| Nataliee | 04.10.2013 20:01 |
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-08-2013 01 (ATTENTION: ====> FRST version is 41 days old and could be outdated)
Ran by Susanne (administrator) on 04-10-2013 19:19:17
Running from C:\Users\Susanne\Desktop\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(EgisTec Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Windows\PLFSetI.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(EgisTec Inc.) C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
(EgisTec Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(sonix) C:\Windows\PLFSetL.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor Corp.) C:\Users\Susanne\AppData\Local\Temp\RtkBtMnt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Farbar) C:\Users\Susanne\Desktop\Downloads\FRST(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-18] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6957600 2009-03-11] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2011-06-22] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [866824 2009-02-19] (Dritek System Inc.)
HKLM\...\Run: [BackupManagerTray] - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [249600 2009-04-01] (NewTech Infosystems, Inc.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [686624 2009-02-06] (Acer Incorporated)
HKLM\...\Run: [EgisTecLiveUpdate] - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464 2008-10-27] (EgisTec Inc.)
HKLM\...\Run: [mwlDaemon] - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [346672 2008-10-27] (EgisTec Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [PLFSetL] - C:\Windows\PLFSetL.exe [94208 2008-07-03] (sonix)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [439360 2013-08-13] (BillP Studios)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
HKU\Default\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [ 2009-01-21] (TODO: <Company name>)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
HKU\Default User\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [ 2009-01-21] (TODO: <Company name>)
HKU\Guest\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
Startup: C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Susanne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer | explore beyond limits
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.golsearch.com/?q={searchTerms}&babsrc=SP_ss_Btisdt6&mntrId=ECFA0017C4879F0B&affID=121565&tsp=4994
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.golsearch.com/?q={searchTerms}&babsrc=SP_ss_Btisdt6&mntrId=ECFA0017C4879F0B&affID=121565&tsp=4994
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1
FireFox:
========
FF ProfilePath: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default
FF user.js: detected! => C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\user.js
FF NewTab: hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=ECFA0017C4879F0B&affID=121565&tsp=4994
FF Homepage: hxxp://de.yahoo.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\searchplugins\BackupManager.list
FF Extension: Delta Toolbar - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\ffxtlbr@delta.com
FF Extension: Yahoo! Toolbar - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: No Name - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\BackupManager.list
FF Extension: fdm_ffext - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\fdm_ffext@freedownloadmanager.org
FF Extension: testpilot - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: No Name - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
Chrome:
=======
CHR HomePage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=ECFA0017C4879F0B&affID=121565&tsp=4994
CHR RestoreOnStartup: "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=ECFA0017C4879F0B&affID=121565&tsp=4994"
CHR DefaultSearchURL: (Delta Search) - hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=ECFA0017C4879F0B&affID=121565&tsp=4994
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.5) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Chrome In-App Payments service) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Susanne\AppData\Local\Temp\crxC675.tmp
CHR HKLM\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Susanne\AppData\Local\Temp\tbch.crx
========================== Services (Whitelisted) =================
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [653856 2009-02-06] (Acer Incorporated)
R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [306736 2008-10-27] (EgisTec Inc.)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [54528 2009-04-01] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [183312 2008-10-03] (Advanced Micro Devices, Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R2 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-10-09] (Egis Incorporated.)
R2 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-10-09] (Egis Incorporated.)
R2 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-10-09] (Egis Incorporated.)
R1 RapportCerberus_56758; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys [330960 2013-08-21] ()
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [148688 2013-09-10] (Trusteer Ltd.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [222416 2013-09-10] (Trusteer Ltd.)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [153952 2009-02-21] (Realtek Semiconductor Corp.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1759744 2009-05-06] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 catchme; \??\C:\Users\Susanne\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x86\Sandra.sys [x]
S3 vsdatant7; System32\drivers\vsdatant.win7.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-04 18:49 - 2013-10-04 18:49 - 00000000 ____D C:\FRST
2013-10-03 15:59 - 2013-10-03 15:59 - 00000000 _____ C:\Windows\setupact.log
2013-10-03 15:55 - 2013-10-03 15:55 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-03 15:52 - 2013-10-03 15:55 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-03 15:20 - 2013-10-03 15:20 - 99102760 _____ C:\Windows\system32\땭ﶀᴼ–
2013-10-02 09:41 - 2013-10-02 09:41 - 98712514 _____ C:\Windows\system32\ߩᴼ^
2013-10-02 00:56 - 2013-08-25 10:52 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20131002-005657.backup
2013-10-01 11:57 - 2013-10-01 11:57 - 98609238 _____ C:\Windows\system32\ޑꮚᴼ‰
2013-09-30 23:19 - 2013-09-30 23:19 - 00000000 ____D C:\Users\Susanne\AppData\Local\{4942E2F6-D885-48BE-8B4E-579BCDDF8051}
2013-09-27 21:53 - 2013-09-27 21:53 - 00000000 ____D C:\Users\Susanne\AppData\Local\{FE696518-538C-406D-84C6-032116502796}
2013-09-25 10:18 - 2013-10-01 00:06 - 00000000 ____D C:\Users\Susanne\Desktop\Camino de Santiago
2013-09-25 09:38 - 2013-09-25 09:38 - 00000850 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-25 09:38 - 2013-09-25 09:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-25 00:56 - 2013-08-25 10:52 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130925-005628.backup
2013-09-24 22:25 - 2013-09-24 22:25 - 00000000 ____D C:\Users\Susanne\AppData\Local\avgchrome
2013-09-24 20:35 - 2013-09-24 20:38 - 00000000 ___SD C:\32788R22FWJFW
2013-09-24 20:25 - 2013-08-25 10:52 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130924-202544.backup
2013-09-24 17:24 - 2013-09-24 17:24 - 00000000 ____D C:\Users\Susanne\Documents\ProcAlyzer Dumps
2013-09-24 17:07 - 2013-09-24 17:07 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Malwarebytes
2013-09-20 20:19 - 2013-09-20 20:19 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2013-09-20 20:05 - 2013-09-20 20:06 - 98487876 _____ C:\Windows\system32\㓹ᴼ–
2013-09-13 16:18 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 16:18 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 16:18 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 16:18 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 16:18 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-13 16:18 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 16:18 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-13 16:18 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 16:18 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 16:18 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-13 16:18 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-13 16:18 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 16:18 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 16:18 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 16:18 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-13 16:18 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 20:00 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 20:00 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-10 23:18 - 2013-09-10 23:18 - 00097008 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKELL.sys
2013-09-06 16:00 - 2013-09-06 16:00 - 00000000 ____D C:\Users\Guest\AppData\Roaming\yahoo!
