Malware http://www_getwindowinfo/ läßt sich nicht entfernen

Virus_Killer · 06.08.2013, 10:24

Hallo an Alle,
ich habe folgendes Problem:
vor 3 Tagen hat sich meine Freundin auf meinen Laptop ein Freewareprogram zum konvertieren von Pdf Datein bei Chip.de runtergeladen.Seitdem habe ich eine Malware auf meinem Laptop, die einfach nicht verschwinden will. Das problem ist das sich ständig der Internet Explorer öffnet und die seite hxxp://www_getwindowinfo/ öffnet. wenn ich den explorer schließe, wird er sofort wieder geöffnet. Ich habe schon mehrfach Malwarebytes drüberlaufen lassen selbst im abgesicherten Modus und er zeigt mir wenn ich einen weiteren Scan mache immerwieder Infektionen an. Habe es dann mit adwcleaner versucht und über cccleaner Verlaufe und Cookies analysiert und den CCleaner gestartet.Ich habe sogar den Adobe Flashplayer gelöscht (was ich im abgesicherten Modus machen musste da der Explorer ja nicht zu schließen geht) und trotzdem wird immer wieder die hxxp://www_getwindowinfo/ anzeigt und ich habe den Adobe reader und Java neu installiert. Dann habe ich mit HitmanPro gescannt der auch Infektionen gefunden hat und den Laptop neugestartet. Jedoch das selbe problem besteht weiterhin. Bei einem weiteren Scan zeigt mit Hitmanpro aber an das alles sauber ist. Habe jetzt verzweifelt nochmal den CCleaner drüberlaufen lassen und nochmal Malwarebytes dann neugestartet aber keine Veränderung des Problems. Hier die letzten beiden Logfiles:

Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.05.08

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
And :: AND-PC [Administrator]

Schutz: Aktiviert

06.08.2013 10:24:49
mbam-log-2013-08-06 (10-24-49).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 268987
Laufzeit: 14 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\And\LOCALS~1\Temp\mswaqq.exe -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Daten: C:\Users\And\LOCALS~1\Temp\mswaqq.exe -> Löschen bei Neustart.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\And\AppData\Local\Temp\G6ntRk+l.exe.part (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\And\AppData\Local\Temp\hwry1TC9.exe.part (PUP.Optional.Installex) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\And\AppData\Local\Temp\ufNQ6MXu.exe.part (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

adwcleaner:

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 06/08/2013 um 10:12:39 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : And - AND-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\And\Desktop\adwcleaner06.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.16722

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\And\AppData\Roaming\Mozilla\Firefox\Profiles\c4ua26qo.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Andicore\AppData\Roaming\Mozilla\Firefox\Profiles\toomd3re.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v28.0.1500.95

Datei : C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v11.51.1087.0

Datei : C:\Users\And\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [193497 octets] - [04/08/2013 20:00:00]
AdwCleaner[R2].txt - [1883 octets] - [04/08/2013 20:07:03]
AdwCleaner[R3].txt - [1483 octets] - [05/08/2013 11:07:51]
AdwCleaner[S1].txt - [52900 octets] - [04/08/2013 20:02:21]
AdwCleaner[S2].txt - [1951 octets] - [04/08/2013 20:09:33]
AdwCleaner[S3].txt - [1545 octets] - [05/08/2013 11:10:22]
AdwCleaner[S4].txt - [1757 octets] - [06/08/2013 00:35:47]
AdwCleaner[S5].txt - [1523 octets] - [06/08/2013 10:12:39]

########## EOF - C:\AdwCleaner[S5].txt - [1583 octets] ##########

bitte helft mir bin schon am verzeifeln

cosinus · 06.08.2013, 11:51

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Virus_Killer · 06.08.2013, 13:16

ok hier noch die weiteren logs von Malwarebytes mit Funden:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.04.04

Windows 7 x64 NTFS (Abgesichertenmodus)
Internet Explorer 8.0.7600.16385
And :: AND-PC [Administrator]

Schutz: Deaktiviert

05.08.2013 09:16:33
mbam-log-2013-08-05 (09-16-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 496664
Laufzeit: 1 Stunde(n), 37 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\And\LOCALS~1\Temp\mswaqq.exe -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Daten: C:\Users\And\LOCALS~1\Temp\mswaqq.exe -> Löschen bei Neustart.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.04.04

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
And :: AND-PC [Administrator]

Schutz: Aktiviert

04.08.2013 20:35:00
mbam-log-2013-08-04 (20-35-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 500787
Laufzeit: 1 Stunde(n), 26 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\And\LOCALS~1\Temp\mswaqq.exe -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Daten: C:\Users\And\LOCALS~1\Temp\mswaqq.exe -> Löschen bei Neustart.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.04.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
And :: AND-PC [Administrator]

Schutz: Aktiviert

04.08.2013 17:22:02
mbam-log-2013-08-04 (17-22-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 270779
Laufzeit: 8 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\And\LOCALS~1\Temp\mswaqq.exe -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Daten: C:\Users\And\LOCALS~1\Temp\mswaqq.exe -> Löschen bei Neustart.

