfernt?

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Bikiniland Trojaner erfolgreich entfernt? (https://www.trojaner-board.de/163794-bikiniland-trojaner-erfolgreich-entfernt.html)

Bikiniland Trojaner erfolgreich entfernt?

Hallo miteinander, ich habe mir den Filezilla von Sourgeforge herunterlegaden und damit offenbar auch die lästige Adware (oder gar Virus???) von Bikiniland. Da mein System ohnehin gerade noch recht jungfräulich war habe ich direkt alles bis auf Windows platt gemacht.

ich denke das ich das ätzende Ding los bin da sowohl Avast als auch Anti-Malewarebytes nicht mehr meckern und auch optisch alles wieder normal ist, aber hoffe dass jemand von euch vielleicht noch mal einen Blick auf meine Logdateien werfen kann damit ich mir sicher sein kann.

Ich bin nach der Anleitung hier im Forum vorgegangen und es hat alles soweit geklappt, außer GMER hat mir die Fehlermeldung ausgegeben:

Zitat:

C:/WINDOWS/System32/config/System: Der Prozess kann nicht auf die Datei zugreifen, da Sie von einem anderen Prozess verwendet wird.

solte ich mir deswegen Sorgen machen?

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

oh, danke das wusste ich nicht! ... ich wollte meinen Beitrag nicht unnötig lang machen!
Danke dass du dir die Arbeit machst und sogar von der Arbeit aus reinguckst! (y)

Additiontxt:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015

Ran by Vicky at 2015-02-09 20:14:33

Running from C:\Users\Vicky\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

AMD Catalyst Install Manager (HKLM\...\{BF821093-CFD3-EC1B-B357-6817EE34E5C7}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)

CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)

CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)

CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)

HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)

HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)

HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)

HydraVision (x32 Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)

Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

09-02-2015 18:16:08 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {01D5657C-2F4E-4A32-8CC6-C13F062CE033} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2012-07-26] (Microsoft Corporation)

Task: {07C5FCC2-E319-402A-986F-7E47F34B6CB0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-09] (AVAST Software)

Task: {1B18F98F-682C-4885-82A9-B765F1FF4826} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2012-07-13] (Hewlett-Packard)

Task: {463AA796-9B0C-4603-BDD4-B1540773F992} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)

Task: {98AC6C0A-DBB5-4D5C-9F49-4088B975D662} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)

Task: {ADC3D928-9B09-431F-A954-3AE72C0B64F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)

Task: {DE5252CC-CF36-4166-8C05-FD16973E2845} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
 

==================== Loaded Modules (whitelisted) ==============
 

2015-02-09 19:52 - 2015-02-09 19:52 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll

2015-02-09 19:52 - 2015-02-09 19:52 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll

2012-08-29 11:02 - 2012-08-29 11:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll

2012-08-29 11:02 - 2012-08-29 11:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll

2012-08-29 11:02 - 2012-08-29 11:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll

2015-02-09 19:57 - 2015-02-09 19:57 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15020900\algo.dll

2015-02-09 19:52 - 2015-02-09 19:52 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll

2015-02-09 20:01 - 2015-01-23 11:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2012-12-29 16:59 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2015-02-09 19:52 - 2015-02-09 19:52 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Registry Areas =====================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-2921824059-3396052717-1016763794-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-2921824059-3396052717-1016763794-500 - Administrator - Disabled)

Gast (S-1-5-21-2921824059-3396052717-1016763794-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2921824059-3396052717-1016763794-1003 - Limited - Enabled)

Vicky (S-1-5-21-2921824059-3396052717-1016763794-1001 - Administrator - Enabled) => C:\Users\Vicky
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (02/09/2015 08:14:35 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: ATI EEU Client event error
 

Error: (02/09/2015 08:14:20 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: ATI EEU Client event error
 

Error: (02/09/2015 08:14:05 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: ATI EEU Client event error
 

Error: (02/09/2015 08:13:50 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: ATI EEU Client event error
 

Error: (02/09/2015 08:13:35 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: ATI EEU Client event error
 

Error: (02/09/2015 08:13:22 PM) (Source: VSS) (EventID: 12294) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen einer Routine auf dem Schattenkopieanbieter "{b5946137-7b9f-4925-af80-51abd60b20d5}" ist ein Fehler aufgetreten. Die Routine hat E_INVALIDARG zurückgegeben.

Routinedetails GetSnapshot({00000000-0000-0000-0000-000000000000},000000EB6790C9C0).
 
 

Vorgang:

   Eigenschaften der Schattenkopie abrufen
 

Kontext:

   Ausführungskontext: Coordinator
 

Error: (02/09/2015 08:13:20 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: ATI EEU Client event error
 

Error: (02/09/2015 08:13:05 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: ATI EEU Client event error
 

Error: (02/09/2015 08:12:50 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: ATI EEU Client event error
 

Error: (02/09/2015 08:12:35 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: ATI EEU Client event error
 
 

System errors:

=============

Error: (02/09/2015 08:13:20 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)

Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
 

Error: (02/09/2015 08:13:13 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)

Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
 

Error: (02/09/2015 08:11:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Windows Update Aux
 

Error: (02/09/2015 08:10:28 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)

Description: 0xc000014d0
 

Error: (02/09/2015 08:08:39 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)

Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
 

Error: (02/09/2015 07:53:22 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus lautet: 900.
 

Error: (02/09/2015 06:40:39 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 11.
 

Error: (02/09/2015 06:39:50 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 11.
 

Error: (02/09/2015 06:39:34 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 11.
 

Error: (02/09/2015 05:58:00 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)

Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
 
 

Microsoft Office Sessions:

=========================

Error: (02/09/2015 08:14:35 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: 
 

Error: (02/09/2015 08:14:20 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: 
 

Error: (02/09/2015 08:14:05 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: 
 

Error: (02/09/2015 08:13:50 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: 
 

Error: (02/09/2015 08:13:35 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: 
 

Error: (02/09/2015 08:13:22 PM) (Source: VSS) (EventID: 12294) (User: )

Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000EB6790C9C0)
 

Vorgang:

   Eigenschaften der Schattenkopie abrufen
 

Kontext:

   Ausführungskontext: Coordinator
 

Error: (02/09/2015 08:13:20 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: 
 

Error: (02/09/2015 08:13:05 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: 
 

Error: (02/09/2015 08:12:50 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: 
 

Error: (02/09/2015 08:12:35 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: 
 
 

==================== Memory info =========================== 
 

Processor: AMD A10-5700 APU with Radeon(tm) HD Graphics 

Percentage of memory in use: 31%

Total physical RAM: 8087.3 MB

Available physical RAM: 5576.75 MB

Total Pagefile: 8487.3 MB

Available Pagefile: 5889.69 MB

Total Virtual: 8192 MB

Available Virtual: 8191.78 MB
 

==================== Drives ================================
 

Drive c: (OS) (Fixed) (Total:918.33 GB) (Free:889.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (Recovery Image) (Fixed) (Total:10.92 GB) (Free:1.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 3BBF4C74)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

Frst.txt:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015

Ran by Vicky (administrator) on VICKYSPC on 09-02-2015 20:13:49

Running from C:\Users\Vicky\Downloads

Loaded Profiles: Vicky (Available profiles: Vicky)

Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 10 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe

(Microsoft Corporation) C:\Windows\System32\mcbuilder.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-05] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-09] (AVAST Software)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4

HKU\S-1-5-21-2921824059-3396052717-1016763794-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4

HKU\S-1-5-21-2921824059-3396052717-1016763794-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4

SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM -> {CE3DFD69-FD7D-4582-98C9-5F4819BF8058} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM-x32 -> {CE3DFD69-FD7D-4582-98C9-5F4819BF8058} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKU\S-1-5-21-2921824059-3396052717-1016763794-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

SearchScopes: HKU\S-1-5-21-2921824059-3396052717-1016763794-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKU\S-1-5-21-2921824059-3396052717-1016763794-1001 -> {CE3DFD69-FD7D-4582-98C9-5F4819BF8058} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-2921824059-3396052717-1016763794-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\g78hzrth.default

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-09]
 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-09]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-09] (AVAST Software)