2013-09-06 15:52 - 2013-09-06 15:52 - 00000000 ____D C:\Users\Guest\AppData\Local\avgchrome
2013-09-06 15:39 - 2013-09-06 15:39 - 96334488 _____ C:\Windows\system32\졡뜻ᴼ
2013-09-04 02:36 - 2013-09-04 02:36 - 00000000 ____D C:\Windows\system32\searchplugins
2013-09-04 02:36 - 2013-09-04 02:36 - 00000000 ____D C:\Windows\system32\Extensions
2013-09-04 00:00 - 2013-09-04 00:45 - 00000000 ____D C:\Users\Susanne\Desktop\htc 4gb
==================== One Month Modified Files and Folders =======
2013-10-05 04:59 - 2011-06-22 02:30 - 00000000 ____D C:\Users\Susanne
2013-10-05 04:59 - 2006-11-02 12:22 - 53477376 _____ C:\Windows\system32\config\software_previous
2013-10-05 04:59 - 2006-11-02 12:22 - 53215232 _____ C:\Windows\system32\config\system_previous
2013-10-05 04:58 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool
2013-10-05 04:58 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration
2013-10-05 04:57 - 2013-09-02 17:42 - 00000000 ____D C:\Program Files\Avira
2013-10-05 04:54 - 2006-11-02 12:22 - 43253760 _____ C:\Windows\system32\config\components_previous
2013-10-05 04:54 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-10-04 19:17 - 2013-03-16 18:33 - 00000000 ___RD C:\Users\Susanne\Dropbox
2013-10-04 19:17 - 2013-03-16 18:25 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Dropbox
2013-10-04 19:17 - 2012-04-12 23:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-04 19:16 - 2011-06-22 02:20 - 01876669 _____ C:\Windows\WindowsUpdate.log
2013-10-04 19:14 - 2012-12-30 19:25 - 00000620 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-10-04 19:14 - 2012-01-21 03:50 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-04 19:14 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-04 19:14 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-04 19:14 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 19:08 - 2011-06-22 02:43 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\vlc
2013-10-04 19:07 - 2013-01-05 10:27 - 00100833 _____ C:\Users\Susanne\AppData\Roaming\Safer-Networking.log
2013-10-04 18:50 - 2006-11-02 12:22 - 05242880 _____ C:\Windows\system32\config\default_previous
2013-10-04 18:49 - 2013-10-04 18:49 - 00000000 ____D C:\FRST
2013-10-04 18:49 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-10-03 21:07 - 2013-08-22 18:50 - 00000000 ____D C:\ProgramData\Avira
2013-10-03 21:07 - 2012-12-30 18:23 - 00991434 _____ C:\Windows\PFRO.log
2013-10-03 15:59 - 2013-10-03 15:59 - 00000000 _____ C:\Windows\setupact.log
2013-10-03 15:55 - 2013-10-03 15:55 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-03 15:55 - 2013-10-03 15:52 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-03 15:20 - 2013-10-03 15:20 - 99102760 _____ C:\Windows\system32\땭ﶀᴼ–
2013-10-03 15:06 - 2012-01-21 03:50 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-03 10:43 - 2006-11-02 15:01 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-02 23:30 - 2013-08-25 10:19 - 00000000 ____D C:\Windows\erdnt
2013-10-02 22:02 - 2006-11-02 12:33 - 00703516 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-02 09:42 - 2012-12-30 19:25 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-10-02 09:41 - 2013-10-02 09:41 - 98712514 _____ C:\Windows\system32\ߩᴼ^
2013-10-01 11:57 - 2013-10-01 11:57 - 98609238 _____ C:\Windows\system32\ޑꮚᴼ‰
2013-10-01 11:53 - 2012-12-30 19:25 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-10-01 00:06 - 2013-09-25 10:18 - 00000000 ____D C:\Users\Susanne\Desktop\Camino de Santiago
2013-09-30 23:19 - 2013-09-30 23:19 - 00000000 ____D C:\Users\Susanne\AppData\Local\{4942E2F6-D885-48BE-8B4E-579BCDDF8051}
2013-09-27 21:53 - 2013-09-27 21:53 - 00000000 ____D C:\Users\Susanne\AppData\Local\{FE696518-538C-406D-84C6-032116502796}
2013-09-25 09:38 - 2013-09-25 09:38 - 00000850 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-25 09:38 - 2013-09-25 09:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-25 09:38 - 2013-08-18 00:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-24 22:25 - 2013-09-24 22:25 - 00000000 ____D C:\Users\Susanne\AppData\Local\avgchrome
2013-09-24 20:38 - 2013-09-24 20:35 - 00000000 ___SD C:\32788R22FWJFW
2013-09-24 20:38 - 2013-09-02 04:22 - 00000000 ____D C:\Qoobox
2013-09-24 17:39 - 2013-08-25 22:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-24 17:24 - 2013-09-24 17:24 - 00000000 ____D C:\Users\Susanne\Documents\ProcAlyzer Dumps
2013-09-24 17:24 - 2011-06-22 20:51 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-24 17:07 - 2013-09-24 17:07 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Malwarebytes
2013-09-21 20:33 - 2013-08-23 01:49 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2013-09-20 20:19 - 2013-09-20 20:19 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2013-09-20 20:19 - 2012-04-12 23:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 20:19 - 2011-06-22 22:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 20:06 - 2013-09-20 20:05 - 98487876 _____ C:\Windows\system32\㓹ᴼ–
2013-09-14 09:34 - 2006-11-02 14:47 - 00340680 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 16:37 - 2009-02-23 19:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 16:04 - 2013-07-19 21:25 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 15:54 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-10 23:18 - 2013-09-10 23:18 - 00097008 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKELL.sys
2013-09-08 11:06 - 2013-08-25 20:04 - 00000364 _____ C:\Users\Guest\AppData\Roaming\Safer-Networking.log
2013-09-06 16:00 - 2013-09-06 16:00 - 00000000 ____D C:\Users\Guest\AppData\Roaming\yahoo!