Infizierte Dateiobjekte der Registrierung: 8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 4
C:\Program Files (x86)\Wajam (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\Firefox (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\IE (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\Updater (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 7
C:\Windows\Installer\aa17ea.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\aa17f4.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\uninstall.exe (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\IE\favicon.ico (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\IE\wajamLogo.bmp (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\Updater\update.exe (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.04.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
And :: AND-PC [Administrator]

Schutz: Aktiviert

04.08.2013 19:03:39
mbam-log-2013-08-04 (19-03-39).txt

Art des Suchlaufs: Flash-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P
Durchsuchte Objekte: 234849
Laufzeit: 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\And\LOCALS~1\Temp\mswaqq.exe -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Daten: C:\Users\And\LOCALS~1\Temp\mswaqq.exe -> Löschen bei Neustart.

Infizierte Dateiobjekte der Registrierung: 8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.7&ts=1375623323278.000005&tguid=46364-3869-1375623323278-74C3C9F24FF7F15752B56B2ACC075E52&st=chrome&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

hier der Scan mit FRST (FRST.txt):

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2013
Ran by And (administrator) on 06-08-2013 13:59:35
Running from C:\Users\And\Downloads
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Dropbox, Inc.) C:\Users\And\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Windows Net) C:\Users\And\AppData\Roaming\Windows Net Data\net.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
((주)마크애니) C:\Program Files (x86)\MarkAny\ContentSAFER\MAAgent.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Farbar) C:\Users\And\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-23] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKCU\...\Run: [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED [x]
HKCU\...\Run: [MRDaemon.exe] - C:\Program Files (x86)\Mnet\QuickManager2\MRDaemon.exe [x]
HKCU\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [6377120 2012-09-20] (SlySoft, Inc.)
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [Eqxooqba] - C:\Users\And\AppData\Roaming\Toic\ytxoe.exe [x]
HKCU\...\Command Processor: "C:\Users\And\AppData\Local\Temp\lfxnbcwskkgdaillt.exe" <======= ATTENTION
HKCU\...\CurrentVersion\Windows: [Load] C:\Users\And\LOCALS~1\Temp\mswaqq.exe <===== ATTENTION!
MountPoints2: E - E:\HTC_Sync_Manager_PC.exe
MountPoints2: {0c0ac175-8f27-11e2-8d85-00262d83320a} - F:\HTC_Sync_Manager_PC.exe
MountPoints2: {23528b06-18fe-11df-b718-00262d83320a} - F:\LaunchU3.exe -a
MountPoints2: {6aba0b8d-5d6d-11e2-8da9-00262d83320a} - E:\HTC_Sync_Manager_PC.exe
MountPoints2: {b81641a4-6317-11e2-a7e1-00262d83320a} - E:\HTC_Sync_Manager_PC.exe
MountPoints2: {c7fe51d9-177d-11df-9573-00262d83320a} - E:\autorun.exe
MountPoints2: {ef840aab-4246-11e2-94d7-00262d83320a} - E:\HTC_Sync_Manager_PC.exe
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-09-25] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [IVM] - C:\Program Files (x86)\NCH Swift Sound\IVM\ivm.exe [1514500 2011-01-03] (NCH Software)
HKLM-x32\...\Run: [MAAgent] - C:\Program Files (x86)\MarkAny\ContentSAFER\MAAgent.exe [61440 2008-09-19] ((주)마크애니)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162408 2012-09-06] (Geek Software GmbH)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2012-11-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\And\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\And\AppData\Roaming\Windows Net Data\net.exe (Windows Net)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\And\AppData\Roaming\HomeTab\HomeTab.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\And\AppData\Roaming\HomeTab\HomeTab.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} -  No File
Handler: ipp - No CLSID Value - 
Handler: msdaipp - No CLSID Value - 
Handler-x32: ipp - No CLSID Value - 
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\PROGRA~2\MarkAny\CONTEN~1\MACSMA~1.DLL [192512 2004-11-23] (MarkAny Cooperation.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\And\AppData\Roaming\Mozilla\Firefox\Profiles\c4ua26qo.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] C:\Users\And\AppData\Roaming\13001.023
FF Extension: Java Link Helper - C:\Users\And\AppData\Roaming\13001.023
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Freemake Video Downloader) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0