R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-09] (Avast Software)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]

R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-09] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-09] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-09] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-09] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-09] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-09] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-09] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-09] ()

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-09] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-09] (Avast Software)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-09 20:13 - 2015-02-09 20:14 - 00011135 _____ () C:\Users\Vicky\Downloads\FRST.txt

2015-02-09 20:13 - 2015-02-09 20:13 - 02132992 _____ (Farbar) C:\Users\Vicky\Downloads\FRST64.exe

2015-02-09 20:13 - 2015-02-09 20:13 - 00000000 ____D () C:\FRST

2015-02-09 20:09 - 2015-02-09 20:09 - 00000000 ____D () C:\sources

2015-02-09 20:05 - 2015-02-09 20:06 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\Mozilla

2015-02-09 20:05 - 2015-02-09 20:06 - 00000000 ____D () C:\Users\Vicky\AppData\Local\Mozilla

2015-02-09 20:02 - 2015-02-09 20:02 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-02-09 20:02 - 2015-02-09 20:02 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-02-09 20:02 - 2015-02-09 20:02 - 00000000 ____D () C:\ProgramData\Mozilla

2015-02-09 20:02 - 2015-02-09 20:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-02-09 20:01 - 2015-02-09 20:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-02-09 19:56 - 2015-02-09 19:56 - 00000472 _____ () C:\Users\Vicky\Desktop\defogger_disable.log

2015-02-09 19:56 - 2015-02-09 19:56 - 00000000 _____ () C:\Users\Vicky\defogger_reenable

2015-02-09 19:53 - 2015-02-09 19:53 - 00001966 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2015-02-09 19:53 - 2015-02-09 19:53 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox

2015-02-09 19:53 - 2015-02-09 19:53 - 00000000 ____D () C:\WINDOWS\system32\vbox

2015-02-09 19:53 - 2015-02-09 19:53 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\AVAST Software

2015-02-09 19:53 - 2015-02-09 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2015-02-09 19:52 - 2015-02-09 19:53 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys

2015-02-09 19:52 - 2015-02-09 19:53 - 00087912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys

2015-02-09 19:52 - 2015-02-09 19:53 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update

2015-02-09 19:52 - 2015-02-09 19:52 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2015-02-09 19:52 - 2015-02-09 19:52 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2015-02-09 19:52 - 2015-02-09 19:52 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys

2015-02-09 19:52 - 2015-02-09 19:52 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys

2015-02-09 19:52 - 2015-02-09 19:52 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys

2015-02-09 19:52 - 2015-02-09 19:52 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys

2015-02-09 19:52 - 2015-02-09 19:52 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

2015-02-09 19:52 - 2015-02-09 19:52 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys

2015-02-09 19:52 - 2015-02-09 19:52 - 00000000 ____D () C:\ProgramData\AVAST Software

2015-02-09 19:52 - 2015-02-09 19:52 - 00000000 ____D () C:\Program Files\AVAST Software

2015-02-09 19:51 - 2015-02-09 19:51 - 00000117 _____ () C:\WINDOWS\system32\netcfg-7067547.txt

2015-02-09 19:09 - 2015-02-09 19:51 - 00000117 _____ () C:\WINDOWS\system32\netcfg-4517742.txt

2015-02-09 18:48 - 2015-02-09 18:48 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3295661.txt

2015-02-09 18:48 - 2015-02-09 18:48 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3293461.txt

2015-02-09 18:16 - 2014-05-15 02:02 - 00059424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2015-02-09 18:16 - 2014-05-14 23:43 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2015-02-09 18:16 - 2014-05-14 23:43 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2015-02-09 18:16 - 2014-05-14 23:43 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2015-02-09 18:16 - 2014-05-14 23:42 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2015-02-09 18:16 - 2013-08-16 06:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

2015-02-09 18:16 - 2012-11-06 05:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll

2015-02-09 18:16 - 2012-11-06 05:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wushareduxresources.dll

2015-02-09 18:02 - 2015-02-09 18:02 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\ATI

2015-02-09 18:02 - 2015-02-09 18:02 - 00000000 ____D () C:\Users\Vicky\AppData\Local\ATI

2015-02-09 18:01 - 2015-02-09 20:11 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-02-09 18:01 - 2015-02-09 18:01 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-02-09 18:01 - 2015-02-09 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-09 18:01 - 2015-02-09 18:01 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-09 18:01 - 2015-02-09 18:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-09 18:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-02-09 18:01 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-02-09 18:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-02-09 17:59 - 2015-02-09 17:59 - 00000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

2015-02-09 17:59 - 2015-02-09 17:59 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\Macromedia

2015-02-09 17:58 - 2015-02-09 17:58 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\Hewlett-Packard

2015-02-09 17:58 - 2015-02-09 17:58 - 00000000 ____D () C:\Users\Vicky\AppData\Local\Hewlett-Packard

2015-02-09 17:57 - 2015-02-09 17:57 - 00001444 _____ () C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-02-09 17:57 - 2015-02-09 17:57 - 00000000 __RSH () C:\WINDOWS\SysWOW64\Drivers\103C_HP_cPC_p6-2352eg_Y53316J_0U_QCZC2523PHF_E12CE3RR8606_4A_I2AE0_SMSI_V1.0_B8.12_T121105_W8101-0_L407_M8088_J1000_7AMD_8F01_93.40_#121229_N19691091_Z_G1002675D_Ohp DVD-RAM SW820_DSAM0B67.MRK

2015-02-09 17:57 - 2015-02-09 17:57 - 00000000 __RSH () C:\WINDOWS\system32\Drivers\103C_HP_cPC_p6-2352eg_Y53316J_0U_QCZC2523PHF_E12CE3RR8606_4A_I2AE0_SMSI_V1.0_B8.12_T121105_W8101-0_L407_M8088_J1000_7AMD_8F01_93.40_#121229_N19691091_Z_G1002675D_Ohp DVD-RAM SW820_DSAM0B67.MRK

2015-02-09 17:57 - 2015-02-09 17:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services

2015-02-09 17:57 - 2015-02-09 17:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2015-02-09 17:57 - 2015-02-09 17:57 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD

2015-02-09 17:57 - 2015-02-09 17:57 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\Adobe

2015-02-09 17:57 - 2015-02-09 17:57 - 00000000 ____D () C:\Users\Vicky\AppData\Local\Power2Go8

2015-02-09 17:57 - 2012-12-29 17:07 - 00002195 _____ () C:\Users\Public\Desktop\eBay.lnk

2015-02-09 17:57 - 2012-12-29 17:06 - 00002221 _____ () C:\Users\Public\Desktop\Snapfish Fotos.lnk

2015-02-09 17:56 - 2015-02-09 20:11 - 00532208 _____ () C:\WINDOWS\WindowsUpdate.log

2015-02-09 17:56 - 2015-02-09 19:56 - 00000000 ____D () C:\Users\Vicky

2015-02-09 17:56 - 2015-02-09 17:57 - 00000000 ____D () C:\Users\Vicky\AppData\Local\Packages

2015-02-09 17:56 - 2015-02-09 17:56 - 00000020 ___SH () C:\Users\Vicky\ntuser.ini

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Vorlagen

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Startmenü

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Netzwerkumgebung

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Lokale Einstellungen

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Eigene Dateien

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Druckumgebung

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Documents\Eigene Musik

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Documents\Eigene Bilder

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\AppData\Local\Verlauf

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\AppData\Local\Anwendungsdaten

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Anwendungsdaten

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 ____D () C:\Users\Vicky\AppData\Local\VirtualStore

2015-02-09 17:56 - 2012-12-29 16:50 - 00000000 ___HD () C:\Users\Vicky\Documents\hp.system.package.metadata

2015-02-09 17:56 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-02-09 17:56 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-02-09 17:56 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2015-02-09 17:56 - 2012-07-26 09:13 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-02-09 17:55 - 2015-02-09 17:55 - 00000117 _____ () C:\WINDOWS\system32\netcfg-108483.txt

2015-02-09 17:55 - 2015-02-09 17:55 - 00000117 _____ () C:\WINDOWS\system32\netcfg-105987.txt