2013-09-06 15:52 - 2013-09-06 15:52 - 00000000 ____D C:\Users\Guest\AppData\Local\avgchrome
2013-09-06 15:39 - 2013-09-06 15:39 - 96334488 _____ C:\Windows\system32\졡뜻ᴼ
2013-09-05 11:51 - 2013-09-02 17:42 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-05 11:51 - 2013-09-02 17:42 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 02:36 - 2013-09-04 02:36 - 00000000 ____D C:\Windows\system32\searchplugins
2013-09-04 02:36 - 2013-09-04 02:36 - 00000000 ____D C:\Windows\system32\Extensions
2013-09-04 01:16 - 2013-03-29 20:40 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-09-04 01:16 - 2013-03-29 20:40 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-09-04 01:14 - 2012-05-24 23:10 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\DVDVideoSoft
2013-09-04 00:45 - 2013-09-04 00:00 - 00000000 ____D C:\Users\Susanne\Desktop\htc 4gb
Files to move or delete:
====================
C:\Users\Guest\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Susanne\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Susanne\AppData\Local\Temp\_av_sfx.tm~7ea4edd6-c49f-4d74-b65e-b8490e0e870d\aswOfferTool.exe
C:\Users\Susanne\AppData\Local\Temp\_av_sfx.tm~7ea4edd6-c49f-4d74-b65e-b8490e0e870d\SetupOfferGui.dll
C:\Users\Susanne\AppData\Local\Temp\avnwldrtemp\download\wks_avira13\win32\de\pecl\avinet.dll.gz
C:\Users\Susanne\AppData\Local\Temp\avnwldrtemp\download\wks_avira13\win32\de\pecl\avipc.dll.gz
C:\Users\Susanne\AppData\Local\Temp\avnwldrtemp\download\wks_avira13\win32\de\pecl\avmres.dll.gz
C:\Users\Susanne\AppData\Local\Temp\avnwldrtemp\download\wks_avira13\win32\de\pecl\avrestart.exe.gz
C:\Users\Susanne\AppData\Local\Temp\avnwldrtemp\download\wks_avira13\win32\de\pecl\avwinll.dll.gz
C:\Users\Susanne\AppData\Local\Temp\avnwldrtemp\download\wks_avira13\win32\de\pecl\cfglib.dll.gz
C:\Users\Susanne\AppData\Local\Temp\avnwldrtemp\download\wks_avira13\win32\de\pecl\msgclient.dll.gz
C:\Users\Susanne\AppData\Local\Temp\avnwldrtemp\download\wks_avira13\win32\de\pecl\scewxmlw.dll.gz
C:\Users\Susanne\AppData\Local\Temp\avnwldrtemp\download\wks_avira13\win32\de\pecl\update.dll.gz
C:\Users\Susanne\AppData\Local\Temp\avnwldrtemp\download\wks_avira13\win32\de\pecl\update.exe.gz
C:\Users\Susanne\AppData\Local\Temp\avnwldrtemp\download\wks_avira13\win32\de\pecl\updext.dll.gz
C:\Users\Susanne\AppData\Local\Temp\avnwldrtemp\download\wks_avira13\win32\de\pecl\updgui.dll.gz
C:\Users\Susanne\AppData\Local\Temp\avnwldrtemp\download\wks_avira13\win32\de\pecl\updrgui.exe.gz
C:\Users\Susanne\AppData\Local\Temp\avnwldrtemp\download\wks_avira13\win32\de\pecl\de-de\rcimage.dll.gz
C:\Users\Susanne\AppData\Local\Temp\avnwldrtemp\download\wks_avira13\win32\de\pecl\de-de\rctext.dll.gz
C:\Users\Susanne\AppData\Local\Temp\avnwldrtemp\download\wks_avira13\win32\de\pecl\de-de\restartrc.dll.gz
C:\Users\Susanne\AppData\Local\Temp\avnwldrtemp\download\wks_avira13\win32\de\pecl\de-de\updaterc.dll.gz
C:\Users\Susanne\AppData\Local\Temp\avnwldrtemp\download\wks_avira13\win32\de\pecl\de-de\updguirc.dll.gz
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-04 19:23
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Susanne (administrator) on SUSANNE-PC on 04-10-2013 20:18:02
Running from C:\Users\Susanne\Desktop\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(EgisTec Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Windows\PLFSetI.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(EgisTec Inc.) C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
(EgisTec Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(sonix) C:\Windows\PLFSetL.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Realtek Semiconductor Corp.) C:\Users\Susanne\AppData\Local\Temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Google\Update\Install\{B8FBDF5F-C44A-4492-96F9-B8182282852D}\30.0.1599.69_29.0.1547.76_chrome_updater.exe
(Google Inc.) C:\Windows\TEMP\CR_6A0D0.tmp\setup.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-18] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6957600 2009-03-11] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2011-06-22] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [866824 2009-02-19] (Dritek System Inc.)