CHR Extension: (Freemake Youtube Download Button) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0
CHR Extension: () - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html
CHR Extension: (Hedgehog in the fog) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fgibjgmnimooanbagcfpnkmngejcojaf] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx
CHR HKLM-x32\...\Chrome\Extension: [hempmfkijmahkaddljkmchcmjbojoedl] - C:\Users\And\AppData\Local\Temp\ccex.crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [mbcjjdjanpccmehilicphhmeobiljcpk] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-04] (Avira Operations GmbH & Co. KG)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-07-17] (Freemake)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-08-06] (SurfRight B.V.)
S2 IVMService; C:\Program Files (x86)\NCH Swift Sound\IVM\ivm.exe [1514500 2011-01-03] (NCH Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] ()
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-04] (soft Xpansion)
R2 XS Stick Service; C:\Windows\service4g.exe [125200 2009-06-17] (4G Systems GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-04] (Avira Operations GmbH & Co. KG)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2010-02-13] (Mobile Connector)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2013-02-28] ()
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2012-06-27] (WinISO.com)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-06 13:57 - 2013-08-06 13:57 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64(1).exe
2013-08-06 10:45 - 2013-08-06 10:45 - 00000818 _____ C:\Windows\PFRO.log
2013-08-06 10:20 - 2013-08-06 10:21 - 00001652 _____ C:\Users\And\Desktop\adwcleanert.txt
2013-08-06 10:12 - 2013-08-06 10:16 - 00001652 _____ C:\AdwCleaner[S5].txt
2013-08-06 02:55 - 2013-08-06 02:59 - 00004638 _____ C:\Windows\IE9_main.log
2013-08-06 01:17 - 2013-08-06 01:17 - 00000000 ____D C:\Windows\ERUNT
2013-08-06 01:16 - 2013-08-06 01:16 - 00003098 _____ C:\Windows\System32\Tasks\{3B137DB0-EE93-4304-A1D5-E1245BE95ABB}
2013-08-06 01:15 - 2013-08-06 01:15 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\And\Desktop\JRT.exe
2013-08-06 01:11 - 2013-08-06 01:12 - 00026563 _____ C:\Users\And\Downloads\Addition.txt
2013-08-06 01:10 - 2013-08-06 01:10 - 00000000 ____D C:\FRST
2013-08-06 01:09 - 2013-08-06 01:09 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64.exe
2013-08-06 01:02 - 2013-08-06 01:02 - 00001326 _____ C:\Windows\system32\.crusader
2013-08-06 00:49 - 2013-08-06 00:49 - 00001869 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-06 00:49 - 2013-08-06 00:49 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-06 00:48 - 2013-08-06 01:03 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-06 00:47 - 2013-08-06 00:48 - 09853928 _____ (SurfRight B.V.) C:\Users\And\Downloads\HitmanPro_x64.exe
2013-08-06 00:35 - 2013-08-06 00:38 - 00001757 _____ C:\AdwCleaner[S4].txt
2013-08-06 00:29 - 2013-08-06 13:30 - 00000392 _____ C:\Windows\setupact.log
2013-08-06 00:29 - 2013-08-06 00:29 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 00:10 - 2013-08-06 00:10 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00000000 ____D C:\Program Files\Java
2013-08-06 00:08 - 2013-08-06 00:09 - 33150376 _____ (Oracle Corporation) C:\Users\And\Downloads\jre-7u25-windows-x64.exe
2013-08-05 23:59 - 2013-08-05 23:59 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-05 23:53 - 2013-08-05 23:55 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-05 23:53 - 2013-08-05 23:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-05 23:52 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-08-05 23:52 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-08-05 23:18 - 2011-11-19 17:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2013-08-05 23:18 - 2011-11-19 16:06 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2013-08-05 23:00 - 2013-08-05 23:00 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-05 23:00 - 2013-08-05 23:00 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-05 23:00 - 2013-08-05 23:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-05 22:58 - 2013-08-05 22:58 - 04429440 _____ (Piriform Ltd) C:\Users\And\Downloads\ccsetup404.exe
2013-08-05 22:40 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-08-05 22:40 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-08-05 22:40 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-08-05 22:40 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-08-05 22:39 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-08-05 22:39 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-08-05 16:22 - 2013-08-05 16:23 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-05 15:14 - 2013-08-05 15:14 - 00000000 _____ C:\autoexec.bat