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Vorlagen

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Startmenü

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Druckumgebung

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Programme

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\ProgramData\Vorlagen

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\ProgramData\Startmenü

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\ProgramData\Dokumente

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Dokumente und Einstellungen

2015-02-09 17:51 - 2015-02-09 17:51 - 00000000 _____ () C:\Recovery.txt
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-09 20:10 - 2012-12-29 17:08 - 00000000 ____D () C:\ProgramData\Norton

2015-02-09 20:10 - 2012-08-01 18:02 - 00672218 _____ () C:\WINDOWS\PFRO.log

2015-02-09 20:10 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-02-09 20:10 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2015-02-09 20:09 - 2012-07-26 10:45 - 00000000 ____D () C:\Program Files\Windows Journal

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\system32\winrm

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\system32\WCN

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\system32\slmgr

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\WinStore

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\inetsrv

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\MUI

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\migwiz

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\inetsrv

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\en-GB

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\Com

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\System

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2015-02-09 20:09 - 2012-07-26 06:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe

2015-02-09 20:09 - 2012-07-26 06:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism

2015-02-09 20:09 - 2012-07-26 06:38 - 00000000 ____D () C:\WINDOWS\system32\Sysprep

2015-02-09 20:09 - 2012-07-26 06:38 - 00000000 ____D () C:\WINDOWS\system32\oobe

2015-02-09 20:09 - 2012-07-26 06:38 - 00000000 ____D () C:\WINDOWS\system32\Dism

2015-02-09 20:09 - 2012-07-26 06:37 - 00000000 ____D () C:\WINDOWS\servicing

2015-02-09 20:08 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP

2015-02-09 20:08 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-02-09 20:08 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM

2015-02-09 20:00 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-02-09 18:31 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache

2015-02-09 18:16 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\restore

2015-02-09 18:01 - 2012-12-30 01:41 - 00745562 _____ () C:\WINDOWS\system32\perfh007.dat

2015-02-09 18:01 - 2012-12-30 01:41 - 00169488 _____ () C:\WINDOWS\system32\perfc007.dat

2015-02-09 18:01 - 2012-07-26 08:28 - 01752656 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-02-09 17:57 - 2012-12-29 17:07 - 00000000 ___RD () C:\Program Files\Online Services

2015-02-09 17:57 - 2012-12-29 16:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools

2015-02-09 17:57 - 2012-12-29 16:57 - 00000000 ___RD () C:\Program Files (x86)\Online Services

2015-02-09 17:57 - 2012-12-29 16:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection

2015-02-09 17:57 - 2012-12-29 16:54 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

2015-02-09 17:57 - 2012-10-12 17:51 - 00000000 _RSHD () C:\hp

2015-02-09 17:57 - 2012-08-02 04:15 - 00000000 ____D () C:\SWSETUP

2015-02-09 17:57 - 2012-08-02 03:02 - 00000000 ____D () C:\WINDOWS\Panther

2015-02-09 17:57 - 2012-08-01 10:57 - 00000000 _RSHD () C:\system.sav

2015-02-09 17:57 - 2012-07-26 09:12 - 00000000 __SHD () C:\Program Files\Windows Sidebar

2015-02-09 17:57 - 2012-07-26 08:21 - 00030386 _____ () C:\WINDOWS\setupact.log

2015-02-09 17:54 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows NT

2015-02-09 17:54 - 2012-07-26 06:37 - 00000000 __RHD () C:\Users\Default

2015-02-09 17:53 - 2012-08-01 18:09 - 00009068 _____ () C:\WINDOWS\iis.log

2015-02-09 17:53 - 2012-07-26 09:13 - 00003608 _____ () C:\WINDOWS\DtcInstall.log

2015-02-09 17:52 - 2012-07-26 08:19 - 00295920 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2015-02-09 17:51 - 2012-07-26 09:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
 

==================== Files in the root of some directories =======
 

2015-02-09 17:59 - 2015-02-09 17:59 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2012-08-01 18:02
 

==================== End Of Log ============================

--- --- ---

--- --- ---

gmer.log:

Code:

GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2015-02-09 20:20:58

Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002e ST1000DM003-9YN162 rev.HP16 931,51GB

Running: Gmer-19357.exe; Driver: C:\Users\Vicky\AppData\Local\Temp\kwloypoc.sys
 
 

---- User code sections - GMER 2.1 ----
 

.text    C:\WINDOWS\system32\atiesrxx.exe[424] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                                                                     000007f88c98177a 4 bytes [98, 8C, F8, 07]

.text    C:\WINDOWS\system32\atiesrxx.exe[424] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                                                                     000007f88c981782 4 bytes [98, 8C, F8, 07]

.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2508] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                                      000007f88c98177a 4 bytes [98, 8C, F8, 07]

.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2508] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                                      000007f88c981782 4 bytes [98, 8C, F8, 07]

.text    C:\WINDOWS\system32\atieclxx.exe[2796] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                                                                    000007f88c98177a 4 bytes [98, 8C, F8, 07]

.text    C:\WINDOWS\system32\atieclxx.exe[2796] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                                                                    000007f88c981782 4 bytes [98, 8C, F8, 07]

.text    C:\WINDOWS\system32\atieclxx.exe[2796] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 742                                                                                                                                                                  000007f8881f1b32 4 bytes [1F, 88, F8, 07]

.text    C:\WINDOWS\system32\atieclxx.exe[2796] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 750                                                                                                                                                                  000007f8881f1b3a 4 bytes [1F, 88, F8, 07]

.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[784] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 306                                                                                              000007f88c98177a 4 bytes [98, 8C, F8, 07]

.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[784] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 314                                                                                              000007f88c981782 4 bytes [98, 8C, F8, 07]

.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[5096] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742                                                                                                                                                000007f8881f1b32 4 bytes [1F, 88, F8, 07]

.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[5096] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750                                                                                                                                                000007f8881f1b3a 4 bytes [1F, 88, F8, 07]

.text    C:\Program Files\AVAST Software\Avast\ng\ngtool.exe[4356] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                                                 000007f88c98177a 4 bytes [98, 8C, F8, 07]

.text    C:\Program Files\AVAST Software\Avast\ng\ngtool.exe[4356] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                                                 000007f88c981782 4 bytes [98, 8C, F8, 07]

.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[4352] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 306                                                                                                000007f88c98177a 4 bytes [98, 8C, F8, 07]

.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[4352] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 314                                                                                                000007f88c981782 4 bytes [98, 8C, F8, 07]
 

---- Threads - GMER 2.1 ----
 

Thread   C:\WINDOWS\system32\csrss.exe [628:652]                                                                                                                                                                                                                fffff960009ad5e8

---- Processes - GMER 2.1 ----
 

Library  C:\Users\Vicky\AppData\Local\assembly\dl3\XQVGTVZW.VJT\ZW76VZX7.24R\606d2416\00bdb15a_cd85cd01\HPSeeker.DLL (*** suspicious ***) @ c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe [4352] (FILE NOT FOUND)        000000001bc60000

Library  C:\Users\Vicky\AppData\Local\assembly\dl3\XQVGTVZW.VJT\ZW76VZX7.24R\9511490d\00bdb15a_cd85cd01\HPSwitchBoard.DLL (*** suspicious ***) @ c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe [4352] (FILE NOT FOUND)   000000001c110000

Library  C:\Users\Vicky\AppData\Local\assembly\dl3\XQVGTVZW.VJT\ZW76VZX7.24R\3a6301fc\0017145d_cd85cd01\HPItunesModule.DLL (*** suspicious ***) @ c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe [4352] (FILE NOT FOUND)  000000001c270000

Library  C:\Users\Vicky\AppData\Local\assembly\dl3\XQVGTVZW.VJT\ZW76VZX7.24R\e42ed3f3\00eae25b_cd85cd01\HPWMCModule.DLL (*** suspicious ***) @ c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe [4352] (FILE NOT FOUND)     000000001cc30000

Library  C:\Users\Vicky\AppData\Local\assembly\dl3\XQVGTVZW.VJT\ZW76VZX7.24R\9d42668a\00bdb15a_cd85cd01\HPWMPModule.DLL (*** suspicious ***) @ c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe [4352] (FILE NOT FOUND)     000000001d4b0000
 