HKLM\...\Run: [BackupManagerTray] - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [249600 2009-04-01] (NewTech Infosystems, Inc.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [686624 2009-02-06] (Acer Incorporated)
HKLM\...\Run: [EgisTecLiveUpdate] - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464 2008-10-27] (EgisTec Inc.)
HKLM\...\Run: [mwlDaemon] - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [346672 2008-10-27] (EgisTec Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [PLFSetL] - C:\Windows\PLFSetL.exe [94208 2008-07-03] (sonix)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [439360 2013-08-13] (BillP Studios)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
HKU\Default\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [ 2009-01-21] (TODO: <Company name>)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
HKU\Default User\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [ 2009-01-21] (TODO: <Company name>)
HKU\Guest\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
Startup: C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Susanne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer | explore beyond limits
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.golsearch.com/?q={searchTerms}&babsrc=SP_ss_Btisdt6&mntrId=ECFA0017C4879F0B&affID=121565&tsp=4994
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.golsearch.com/?q={searchTerms}&babsrc=SP_ss_Btisdt6&mntrId=ECFA0017C4879F0B&affID=121565&tsp=4994
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1
FireFox:
========
FF ProfilePath: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default
FF user.js: detected! => C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\user.js
FF NewTab: hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=ECFA0017C4879F0B&affID=121565&tsp=4994
FF Homepage: hxxp://de.yahoo.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\searchplugins\BackupManager.list
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Delta Toolbar - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\ffxtlbr@delta.com
FF Extension: Yahoo! Toolbar - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: No Name - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\BackupManager.list
FF Extension: fdm_ffext - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\fdm_ffext@freedownloadmanager.org
FF Extension: testpilot - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: No Name - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
Chrome:
=======
CHR HomePage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=ECFA0017C4879F0B&affID=121565&tsp=4994
CHR RestoreOnStartup: "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=ECFA0017C4879F0B&affID=121565&tsp=4994"
CHR DefaultSearchURL: (Delta Search) - hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=ECFA0017C4879F0B&affID=121565&tsp=4994
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.5) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Chrome In-App Payments service) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Susanne\AppData\Local\Temp\crxC675.tmp
CHR HKLM\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Susanne\AppData\Local\Temp\tbch.crx
========================== Services (Whitelisted) =================
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [653856 2009-02-06] (Acer Incorporated)
R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [306736 2008-10-27] (EgisTec Inc.)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [54528 2009-04-01] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [183312 2008-10-03] (Advanced Micro Devices, Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R2 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-10-09] (Egis Incorporated.)
R2 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-10-09] (Egis Incorporated.)
R2 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-10-09] (Egis Incorporated.)
R1 RapportCerberus_56758; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys [330960 2013-08-21] ()
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [148688 2013-09-10] (Trusteer Ltd.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [222416 2013-09-10] (Trusteer Ltd.)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [153952 2009-02-21] (Realtek Semiconductor Corp.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1759744 2009-05-06] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Susanne\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x86\Sandra.sys [x]
S3 vsdatant7; System32\drivers\vsdatant.win7.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-04 20:01 - 2013-10-04 20:01 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Avira
2013-10-04 18:49 - 2013-10-04 18:49 - 00000000 ____D C:\FRST
2013-10-03 15:59 - 2013-10-03 15:59 - 00000000 _____ C:\Windows\setupact.log
2013-10-03 15:55 - 2013-10-03 15:55 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-03 15:52 - 2013-10-03 15:55 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-03 15:20 - 2013-10-03 15:20 - 99102760 _____ C:\Windows\system32\땭ﶀᴼ–
2013-10-02 09:41 - 2013-10-02 09:41 - 98712514 _____ C:\Windows\system32\ߩᴼ^
2013-10-02 00:56 - 2013-08-25 10:52 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20131002-005657.backup
2013-10-01 11:57 - 2013-10-01 11:57 - 98609238 _____ C:\Windows\system32\ޑꮚᴼ‰
2013-09-30 23:19 - 2013-09-30 23:19 - 00000000 ____D C:\Users\Susanne\AppData\Local\{4942E2F6-D885-48BE-8B4E-579BCDDF8051}
2013-09-27 21:53 - 2013-09-27 21:53 - 00000000 ____D C:\Users\Susanne\AppData\Local\{FE696518-538C-406D-84C6-032116502796}
2013-09-25 10:18 - 2013-10-01 00:06 - 00000000 ____D C:\Users\Susanne\Desktop\Camino de Santiago
2013-09-25 09:38 - 2013-09-25 09:38 - 00000850 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-25 09:38 - 2013-09-25 09:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-25 00:56 - 2013-08-25 10:52 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130925-005628.backup
2013-09-24 22:25 - 2013-09-24 22:25 - 00000000 ____D C:\Users\Susanne\AppData\Local\avgchrome
2013-09-24 20:35 - 2013-09-24 20:38 - 00000000 ___SD C:\32788R22FWJFW
2013-09-24 20:25 - 2013-08-25 10:52 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130924-202544.backup
2013-09-24 17:24 - 2013-09-24 17:24 - 00000000 ____D C:\Users\Susanne\Documents\ProcAlyzer Dumps
2013-09-24 17:07 - 2013-09-24 17:07 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Malwarebytes
2013-09-20 20:19 - 2013-09-20 20:19 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2013-09-20 20:05 - 2013-09-20 20:06 - 98487876 _____ C:\Windows\system32\㓹ᴼ–
2013-09-13 16:18 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 16:18 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 16:18 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 16:18 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 16:18 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-13 16:18 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 16:18 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-13 16:18 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 16:18 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 16:18 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-13 16:18 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-13 16:18 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 16:18 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 16:18 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 16:18 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-13 16:18 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 20:00 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 20:00 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-10 23:18 - 2013-09-10 23:18 - 00097008 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKELL.sys
2013-09-06 16:00 - 2013-09-06 16:00 - 00000000 ____D C:\Users\Guest\AppData\Roaming\yahoo!
2013-09-06 15:52 - 2013-09-06 15:52 - 00000000 ____D C:\Users\Guest\AppData\Local\avgchrome
2013-09-06 15:39 - 2013-09-06 15:39 - 96334488 _____ C:\Windows\system32\졡뜻ᴼ
2013-09-04 02:36 - 2013-09-04 02:36 - 00000000 ____D C:\Windows\system32\searchplugins
2013-09-04 02:36 - 2013-09-04 02:36 - 00000000 ____D C:\Windows\system32\Extensions
2013-09-04 00:00 - 2013-09-04 00:45 - 00000000 ____D C:\Users\Susanne\Desktop\htc 4gb
==================== One Month Modified Files and Folders =======
2013-10-05 04:59 - 2013-08-23 01:40 - 00000000 ____D C:\Users\Guest
2013-10-05 04:59 - 2011-06-22 02:30 - 00000000 ____D C:\Users\Susanne
2013-10-05 04:59 - 2006-11-02 12:22 - 53477376 _____ C:\Windows\system32\config\software_previous
2013-10-05 04:59 - 2006-11-02 12:22 - 53215232 _____ C:\Windows\system32\config\system_previous
2013-10-05 04:58 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool
2013-10-05 04:58 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration
2013-10-05 04:57 - 2013-09-02 17:42 - 00000000 ____D C:\Program Files\Avira
2013-10-05 04:54 - 2006-11-02 12:22 - 43253760 _____ C:\Windows\system32\config\components_previous
2013-10-05 04:54 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-10-04 20:17 - 2012-04-12 23:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-04 20:11 - 2013-01-05 10:27 - 00101015 _____ C:\Users\Susanne\AppData\Roaming\Safer-Networking.log
2013-10-04 20:11 - 2011-06-22 02:20 - 01897974 _____ C:\Windows\WindowsUpdate.log
2013-10-04 20:09 - 2013-03-16 18:33 - 00000000 ___RD C:\Users\Susanne\Dropbox
2013-10-04 20:09 - 2013-03-16 18:25 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Dropbox
2013-10-04 20:06 - 2012-01-21 03:50 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-04 20:05 - 2012-12-30 19:25 - 00000620 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-10-04 20:05 - 2012-01-21 03:50 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-04 20:04 - 2012-12-30 18:23 - 01086448 _____ C:\Windows\PFRO.log
2013-10-04 20:04 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-04 20:04 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-04 20:04 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 20:02 - 2006-11-02 15:01 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-04 20:01 - 2013-10-04 20:01 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Avira
2013-10-04 19:08 - 2011-06-22 02:43 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\vlc
2013-10-04 18:50 - 2006-11-02 12:22 - 05242880 _____ C:\Windows\system32\config\default_previous
2013-10-04 18:49 - 2013-10-04 18:49 - 00000000 ____D C:\FRST
2013-10-04 18:49 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-10-03 21:07 - 2013-08-22 18:50 - 00000000 ____D C:\ProgramData\Avira
2013-10-03 15:59 - 2013-10-03 15:59 - 00000000 _____ C:\Windows\setupact.log
2013-10-03 15:55 - 2013-10-03 15:55 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-03 15:55 - 2013-10-03 15:52 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-03 15:20 - 2013-10-03 15:20 - 99102760 _____ C:\Windows\system32\땭ﶀᴼ–
2013-10-02 23:30 - 2013-08-25 10:19 - 00000000 ____D C:\Windows\erdnt
2013-10-02 22:02 - 2006-11-02 12:33 - 00703516 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-02 09:42 - 2012-12-30 19:25 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-10-02 09:41 - 2013-10-02 09:41 - 98712514 _____ C:\Windows\system32\ߩᴼ^
2013-10-01 11:57 - 2013-10-01 11:57 - 98609238 _____ C:\Windows\system32\ޑꮚᴼ‰
2013-10-01 11:53 - 2012-12-30 19:25 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-10-01 00:06 - 2013-09-25 10:18 - 00000000 ____D C:\Users\Susanne\Desktop\Camino de Santiago
2013-09-30 23:19 - 2013-09-30 23:19 - 00000000 ____D C:\Users\Susanne\AppData\Local\{4942E2F6-D885-48BE-8B4E-579BCDDF8051}
2013-09-27 21:53 - 2013-09-27 21:53 - 00000000 ____D C:\Users\Susanne\AppData\Local\{FE696518-538C-406D-84C6-032116502796}
2013-09-25 09:38 - 2013-09-25 09:38 - 00000850 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-25 09:38 - 2013-09-25 09:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-25 09:38 - 2013-08-18 00:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-24 22:25 - 2013-09-24 22:25 - 00000000 ____D C:\Users\Susanne\AppData\Local\avgchrome
2013-09-24 20:38 - 2013-09-24 20:35 - 00000000 ___SD C:\32788R22FWJFW
2013-09-24 20:38 - 2013-09-02 04:22 - 00000000 ____D C:\Qoobox
2013-09-24 17:39 - 2013-08-25 22:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-24 17:24 - 2013-09-24 17:24 - 00000000 ____D C:\Users\Susanne\Documents\ProcAlyzer Dumps
2013-09-24 17:24 - 2011-06-22 20:51 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-24 17:07 - 2013-09-24 17:07 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Malwarebytes
2013-09-21 20:33 - 2013-08-23 01:49 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2013-09-20 20:19 - 2013-09-20 20:19 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2013-09-20 20:19 - 2012-04-12 23:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 20:19 - 2011-06-22 22:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 20:06 - 2013-09-20 20:05 - 98487876 _____ C:\Windows\system32\㓹ᴼ–
2013-09-14 09:34 - 2006-11-02 14:47 - 00340680 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 16:37 - 2009-02-23 19:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 16:04 - 2013-07-19 21:25 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 15:54 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-10 23:18 - 2013-09-10 23:18 - 00097008 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKELL.sys
2013-09-08 11:06 - 2013-08-25 20:04 - 00000364 _____ C:\Users\Guest\AppData\Roaming\Safer-Networking.log
2013-09-06 16:00 - 2013-09-06 16:00 - 00000000 ____D C:\Users\Guest\AppData\Roaming\yahoo!