---- Disk sectors - GMER 2.1 ----
 

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                                                  unknown MBR code
 

---- EOF - GMER 2.1 ----

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Danke für eure Hilfe!
Also hier was AdWare Cleaner sagt:

Code:

# AdwCleaner v4.110 - Bericht erstellt 10/02/2015 um 16:38:57

# Aktualisiert 05/02/2015 von Xplode

# Datenbank : 2015-02-09.1 [Server]

# Betriebssystem : Windows 8  (x64)

# Benutzername : Vicky - VICKYSPC

# Gestarted von : C:\Users\Vicky\Downloads\AdwCleaner_4.110.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
 

***** [ Geplante Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v10.0.9200.16384
 
 

-\\ Mozilla Firefox v35.0.1 (x86 de)
 
 

*************************
 

AdwCleaner[R0].txt - [1782 Bytes] - [10/02/2015 16:35:20]

AdwCleaner[S0].txt - [1328 Bytes] - [10/02/2015 16:38:57]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1387  Bytes] ##########

JTR:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.2 (02.02.2015:1)

OS: Windows 8 x64

Ran by Vicky on 10.02.2015 at 16:41:25,16

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 10.02.2015 at 16:45:24,02

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und FRST:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015

Ran by Vicky (administrator) on VICKYSPC on 10-02-2015 16:46:33

Running from C:\Users\Vicky\Downloads

Loaded Profiles: Vicky (Available profiles: Vicky)

Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 10 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-05] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-09] (AVAST Software)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4

HKU\S-1-5-21-2921824059-3396052717-1016763794-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4

HKU\S-1-5-21-2921824059-3396052717-1016763794-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4

SearchScopes: HKLM -> {CE3DFD69-FD7D-4582-98C9-5F4819BF8058} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 -> {CE3DFD69-FD7D-4582-98C9-5F4819BF8058} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2921824059-3396052717-1016763794-1001 -> {CE3DFD69-FD7D-4582-98C9-5F4819BF8058} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-2921824059-3396052717-1016763794-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\g78hzrth.default

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Extension: Adblock Plus - C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\g78hzrth.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-09]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-09]
 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-09]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-09] (AVAST Software)

R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-09] (Avast Software)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]

R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)

S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-09] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-09] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-09] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-09] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-09] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-09] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-09] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-09] ()

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-09] (Avast Software)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-10 16:46 - 2015-02-10 16:46 - 00000760 _____ () C:\Users\Vicky\Desktop\JRT2.txt

2015-02-10 16:45 - 2015-02-10 16:45 - 00000760 _____ () C:\Users\Vicky\Desktop\JRT.txt

2015-02-10 16:40 - 2015-02-10 16:40 - 00001483 _____ () C:\Users\Vicky\Desktop\AdwCleaner[S0].txt

2015-02-10 16:35 - 2015-02-10 16:38 - 00000000 ____D () C:\AdwCleaner

2015-02-10 16:34 - 2015-02-10 16:35 - 01388274 _____ (Thisisu) C:\Users\Vicky\Downloads\JRT.exe

2015-02-10 16:34 - 2015-02-10 16:34 - 02112512 _____ () C:\Users\Vicky\Downloads\AdwCleaner_4.110.exe

2015-02-10 16:32 - 2015-02-10 16:32 - 00000117 _____ () C:\WINDOWS\system32\netcfg-73346787.txt

2015-02-09 22:33 - 2015-02-09 22:33 - 00000117 _____ () C:\WINDOWS\system32\netcfg-8576326.txt

2015-02-09 21:00 - 2015-02-09 21:00 - 01142128 _____ () C:\Users\Vicky\Downloads\SteamSetup.exe

2015-02-09 20:45 - 2015-02-09 20:45 - 00000117 _____ () C:\WINDOWS\system32\netcfg-2095873.txt

2015-02-09 20:32 - 2015-02-09 20:32 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1306414.txt

2015-02-09 20:20 - 2015-02-09 20:20 - 00007139 _____ () C:\Users\Vicky\Downloads\gmer.txt

2015-02-09 20:20 - 2015-02-09 20:20 - 00000117 _____ () C:\WINDOWS\system32\netcfg-614035.txt

2015-02-09 20:19 - 2015-02-09 20:19 - 00007139 _____ () C:\Users\Vicky\Downloads\gmer.log

2015-02-09 20:16 - 2015-02-09 20:16 - 00000117 _____ () C:\WINDOWS\system32\netcfg-356852.txt

2015-02-09 20:15 - 2015-02-09 20:15 - 00380416 _____ () C:\Users\Vicky\Downloads\Gmer-19357.exe

2015-02-09 20:14 - 2015-02-09 20:14 - 00016995 _____ () C:\Users\Vicky\Downloads\Addition.txt

2015-02-09 20:13 - 2015-02-10 16:46 - 00009853 _____ () C:\Users\Vicky\Downloads\FRST.txt

2015-02-09 20:13 - 2015-02-10 16:46 - 00000000 ____D () C:\FRST

2015-02-09 20:13 - 2015-02-09 20:13 - 02132992 _____ (Farbar) C:\Users\Vicky\Downloads\FRST64.exe

2015-02-09 20:09 - 2015-02-09 20:09 - 00000000 ____D () C:\sources

2015-02-09 20:05 - 2015-02-09 20:06 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\Mozilla

2015-02-09 20:05 - 2015-02-09 20:06 - 00000000 ____D () C:\Users\Vicky\AppData\Local\Mozilla

2015-02-09 20:02 - 2015-02-09 20:02 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-02-09 20:02 - 2015-02-09 20:02 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-02-09 20:02 - 2015-02-09 20:02 - 00000000 ____D () C:\ProgramData\Mozilla

2015-02-09 20:02 - 2015-02-09 20:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-02-09 20:01 - 2015-02-09 20:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-02-09 19:56 - 2015-02-09 19:56 - 00000472 _____ () C:\Users\Vicky\Desktop\defogger_disable.log

2015-02-09 19:56 - 2015-02-09 19:56 - 00000000 _____ () C:\Users\Vicky\defogger_reenable

2015-02-09 19:53 - 2015-02-09 19:53 - 00001966 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2015-02-09 19:53 - 2015-02-09 19:53 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox

2015-02-09 19:53 - 2015-02-09 19:53 - 00000000 ____D () C:\WINDOWS\system32\vbox

2015-02-09 19:53 - 2015-02-09 19:53 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\AVAST Software

2015-02-09 19:53 - 2015-02-09 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2015-02-09 19:52 - 2015-02-09 19:53 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys

2015-02-09 19:52 - 2015-02-09 19:53 - 00087912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys

2015-02-09 19:52 - 2015-02-09 19:53 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update

2015-02-09 19:52 - 2015-02-09 19:52 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2015-02-09 19:52 - 2015-02-09 19:52 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2015-02-09 19:52 - 2015-02-09 19:52 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys

2015-02-09 19:52 - 2015-02-09 19:52 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys

2015-02-09 19:52 - 2015-02-09 19:52 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys

2015-02-09 19:52 - 2015-02-09 19:52 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys

2015-02-09 19:52 - 2015-02-09 19:52 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

2015-02-09 19:52 - 2015-02-09 19:52 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys

2015-02-09 19:52 - 2015-02-09 19:52 - 00000000 ____D () C:\ProgramData\AVAST Software

2015-02-09 19:52 - 2015-02-09 19:52 - 00000000 ____D () C:\Program Files\AVAST Software

2015-02-09 19:51 - 2015-02-09 19:51 - 00000117 _____ () C:\WINDOWS\system32\netcfg-7067547.txt

2015-02-09 19:09 - 2015-02-09 19:51 - 00000117 _____ () C:\WINDOWS\system32\netcfg-4517742.txt

2015-02-09 18:48 - 2015-02-09 18:48 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3295661.txt

2015-02-09 18:48 - 2015-02-09 18:48 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3293461.txt