2013-09-06 15:52 - 2013-09-06 15:52 - 00000000 ____D C:\Users\Guest\AppData\Local\avgchrome
2013-09-06 15:39 - 2013-09-06 15:39 - 96334488 _____ C:\Windows\system32\졡뜻ᴼ
2013-09-05 11:51 - 2013-09-02 17:42 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-05 11:51 - 2013-09-02 17:42 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 02:36 - 2013-09-04 02:36 - 00000000 ____D C:\Windows\system32\searchplugins
2013-09-04 02:36 - 2013-09-04 02:36 - 00000000 ____D C:\Windows\system32\Extensions
2013-09-04 01:16 - 2013-03-29 20:40 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-09-04 01:16 - 2013-03-29 20:40 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-09-04 01:14 - 2012-05-24 23:10 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\DVDVideoSoft
2013-09-04 00:45 - 2013-09-04 00:00 - 00000000 ____D C:\Users\Susanne\Desktop\htc 4gb
Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\temp\RtkBtMnt.exe
C:\Users\Susanne\AppData\Local\temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-04 20:13
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Susanne (administrator) on SUSANNE-PC on 04-10-2013 20:18:02
Running from C:\Users\Susanne\Desktop\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(EgisTec Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Windows\PLFSetI.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(EgisTec Inc.) C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
(EgisTec Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(sonix) C:\Windows\PLFSetL.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Realtek Semiconductor Corp.) C:\Users\Susanne\AppData\Local\Temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Google\Update\Install\{B8FBDF5F-C44A-4492-96F9-B8182282852D}\30.0.1599.69_29.0.1547.76_chrome_updater.exe
(Google Inc.) C:\Windows\TEMP\CR_6A0D0.tmp\setup.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-18] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6957600 2009-03-11] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2011-06-22] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [866824 2009-02-19] (Dritek System Inc.)
HKLM\...\Run: [BackupManagerTray] - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [249600 2009-04-01] (NewTech Infosystems, Inc.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [686624 2009-02-06] (Acer Incorporated)
HKLM\...\Run: [EgisTecLiveUpdate] - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464 2008-10-27] (EgisTec Inc.)
HKLM\...\Run: [mwlDaemon] - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [346672 2008-10-27] (EgisTec Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [PLFSetL] - C:\Windows\PLFSetL.exe [94208 2008-07-03] (sonix)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [439360 2013-08-13] (BillP Studios)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
HKU\Default\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [ 2009-01-21] (TODO: <Company name>)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
HKU\Default User\...\RunOnce: [ScrSav] - C:\Windows\Screensavers\Acer\run_Acer.exe [ 2009-01-21] (TODO: <Company name>)
HKU\Guest\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
Startup: C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Susanne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer | explore beyond limits
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.golsearch.com/?q={searchTerms}&babsrc=SP_ss_Btisdt6&mntrId=ECFA0017C4879F0B&affID=121565&tsp=4994
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.golsearch.com/?q={searchTerms}&babsrc=SP_ss_Btisdt6&mntrId=ECFA0017C4879F0B&affID=121565&tsp=4994
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1
FireFox:
========
FF ProfilePath: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default
FF user.js: detected! => C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\user.js
FF NewTab: hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=ECFA0017C4879F0B&affID=121565&tsp=4994
FF Homepage: hxxp://de.yahoo.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\searchplugins\BackupManager.list
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Delta Toolbar - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\ffxtlbr@delta.com
FF Extension: Yahoo! Toolbar - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: No Name - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\BackupManager.list
FF Extension: fdm_ffext - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\fdm_ffext@freedownloadmanager.org
FF Extension: testpilot - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: No Name - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\pjihvbmb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
Chrome:
=======
CHR HomePage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=ECFA0017C4879F0B&affID=121565&tsp=4994
CHR RestoreOnStartup: "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=ECFA0017C4879F0B&affID=121565&tsp=4994"
CHR DefaultSearchURL: (Delta Search) - hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=ECFA0017C4879F0B&affID=121565&tsp=4994
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.5) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Chrome In-App Payments service) - C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Susanne\AppData\Local\Temp\crxC675.tmp
CHR HKLM\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Susanne\AppData\Local\Temp\tbch.crx
========================== Services (Whitelisted) =================
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [653856 2009-02-06] (Acer Incorporated)
R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [306736 2008-10-27] (EgisTec Inc.)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [54528 2009-04-01] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [183312 2008-10-03] (Advanced Micro Devices, Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R2 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-10-09] (Egis Incorporated.)
R2 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-10-09] (Egis Incorporated.)
R2 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-10-09] (Egis Incorporated.)
R1 RapportCerberus_56758; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys [330960 2013-08-21] ()
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [148688 2013-09-10] (Trusteer Ltd.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [222416 2013-09-10] (Trusteer Ltd.)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [153952 2009-02-21] (Realtek Semiconductor Corp.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1759744 2009-05-06] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Susanne\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x86\Sandra.sys [x]
S3 vsdatant7; System32\drivers\vsdatant.win7.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-04 20:01 - 2013-10-04 20:01 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Avira
2013-10-04 18:49 - 2013-10-04 18:49 - 00000000 ____D C:\FRST
2013-10-03 15:59 - 2013-10-03 15:59 - 00000000 _____ C:\Windows\setupact.log
2013-10-03 15:55 - 2013-10-03 15:55 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-03 15:52 - 2013-10-03 15:55 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-03 15:20 - 2013-10-03 15:20 - 99102760 _____ C:\Windows\system32\땭ﶀᴼ–
2013-10-02 09:41 - 2013-10-02 09:41 - 98712514 _____ C:\Windows\system32\ߩᴼ^
2013-10-02 00:56 - 2013-08-25 10:52 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20131002-005657.backup
2013-10-01 11:57 - 2013-10-01 11:57 - 98609238 _____ C:\Windows\system32\ޑꮚᴼ‰
2013-09-30 23:19 - 2013-09-30 23:19 - 00000000 ____D C:\Users\Susanne\AppData\Local\{4942E2F6-D885-48BE-8B4E-579BCDDF8051}
2013-09-27 21:53 - 2013-09-27 21:53 - 00000000 ____D C:\Users\Susanne\AppData\Local\{FE696518-538C-406D-84C6-032116502796}
2013-09-25 10:18 - 2013-10-01 00:06 - 00000000 ____D C:\Users\Susanne\Desktop\Camino de Santiago
2013-09-25 09:38 - 2013-09-25 09:38 - 00000850 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-25 09:38 - 2013-09-25 09:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-25 00:56 - 2013-08-25 10:52 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130925-005628.backup
2013-09-24 22:25 - 2013-09-24 22:25 - 00000000 ____D C:\Users\Susanne\AppData\Local\avgchrome
2013-09-24 20:35 - 2013-09-24 20:38 - 00000000 ___SD C:\32788R22FWJFW
2013-09-24 20:25 - 2013-08-25 10:52 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130924-202544.backup
2013-09-24 17:24 - 2013-09-24 17:24 - 00000000 ____D C:\Users\Susanne\Documents\ProcAlyzer Dumps
2013-09-24 17:07 - 2013-09-24 17:07 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Malwarebytes
2013-09-20 20:19 - 2013-09-20 20:19 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2013-09-20 20:05 - 2013-09-20 20:06 - 98487876 _____ C:\Windows\system32\㓹ᴼ–
2013-09-13 16:18 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 16:18 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 16:18 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 16:18 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 16:18 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-13 16:18 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 16:18 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-13 16:18 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 16:18 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 16:18 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-13 16:18 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-13 16:18 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 16:18 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 16:18 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 16:18 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-13 16:18 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 20:00 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 20:00 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-10 23:18 - 2013-09-10 23:18 - 00097008 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKELL.sys
2013-09-06 16:00 - 2013-09-06 16:00 - 00000000 ____D C:\Users\Guest\AppData\Roaming\yahoo!
2013-09-06 15:52 - 2013-09-06 15:52 - 00000000 ____D C:\Users\Guest\AppData\Local\avgchrome
2013-09-06 15:39 - 2013-09-06 15:39 - 96334488 _____ C:\Windows\system32\졡뜻ᴼ
2013-09-04 02:36 - 2013-09-04 02:36 - 00000000 ____D C:\Windows\system32\searchplugins
2013-09-04 02:36 - 2013-09-04 02:36 - 00000000 ____D C:\Windows\system32\Extensions
2013-09-04 00:00 - 2013-09-04 00:45 - 00000000 ____D C:\Users\Susanne\Desktop\htc 4gb
==================== One Month Modified Files and Folders =======
2013-10-05 04:59 - 2013-08-23 01:40 - 00000000 ____D C:\Users\Guest
2013-10-05 04:59 - 2011-06-22 02:30 - 00000000 ____D C:\Users\Susanne
2013-10-05 04:59 - 2006-11-02 12:22 - 53477376 _____ C:\Windows\system32\config\software_previous
2013-10-05 04:59 - 2006-11-02 12:22 - 53215232 _____ C:\Windows\system32\config\system_previous
2013-10-05 04:58 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool
2013-10-05 04:58 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration
2013-10-05 04:57 - 2013-09-02 17:42 - 00000000 ____D C:\Program Files\Avira
2013-10-05 04:54 - 2006-11-02 12:22 - 43253760 _____ C:\Windows\system32\config\components_previous
2013-10-05 04:54 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-10-04 20:17 - 2012-04-12 23:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-04 20:11 - 2013-01-05 10:27 - 00101015 _____ C:\Users\Susanne\AppData\Roaming\Safer-Networking.log