2015-02-09 18:16 - 2014-05-20 03:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2015-02-09 18:16 - 2014-05-20 00:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2015-02-09 18:16 - 2014-05-20 00:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2015-02-09 18:16 - 2014-05-20 00:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2015-02-09 18:16 - 2014-05-20 00:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2015-02-09 18:16 - 2014-05-20 00:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2015-02-09 18:16 - 2014-05-20 00:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2015-02-09 18:16 - 2014-05-20 00:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2015-02-09 18:16 - 2014-05-20 00:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2015-02-09 18:16 - 2014-05-14 23:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll

2015-02-09 18:16 - 2014-05-14 23:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

2015-02-09 18:16 - 2014-05-14 23:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll

2015-02-09 18:16 - 2014-05-14 23:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe

2015-02-09 18:16 - 2013-08-16 06:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2015-02-09 18:16 - 2013-08-16 06:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

2015-02-09 18:16 - 2013-08-15 23:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll

2015-02-09 18:16 - 2012-11-06 05:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll

2015-02-09 18:16 - 2012-11-06 05:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wushareduxresources.dll

2015-02-09 18:02 - 2015-02-09 18:02 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\ATI

2015-02-09 18:02 - 2015-02-09 18:02 - 00000000 ____D () C:\Users\Vicky\AppData\Local\ATI

2015-02-09 18:01 - 2015-02-09 20:11 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-02-09 18:01 - 2015-02-09 18:01 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-02-09 18:01 - 2015-02-09 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-09 18:01 - 2015-02-09 18:01 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-09 18:01 - 2015-02-09 18:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-09 18:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-02-09 18:01 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-02-09 18:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-02-09 17:59 - 2015-02-09 17:59 - 00000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

2015-02-09 17:59 - 2015-02-09 17:59 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\Macromedia

2015-02-09 17:58 - 2015-02-09 17:58 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\Hewlett-Packard

2015-02-09 17:58 - 2015-02-09 17:58 - 00000000 ____D () C:\Users\Vicky\AppData\Local\Hewlett-Packard

2015-02-09 17:57 - 2015-02-09 17:57 - 00001444 _____ () C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-02-09 17:57 - 2015-02-09 17:57 - 00000000 __RSH () C:\WINDOWS\SysWOW64\Drivers\103C_HP_cPC_p6-2352eg_Y53316J_0U_QCZC2523PHF_E12CE3RR8606_4A_I2AE0_SMSI_V1.0_B8.12_T121105_W8101-0_L407_M8088_J1000_7AMD_8F01_93.40_#121229_N19691091_Z_G1002675D_Ohp DVD-RAM SW820_DSAM0B67.MRK

2015-02-09 17:57 - 2015-02-09 17:57 - 00000000 __RSH () C:\WINDOWS\system32\Drivers\103C_HP_cPC_p6-2352eg_Y53316J_0U_QCZC2523PHF_E12CE3RR8606_4A_I2AE0_SMSI_V1.0_B8.12_T121105_W8101-0_L407_M8088_J1000_7AMD_8F01_93.40_#121229_N19691091_Z_G1002675D_Ohp DVD-RAM SW820_DSAM0B67.MRK

2015-02-09 17:57 - 2015-02-09 17:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services

2015-02-09 17:57 - 2015-02-09 17:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2015-02-09 17:57 - 2015-02-09 17:57 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD

2015-02-09 17:57 - 2015-02-09 17:57 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\Adobe

2015-02-09 17:57 - 2015-02-09 17:57 - 00000000 ____D () C:\Users\Vicky\AppData\Local\Power2Go8

2015-02-09 17:57 - 2012-12-29 17:06 - 00002221 _____ () C:\Users\Public\Desktop\Snapfish Fotos.lnk

2015-02-09 17:56 - 2015-02-10 16:39 - 00648166 _____ () C:\WINDOWS\WindowsUpdate.log

2015-02-09 17:56 - 2015-02-09 19:56 - 00000000 ____D () C:\Users\Vicky

2015-02-09 17:56 - 2015-02-09 17:57 - 00000000 ____D () C:\Users\Vicky\AppData\Local\Packages

2015-02-09 17:56 - 2015-02-09 17:56 - 00000020 ___SH () C:\Users\Vicky\ntuser.ini

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Vorlagen

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Startmenü

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Netzwerkumgebung

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Lokale Einstellungen

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Eigene Dateien

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Druckumgebung

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Documents\Eigene Musik

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Documents\Eigene Bilder

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\AppData\Local\Verlauf

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\AppData\Local\Anwendungsdaten

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Anwendungsdaten

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 ____D () C:\Users\Vicky\AppData\Local\VirtualStore

2015-02-09 17:56 - 2012-12-29 16:50 - 00000000 ___HD () C:\Users\Vicky\Documents\hp.system.package.metadata

2015-02-09 17:56 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-02-09 17:56 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-02-09 17:56 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2015-02-09 17:56 - 2012-07-26 09:13 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-02-09 17:55 - 2015-02-09 17:55 - 00000117 _____ () C:\WINDOWS\system32\netcfg-108483.txt

2015-02-09 17:55 - 2015-02-09 17:55 - 00000117 _____ () C:\WINDOWS\system32\netcfg-105987.txt

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Vorlagen

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Startmenü

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Druckumgebung

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Programme

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\ProgramData\Vorlagen

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\ProgramData\Startmenü

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\ProgramData\Dokumente

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Dokumente und Einstellungen

2015-02-09 17:51 - 2015-02-09 17:51 - 00000000 _____ () C:\Recovery.txt
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-10 16:46 - 2012-12-30 01:41 - 00745562 _____ () C:\WINDOWS\system32\perfh007.dat

2015-02-10 16:46 - 2012-12-30 01:41 - 00169488 _____ () C:\WINDOWS\system32\perfc007.dat

2015-02-10 16:46 - 2012-07-26 08:28 - 01752656 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-02-10 16:39 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-02-10 16:39 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-02-10 16:39 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2015-02-10 16:32 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-02-09 20:25 - 2012-08-02 03:02 - 00000000 ____D () C:\WINDOWS\Panther

2015-02-09 20:15 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache

2015-02-09 20:10 - 2012-12-29 17:08 - 00000000 ____D () C:\ProgramData\Norton

2015-02-09 20:10 - 2012-08-01 18:02 - 00672218 _____ () C:\WINDOWS\PFRO.log

2015-02-09 20:09 - 2012-07-26 10:45 - 00000000 ____D () C:\Program Files\Windows Journal

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\system32\winrm

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\system32\WCN

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\system32\slmgr

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\WinStore

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\inetsrv

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\MUI

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\migwiz

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\inetsrv

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\en-GB

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\Com

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\System

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2015-02-09 20:09 - 2012-07-26 06:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe

2015-02-09 20:09 - 2012-07-26 06:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism

2015-02-09 20:09 - 2012-07-26 06:38 - 00000000 ____D () C:\WINDOWS\system32\Sysprep

2015-02-09 20:09 - 2012-07-26 06:38 - 00000000 ____D () C:\WINDOWS\system32\oobe

2015-02-09 20:09 - 2012-07-26 06:38 - 00000000 ____D () C:\WINDOWS\system32\Dism

2015-02-09 20:09 - 2012-07-26 06:37 - 00000000 ____D () C:\WINDOWS\servicing

2015-02-09 20:08 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP

2015-02-09 20:08 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM

2015-02-09 18:16 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\restore

2015-02-09 17:57 - 2012-12-29 17:07 - 00000000 ___RD () C:\Program Files\Online Services

2015-02-09 17:57 - 2012-12-29 16:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools

2015-02-09 17:57 - 2012-12-29 16:57 - 00000000 ___RD () C:\Program Files (x86)\Online Services

2015-02-09 17:57 - 2012-12-29 16:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection

2015-02-09 17:57 - 2012-12-29 16:54 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

2015-02-09 17:57 - 2012-10-12 17:51 - 00000000 _RSHD () C:\hp

2015-02-09 17:57 - 2012-08-02 04:15 - 00000000 ____D () C:\SWSETUP

2015-02-09 17:57 - 2012-08-01 10:57 - 00000000 _RSHD () C:\system.sav

2015-02-09 17:57 - 2012-07-26 09:12 - 00000000 __SHD () C:\Program Files\Windows Sidebar