2013-10-04 20:11 - 2011-06-22 02:20 - 01897974 _____ C:\Windows\WindowsUpdate.log
2013-10-04 20:09 - 2013-03-16 18:33 - 00000000 ___RD C:\Users\Susanne\Dropbox
2013-10-04 20:09 - 2013-03-16 18:25 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Dropbox
2013-10-04 20:06 - 2012-01-21 03:50 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-04 20:05 - 2012-12-30 19:25 - 00000620 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-10-04 20:05 - 2012-01-21 03:50 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-04 20:04 - 2012-12-30 18:23 - 01086448 _____ C:\Windows\PFRO.log
2013-10-04 20:04 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-04 20:04 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-04 20:04 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 20:02 - 2006-11-02 15:01 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-04 20:01 - 2013-10-04 20:01 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Avira
2013-10-04 19:08 - 2011-06-22 02:43 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\vlc
2013-10-04 18:50 - 2006-11-02 12:22 - 05242880 _____ C:\Windows\system32\config\default_previous
2013-10-04 18:49 - 2013-10-04 18:49 - 00000000 ____D C:\FRST
2013-10-04 18:49 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-10-03 21:07 - 2013-08-22 18:50 - 00000000 ____D C:\ProgramData\Avira
2013-10-03 15:59 - 2013-10-03 15:59 - 00000000 _____ C:\Windows\setupact.log
2013-10-03 15:55 - 2013-10-03 15:55 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-03 15:55 - 2013-10-03 15:52 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-03 15:20 - 2013-10-03 15:20 - 99102760 _____ C:\Windows\system32\땭ﶀᴼ–
2013-10-02 23:30 - 2013-08-25 10:19 - 00000000 ____D C:\Windows\erdnt
2013-10-02 22:02 - 2006-11-02 12:33 - 00703516 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-02 09:42 - 2012-12-30 19:25 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-10-02 09:41 - 2013-10-02 09:41 - 98712514 _____ C:\Windows\system32\ߩᴼ^
2013-10-01 11:57 - 2013-10-01 11:57 - 98609238 _____ C:\Windows\system32\ޑꮚᴼ‰
2013-10-01 11:53 - 2012-12-30 19:25 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-10-01 00:06 - 2013-09-25 10:18 - 00000000 ____D C:\Users\Susanne\Desktop\Camino de Santiago
2013-09-30 23:19 - 2013-09-30 23:19 - 00000000 ____D C:\Users\Susanne\AppData\Local\{4942E2F6-D885-48BE-8B4E-579BCDDF8051}
2013-09-27 21:53 - 2013-09-27 21:53 - 00000000 ____D C:\Users\Susanne\AppData\Local\{FE696518-538C-406D-84C6-032116502796}
2013-09-25 09:38 - 2013-09-25 09:38 - 00000850 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-25 09:38 - 2013-09-25 09:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-25 09:38 - 2013-08-18 00:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-24 22:25 - 2013-09-24 22:25 - 00000000 ____D C:\Users\Susanne\AppData\Local\avgchrome
2013-09-24 20:38 - 2013-09-24 20:35 - 00000000 ___SD C:\32788R22FWJFW
2013-09-24 20:38 - 2013-09-02 04:22 - 00000000 ____D C:\Qoobox
2013-09-24 17:39 - 2013-08-25 22:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-24 17:24 - 2013-09-24 17:24 - 00000000 ____D C:\Users\Susanne\Documents\ProcAlyzer Dumps
2013-09-24 17:24 - 2011-06-22 20:51 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-24 17:07 - 2013-09-24 17:07 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Malwarebytes
2013-09-21 20:33 - 2013-08-23 01:49 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2013-09-20 20:19 - 2013-09-20 20:19 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2013-09-20 20:19 - 2012-04-12 23:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 20:19 - 2011-06-22 22:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 20:06 - 2013-09-20 20:05 - 98487876 _____ C:\Windows\system32\㓹ᴼ–
2013-09-14 09:34 - 2006-11-02 14:47 - 00340680 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 16:37 - 2009-02-23 19:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 16:04 - 2013-07-19 21:25 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 15:54 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-10 23:18 - 2013-09-10 23:18 - 00097008 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKELL.sys
2013-09-08 11:06 - 2013-08-25 20:04 - 00000364 _____ C:\Users\Guest\AppData\Roaming\Safer-Networking.log
2013-09-06 16:00 - 2013-09-06 16:00 - 00000000 ____D C:\Users\Guest\AppData\Roaming\yahoo!
2013-09-06 15:52 - 2013-09-06 15:52 - 00000000 ____D C:\Users\Guest\AppData\Local\avgchrome
2013-09-06 15:39 - 2013-09-06 15:39 - 96334488 _____ C:\Windows\system32\졡뜻ᴼ
2013-09-05 11:51 - 2013-09-02 17:42 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-05 11:51 - 2013-09-02 17:42 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 02:36 - 2013-09-04 02:36 - 00000000 ____D C:\Windows\system32\searchplugins
2013-09-04 02:36 - 2013-09-04 02:36 - 00000000 ____D C:\Windows\system32\Extensions
2013-09-04 01:16 - 2013-03-29 20:40 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-09-04 01:16 - 2013-03-29 20:40 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-09-04 01:14 - 2012-05-24 23:10 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\DVDVideoSoft
2013-09-04 00:45 - 2013-09-04 00:00 - 00000000 ____D C:\Users\Susanne\Desktop\htc 4gb
Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\temp\RtkBtMnt.exe
C:\Users\Susanne\AppData\Local\temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-04 20:13
==================== End Of Log ============================
--- --- ---
--- --- --- |
FRST 32-Bit | FRST 64-Bit