2015-02-09 17:57 - 2012-07-26 08:21 - 00030386 _____ () C:\WINDOWS\setupact.log

2015-02-09 17:54 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows NT

2015-02-09 17:54 - 2012-07-26 06:37 - 00000000 __RHD () C:\Users\Default

2015-02-09 17:53 - 2012-08-01 18:09 - 00009068 _____ () C:\WINDOWS\iis.log

2015-02-09 17:53 - 2012-07-26 09:13 - 00003608 _____ () C:\WINDOWS\DtcInstall.log

2015-02-09 17:52 - 2012-07-26 08:19 - 00295920 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2015-02-09 17:51 - 2012-07-26 09:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
 

==================== Files in the root of some directories =======
 

2015-02-09 17:59 - 2015-02-09 17:59 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 

Some content of TEMP:

====================

C:\Users\Vicky\AppData\Local\Temp\Quarantine.exe

C:\Users\Vicky\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2012-08-01 18:02
 

==================== End Of Log ============================

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Danke für deine Hilfe schrauber :-)
Eset: (Dive Image XML, camstudio und poweroff habe ich aber bewusst installiert... warum wurden die als schädlich erkannt, kann mir das jemand erklären :-O? )

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=c0b32598ceb23c40bf8330fb3abe3ee6

# engine=22422

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2015-02-11 04:42:36

# local_time=2015-02-11 05:42:36 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.2.9200 NT 

# compatibility_mode_1='avast! Antivirus'

# compatibility_mode=783 16777213 71 94 167529 168633 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 167595 83179067 0 0

# scanned=661297

# found=8

# cleaned=8

# scan_time=4132

sh=7EAD0B53E5C6AD729D6C96677B38A54D9BA10030 ft=1 fh=2d62ebf695327e80 vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Vicky\Downloads\DriveImage-XML-lnstall.exe"

sh=A2ACB8E90D3CC1C20496CA5187001CCCEEFD280B ft=1 fh=586203d46ff50526 vn="Variante von Win32/SmartTweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe"

sh=3E634103BD31C73F775C36E1DCD55915C6094767 ft=1 fh=ace1c6a2992c1c38 vn="Variante von Win32/SmartTweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Users\Vicky\AppData\Local\Temp\FixMyRegistry.exe"

sh=30457F7CFBCDA8749B9CD92F573741C817F1503F ft=1 fh=28278fd3183d6da2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Users\Vicky\AppData\Local\Temp\DMR\dmr_72.exe"

sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Users\Vicky\AppData\Roaming\OpenCandy\319E0DD6D6BB493B9A6174762B93EFCC\sp-downloader.exe"

sh=D29DF7DEEC36C93176477BAD995DC969AFE433CE ft=1 fh=46f386413c8ae390 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Users\Vicky\Downloads\CamStudio - CHIP-Installer.exe"

sh=7DEE5107D20BF893E314A425C9A441194E1ACC45 ft=1 fh=9216ef503bd48530 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Users\Vicky\Downloads\Poweroff - CHIP-Installer.exe"

sh=3B3F123A894D3C688A33C8A752A0B175CB6403E3 ft=1 fh=b3d88ed49a5286db vn="Variante von Win32/SmartTweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\Users\Vicky\Downloads\UpdateMyDrivers.exe"

checkup:

Code:

 Results of screen317's Security Check version 0.99.96  

   x64 (UAC is enabled)  

 Internet Explorer 10 Out of date! 
 ``````````````Antivirus/Firewall Check:`````````````` 

Windows Defender   

avast! Antivirus   

 Antivirus up to date!   
 `````````Anti-malware/Other Utilities Check:````````` 

  Java 64-bit 8 Update 31  

 Mozilla Firefox (35.0.1) 
 ````````Process Check: objlist.exe by Laurent````````  

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 

 AVAST Software Avast ng ngservice.exe 

 AVAST Software Avast avastui.exe  
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 
 ````````````````````End of Log``````````````````````

FRST:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 01

Ran by Vicky (administrator) on VICKYSPC on 11-02-2015 17:49:06

Running from C:\Users\Vicky\Downloads

Loaded Profiles: Vicky (Available profiles: Vicky)

Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 10 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-05] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-09] (AVAST Software)

HKU\S-1-5-21-2921824059-3396052717-1016763794-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4

HKU\S-1-5-21-2921824059-3396052717-1016763794-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4

HKU\S-1-5-21-2921824059-3396052717-1016763794-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4

SearchScopes: HKLM -> {CE3DFD69-FD7D-4582-98C9-5F4819BF8058} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 -> {CE3DFD69-FD7D-4582-98C9-5F4819BF8058} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2921824059-3396052717-1016763794-1001 -> {CE3DFD69-FD7D-4582-98C9-5F4819BF8058} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-2921824059-3396052717-1016763794-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\g78hzrth.default

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Extension: Adblock Plus - C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\g78hzrth.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-09]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-09]
 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-09]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-09] (AVAST Software)

R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-09] (Avast Software)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]

R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)

S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-09] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-09] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-09] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-09] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-09] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-09] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-09] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-09] ()

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-09] (Avast Software)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-11 17:49 - 2015-02-11 17:49 - 00000000 ____D () C:\Users\Vicky\Downloads\FRST-OlderVersion

2015-02-11 17:44 - 2015-02-11 17:44 - 00852594 _____ () C:\Users\Vicky\Downloads\SecurityCheck.exe

2015-02-11 16:29 - 2015-02-11 16:29 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-02-11 16:28 - 2015-02-11 16:28 - 02347384 _____ (ESET) C:\Users\Vicky\Downloads\esetsmartinstaller_deu.exe

2015-02-11 16:24 - 2015-02-11 16:24 - 00000117 _____ () C:\WINDOWS\system32\netcfg-85490029.txt

2015-02-11 06:52 - 2015-02-11 06:52 - 00000117 _____ () C:\WINDOWS\system32\netcfg-51194910.txt

2015-02-11 06:49 - 2015-02-11 06:49 - 00000117 _____ () C:\WINDOWS\system32\netcfg-51008177.txt

2015-02-11 06:49 - 2015-02-11 06:49 - 00000117 _____ () C:\WINDOWS\system32\netcfg-51006102.txt

2015-02-10 22:12 - 2015-02-10 22:13 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1

2015-02-10 22:12 - 2015-02-10 22:12 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk

2015-02-10 22:12 - 2015-02-10 22:12 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4

2015-02-10 21:40 - 2015-02-10 21:40 - 00000000 ____D () C:\Users\Vicky\Desktop\OpenOffice 4.1.1 (de) Installation Files

2015-02-10 21:14 - 2015-02-10 21:39 - 164858324 _____ () C:\Users\Vicky\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe

2015-02-10 20:46 - 2015-02-10 20:46 - 00000000 ____D () C:\WINDOWS\system32\MRT

2015-02-10 20:46 - 2014-12-31 13:12 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-02-10 20:02 - 2015-02-10 20:02 - 00000117 _____ () C:\WINDOWS\system32\netcfg-12163694.txt

2015-02-10 19:11 - 2015-02-10 20:02 - 00000117 _____ () C:\WINDOWS\system32\netcfg-9096028.txt

2015-02-10 18:56 - 2015-02-10 18:57 - 00000000 ____D () C:\Program Files (x86)\DriveImage XML

2015-02-10 18:56 - 2015-02-10 18:56 - 00000960 _____ () C:\Users\Public\Desktop\DriveImage XML.lnk

2015-02-10 18:56 - 2015-02-10 18:56 - 00000000 ____D () C:\Users\Vicky\Downloads\DriveImage-XML

2015-02-10 18:56 - 2015-02-10 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software

2015-02-10 18:42 - 2015-02-11 17:02 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-02-10 18:42 - 2015-02-10 18:42 - 00000969 _____ () C:\Users\Public\Desktop\Steam.lnk

2015-02-10 18:42 - 2015-02-10 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

2015-02-10 18:40 - 2015-02-10 18:40 - 01142128 _____ () C:\Users\Vicky\Downloads\SteamSetup(1).exe

2015-02-10 16:47 - 2015-02-10 17:09 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2921824059-3396052717-1016763794-1001

2015-02-10 16:47 - 2015-02-10 16:47 - 00032071 _____ () C:\Users\Vicky\Desktop\FRST2.txt

2015-02-10 16:46 - 2015-02-10 16:46 - 00000760 _____ () C:\Users\Vicky\Desktop\JRT2.txt

2015-02-10 16:45 - 2015-02-10 16:45 - 00000760 _____ () C:\Users\Vicky\Desktop\JRT.txt

2015-02-10 16:40 - 2015-02-10 16:40 - 00001483 _____ () C:\Users\Vicky\Desktop\AdwCleaner[S0].txt

2015-02-10 16:35 - 2015-02-10 16:38 - 00000000 ____D () C:\AdwCleaner

2015-02-10 16:34 - 2015-02-10 16:35 - 01388274 _____ (Thisisu) C:\Users\Vicky\Downloads\JRT.exe

2015-02-10 16:34 - 2015-02-10 16:34 - 02112512 _____ () C:\Users\Vicky\Downloads\AdwCleaner_4.110.exe

2015-02-10 16:32 - 2015-02-10 16:32 - 00000117 _____ () C:\WINDOWS\system32\netcfg-73346787.txt

2015-02-09 22:33 - 2015-02-09 22:33 - 00000117 _____ () C:\WINDOWS\system32\netcfg-8576326.txt

2015-02-09 21:00 - 2015-02-09 21:00 - 01142128 _____ () C:\Users\Vicky\Downloads\SteamSetup.exe

2015-02-09 20:45 - 2015-02-09 20:45 - 00000117 _____ () C:\WINDOWS\system32\netcfg-2095873.txt

2015-02-09 20:32 - 2015-02-09 20:32 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1306414.txt

2015-02-09 20:20 - 2015-02-09 20:20 - 00007139 _____ () C:\Users\Vicky\Downloads\gmer.txt

2015-02-09 20:20 - 2015-02-09 20:20 - 00000117 _____ () C:\WINDOWS\system32\netcfg-614035.txt

2015-02-09 20:19 - 2015-02-09 20:19 - 00007139 _____ () C:\Users\Vicky\Downloads\gmer.log

2015-02-09 20:16 - 2015-02-09 20:16 - 00000117 _____ () C:\WINDOWS\system32\netcfg-356852.txt

2015-02-09 20:15 - 2015-02-09 20:15 - 00380416 _____ () C:\Users\Vicky\Downloads\Gmer-19357.exe

2015-02-09 20:14 - 2015-02-09 20:14 - 00016995 _____ () C:\Users\Vicky\Downloads\Addition.txt

2015-02-09 20:13 - 2015-02-11 17:49 - 02134016 _____ (Farbar) C:\Users\Vicky\Downloads\FRST64.exe

2015-02-09 20:13 - 2015-02-11 17:49 - 00010046 _____ () C:\Users\Vicky\Downloads\FRST.txt

2015-02-09 20:13 - 2015-02-11 17:49 - 00000000 ____D () C:\FRST

2015-02-09 20:09 - 2015-02-09 20:09 - 00000000 ____D () C:\sources

2015-02-09 20:05 - 2015-02-09 20:06 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\Mozilla

2015-02-09 20:05 - 2015-02-09 20:06 - 00000000 ____D () C:\Users\Vicky\AppData\Local\Mozilla

2015-02-09 20:02 - 2015-02-09 20:02 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-02-09 20:02 - 2015-02-09 20:02 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-02-09 20:02 - 2015-02-09 20:02 - 00000000 ____D () C:\ProgramData\Mozilla

2015-02-09 20:02 - 2015-02-09 20:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-02-09 20:01 - 2015-02-09 20:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-02-09 19:56 - 2015-02-09 19:56 - 00000472 _____ () C:\Users\Vicky\Desktop\defogger_disable.log

2015-02-09 19:56 - 2015-02-09 19:56 - 00000000 _____ () C:\Users\Vicky\defogger_reenable

2015-02-09 19:53 - 2015-02-09 19:53 - 00001966 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2015-02-09 19:53 - 2015-02-09 19:53 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox

2015-02-09 19:53 - 2015-02-09 19:53 - 00000000 ____D () C:\WINDOWS\system32\vbox

2015-02-09 19:53 - 2015-02-09 19:53 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\AVAST Software

2015-02-09 19:53 - 2015-02-09 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2015-02-09 19:52 - 2015-02-09 19:53 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys

2015-02-09 19:52 - 2015-02-09 19:53 - 00087912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys

2015-02-09 19:52 - 2015-02-09 19:53 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update

2015-02-09 19:52 - 2015-02-09 19:52 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2015-02-09 19:52 - 2015-02-09 19:52 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2015-02-09 19:52 - 2015-02-09 19:52 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys

2015-02-09 19:52 - 2015-02-09 19:52 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys

2015-02-09 19:52 - 2015-02-09 19:52 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys

2015-02-09 19:52 - 2015-02-09 19:52 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys

2015-02-09 19:52 - 2015-02-09 19:52 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

2015-02-09 19:52 - 2015-02-09 19:52 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys

2015-02-09 19:52 - 2015-02-09 19:52 - 00000000 ____D () C:\ProgramData\AVAST Software

2015-02-09 19:52 - 2015-02-09 19:52 - 00000000 ____D () C:\Program Files\AVAST Software

2015-02-09 19:51 - 2015-02-09 19:51 - 00000117 _____ () C:\WINDOWS\system32\netcfg-7067547.txt

2015-02-09 19:09 - 2015-02-09 19:51 - 00000117 _____ () C:\WINDOWS\system32\netcfg-4517742.txt

2015-02-09 18:48 - 2015-02-09 18:48 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3295661.txt

2015-02-09 18:48 - 2015-02-09 18:48 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3293461.txt

2015-02-09 18:16 - 2014-05-20 03:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2015-02-09 18:16 - 2014-05-20 00:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2015-02-09 18:16 - 2014-05-20 00:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2015-02-09 18:16 - 2014-05-20 00:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2015-02-09 18:16 - 2014-05-20 00:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2015-02-09 18:16 - 2014-05-20 00:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2015-02-09 18:16 - 2014-05-20 00:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2015-02-09 18:16 - 2014-05-20 00:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2015-02-09 18:16 - 2014-05-20 00:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2015-02-09 18:16 - 2014-05-14 23:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll

2015-02-09 18:16 - 2014-05-14 23:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

2015-02-09 18:16 - 2014-05-14 23:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll

2015-02-09 18:16 - 2014-05-14 23:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe

2015-02-09 18:16 - 2013-08-16 06:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2015-02-09 18:16 - 2013-08-16 06:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

2015-02-09 18:16 - 2013-08-15 23:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll

2015-02-09 18:16 - 2012-11-06 05:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll

2015-02-09 18:16 - 2012-11-06 05:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wushareduxresources.dll

2015-02-09 18:02 - 2015-02-09 18:02 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\ATI

2015-02-09 18:02 - 2015-02-09 18:02 - 00000000 ____D () C:\Users\Vicky\AppData\Local\ATI

2015-02-09 18:01 - 2015-02-09 20:11 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-02-09 18:01 - 2015-02-09 18:01 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-02-09 18:01 - 2015-02-09 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-09 18:01 - 2015-02-09 18:01 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-09 18:01 - 2015-02-09 18:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-09 18:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-02-09 18:01 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-02-09 18:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-02-09 17:59 - 2015-02-09 17:59 - 00000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

2015-02-09 17:59 - 2015-02-09 17:59 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\Macromedia

2015-02-09 17:58 - 2015-02-09 17:58 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\Hewlett-Packard

2015-02-09 17:58 - 2015-02-09 17:58 - 00000000 ____D () C:\Users\Vicky\AppData\Local\Hewlett-Packard

2015-02-09 17:57 - 2015-02-09 17:57 - 00001444 _____ () C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-02-09 17:57 - 2015-02-09 17:57 - 00000000 __RSH () C:\WINDOWS\SysWOW64\Drivers\103C_HP_cPC_p6-2352eg_Y53316J_0U_QCZC2523PHF_E12CE3RR8606_4A_I2AE0_SMSI_V1.0_B8.12_T121105_W8101-0_L407_M8088_J1000_7AMD_8F01_93.40_#121229_N19691091_Z_G1002675D_Ohp DVD-RAM SW820_DSAM0B67.MRK

2015-02-09 17:57 - 2015-02-09 17:57 - 00000000 __RSH () C:\WINDOWS\system32\Drivers\103C_HP_cPC_p6-2352eg_Y53316J_0U_QCZC2523PHF_E12CE3RR8606_4A_I2AE0_SMSI_V1.0_B8.12_T121105_W8101-0_L407_M8088_J1000_7AMD_8F01_93.40_#121229_N19691091_Z_G1002675D_Ohp DVD-RAM SW820_DSAM0B67.MRK

2015-02-09 17:57 - 2015-02-09 17:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services

2015-02-09 17:57 - 2015-02-09 17:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2015-02-09 17:57 - 2015-02-09 17:57 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD

2015-02-09 17:57 - 2015-02-09 17:57 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\Adobe

2015-02-09 17:57 - 2015-02-09 17:57 - 00000000 ____D () C:\Users\Vicky\AppData\Local\Power2Go8

2015-02-09 17:57 - 2012-12-29 17:06 - 00002221 _____ () C:\Users\Public\Desktop\Snapfish Fotos.lnk

2015-02-09 17:56 - 2015-02-11 16:58 - 01324182 _____ () C:\WINDOWS\WindowsUpdate.log

2015-02-09 17:56 - 2015-02-09 19:56 - 00000000 ____D () C:\Users\Vicky

2015-02-09 17:56 - 2015-02-09 17:57 - 00000000 ____D () C:\Users\Vicky\AppData\Local\Packages

2015-02-09 17:56 - 2015-02-09 17:56 - 00000020 ___SH () C:\Users\Vicky\ntuser.ini

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Vorlagen

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Startmenü

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Netzwerkumgebung

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Lokale Einstellungen

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Eigene Dateien

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Druckumgebung

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Documents\Eigene Musik

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Documents\Eigene Bilder

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\AppData\Local\Verlauf

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\AppData\Local\Anwendungsdaten

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 _SHDL () C:\Users\Vicky\Anwendungsdaten

2015-02-09 17:56 - 2015-02-09 17:56 - 00000000 ____D () C:\Users\Vicky\AppData\Local\VirtualStore

2015-02-09 17:56 - 2012-12-29 16:50 - 00000000 ___HD () C:\Users\Vicky\Documents\hp.system.package.metadata

2015-02-09 17:56 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-02-09 17:56 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-02-09 17:56 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2015-02-09 17:56 - 2012-07-26 09:13 - 00000000 ____D () C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-02-09 17:55 - 2015-02-09 17:55 - 00000117 _____ () C:\WINDOWS\system32\netcfg-108483.txt

2015-02-09 17:55 - 2015-02-09 17:55 - 00000117 _____ () C:\WINDOWS\system32\netcfg-105987.txt

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Vorlagen

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Startmenü

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Druckumgebung

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Programme

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\ProgramData\Vorlagen

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\ProgramData\Startmenü

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\ProgramData\Dokumente

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien

2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 _SHDL () C:\Dokumente und Einstellungen

2015-02-09 17:51 - 2015-02-09 17:51 - 00000000 _____ () C:\Recovery.txt
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-11 17:00 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-02-11 16:45 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-02-11 16:30 - 2012-12-30 01:41 - 00745562 _____ () C:\WINDOWS\system32\perfh007.dat

2015-02-11 16:30 - 2012-12-30 01:41 - 00169488 _____ () C:\WINDOWS\system32\perfc007.dat

2015-02-11 16:30 - 2012-07-26 08:28 - 01752720 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-02-10 20:52 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache

2015-02-10 20:46 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM

2015-02-10 18:53 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent

2015-02-10 16:39 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-02-10 16:39 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2015-02-09 20:25 - 2012-08-02 03:02 - 00000000 ____D () C:\WINDOWS\Panther

2015-02-09 20:10 - 2012-12-29 17:08 - 00000000 ____D () C:\ProgramData\Norton

2015-02-09 20:10 - 2012-08-01 18:02 - 00672218 _____ () C:\WINDOWS\PFRO.log

2015-02-09 20:09 - 2012-07-26 10:45 - 00000000 ____D () C:\Program Files\Windows Journal

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\system32\winrm

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\system32\WCN

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\system32\slmgr

2015-02-09 20:09 - 2012-07-26 10:43 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\WinStore

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\inetsrv

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\MUI

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\migwiz

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\inetsrv

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\en-GB

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\Com

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\System

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer

2015-02-09 20:09 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2015-02-09 20:09 - 2012-07-26 06:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe

2015-02-09 20:09 - 2012-07-26 06:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism

2015-02-09 20:09 - 2012-07-26 06:38 - 00000000 ____D () C:\WINDOWS\system32\Sysprep

2015-02-09 20:09 - 2012-07-26 06:38 - 00000000 ____D () C:\WINDOWS\system32\oobe

2015-02-09 20:09 - 2012-07-26 06:38 - 00000000 ____D () C:\WINDOWS\system32\Dism

2015-02-09 20:09 - 2012-07-26 06:37 - 00000000 ____D () C:\WINDOWS\servicing

2015-02-09 20:08 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP

2015-02-09 18:16 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\restore

2015-02-09 17:57 - 2012-12-29 17:07 - 00000000 ___RD () C:\Program Files\Online Services

2015-02-09 17:57 - 2012-12-29 16:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools

2015-02-09 17:57 - 2012-12-29 16:57 - 00000000 ___RD () C:\Program Files (x86)\Online Services

2015-02-09 17:57 - 2012-12-29 16:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection

2015-02-09 17:57 - 2012-12-29 16:54 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

2015-02-09 17:57 - 2012-10-12 17:51 - 00000000 _RSHD () C:\hp

2015-02-09 17:57 - 2012-08-02 04:15 - 00000000 ____D () C:\SWSETUP

2015-02-09 17:57 - 2012-08-01 10:57 - 00000000 _RSHD () C:\system.sav

2015-02-09 17:57 - 2012-07-26 09:12 - 00000000 __SHD () C:\Program Files\Windows Sidebar

2015-02-09 17:57 - 2012-07-26 08:21 - 00030386 _____ () C:\WINDOWS\setupact.log

2015-02-09 17:54 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows NT

2015-02-09 17:54 - 2012-07-26 06:37 - 00000000 __RHD () C:\Users\Default

2015-02-09 17:53 - 2012-08-01 18:09 - 00009068 _____ () C:\WINDOWS\iis.log

2015-02-09 17:53 - 2012-07-26 09:13 - 00003608 _____ () C:\WINDOWS\DtcInstall.log

2015-02-09 17:52 - 2012-07-26 08:19 - 00295920 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2015-02-09 17:51 - 2012-07-26 09:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
 

==================== Files in the root of some directories =======
 

2015-02-09 17:59 - 2015-02-09 17:59 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 

Some content of TEMP:

====================

C:\Users\Vicky\AppData\Local\Temp\Quarantine.exe

C:\Users\Vicky\AppData\Local\Temp\sdan.exe

C:\Users\Vicky\AppData\Local\Temp\sdapk.exe

C:\Users\Vicky\AppData\Local\Temp\sdaspwn.exe

C:\Users\Vicky\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2012-08-01 18:02
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Weil das allesamt adware-Schleudern sind.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Ok Super, VIELEN DANK schon mal!

Code:

Weil das allesamt adware-Schleudern sind.

Die Programme selbst sind doch aber unbedenklich oder sehe ich das falsch...?
Sie werden also nur gelöscht, weil sie im Verdacht stehen andere "Bauteile" integriert zu haben?

Jein, entweder sie liefern das nur mir, oder sie selbst sind es, also senden deine Daten einfach mal wohin und so :)