2013-08-05 14:33 - 2013-08-05 14:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-05 14:25 - 2013-08-05 14:25 - 05799944 _____ (ParetoLogic, Inc.) C:\Users\And\Downloads\RegCureProSetup_RW.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\And\Downloads\SpyHunter-Installer.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00001205 _____ C:\Users\And\Downloads\FixNCR.reg
2013-08-05 11:10 - 2013-08-05 11:10 - 00001545 _____ C:\AdwCleaner[S3].txt
2013-08-05 11:07 - 2013-08-05 11:09 - 00001483 _____ C:\AdwCleaner[R3].txt
2013-08-04 22:19 - 2013-08-06 00:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-04 22:19 - 2013-08-04 23:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-04 22:19 - 2013-08-04 22:19 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-04 22:17 - 2013-08-04 22:18 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\And\Downloads\spybotsd-2.1.21-SR2.exe
2013-08-04 20:09 - 2013-08-04 20:09 - 00001951 _____ C:\AdwCleaner[S2].txt
2013-08-04 20:07 - 2013-08-04 20:09 - 00001883 _____ C:\AdwCleaner[R2].txt
2013-08-04 20:02 - 2013-08-04 20:02 - 00052900 _____ C:\AdwCleaner[S1].txt
2013-08-04 20:01 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Desktop\adwcleaner06.exe
2013-08-04 20:00 - 2013-08-04 20:01 - 00193497 _____ C:\AdwCleaner[R1].txt
2013-08-04 19:59 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Downloads\adwcleaner06.exe
2013-08-04 16:04 - 2013-08-04 16:04 - 00000116 _____ C:\Users\And\AppData\Roaming\wklnhst.dat
2013-08-04 16:04 - 2013-08-04 16:04 - 00000000 ____D C:\Users\And\AppData\Roaming\Template
2013-08-04 15:38 - 2013-08-04 15:38 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\Users\And\Downloads\freepdf
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\SoftwareUpdater
2013-08-04 15:36 - 2013-08-05 01:58 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-08-04 15:36 - 2013-08-01 03:08 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-04 15:35 - 2013-08-04 15:47 - 00000000 ____D C:\Users\And\AppData\Roaming\Windows Net Data
2013-08-04 15:32 - 2013-08-04 15:32 - 00444400 _____ C:\Users\And\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-04 10:25 - 2013-08-04 10:25 - 00000000 ____D C:\Users\And\AppData\Roaming\Avira
2013-08-04 10:20 - 2013-08-04 10:20 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-04 10:19 - 2013-08-04 10:19 - 00001998 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-04 10:18 - 2013-08-04 10:18 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-04 10:18 - 2013-08-04 10:10 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-04 10:18 - 2013-08-04 10:10 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-04 10:18 - 2013-08-04 10:10 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-30 20:39 - 2013-07-30 20:39 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-30 20:26 - 2013-07-30 20:26 - 00000000 ____D C:\Users\TigerBlade\AppData\Roaming\Malwarebytes
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Roaming\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Local\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\ProgramData\www.rene-zeidler.de
2013-07-29 21:48 - 2013-07-29 21:48 - 00003376 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-29 21:47 - 2013-07-29 21:47 - 00001324 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2013-07-29 21:46 - 2013-07-29 21:46 - 01264816 _____ (Ellora Assets Corporation                                   ) C:\Users\And\Downloads\FreemakeAudioConverterSetup(1).exe
2013-07-29 21:28 - 2013-07-29 21:28 - 01111837 _____ (PolySoft Solutions                                          ) C:\Users\And\Downloads\FreeFLACToMP3Converter.exe
2013-07-29 21:22 - 2013-07-29 21:25 - 93548569 _____ C:\Users\And\Downloads\Rabentour2.zip
2013-07-29 18:55 - 2013-07-29 19:02 - 38760251 _____ C:\Users\And\Downloads\ffactory3_install [1].exe
2013-07-29 18:54 - 2013-07-29 18:54 - 00620896 _____ C:\Users\And\Downloads\ffactory3_install.exe
2013-07-29 18:34 - 2013-07-29 18:34 - 00001297 _____ C:\Users\And\Desktop\AVS4YOU Software Navigator.lnk
2013-07-29 18:32 - 2013-07-29 18:33 - 46406640 _____ (Online Media Technologies Ltd.                              ) C:\Users\And\Downloads\avs-audio-converter_19024.exe
2013-07-26 09:10 - 2013-07-26 09:10 - 00033692 _____ C:\Users\And\Downloads\masterplan_soulburn.gp4
2013-07-26 08:09 - 2013-07-26 08:10 - 00000000 ____D C:\Users\And\Desktop\Mastering
2013-07-24 11:47 - 2013-07-24 11:47 - 00408697 _____ C:\Users\And\Downloads\Outlook.zip
2013-07-23 22:05 - 2013-07-23 22:05 - 00000000 ____D C:\Users\And\Documents\My Stationery
2013-07-23 22:03 - 2013-07-23 22:03 - 00009258 _____ C:\Users\And\Downloads\Delivery Status Notification (Failure).zip
2013-07-21 20:09 - 2013-07-22 21:17 - 95023320 ____T C:\ProgramData\ininolej.pad
2013-07-21 20:09 - 2013-07-22 21:17 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00002731 _____ C:\ProgramData\ininolej.js
2013-07-21 20:09 - 2013-07-21 20:09 - 00001011 _____ C:\ProgramData\sdaksda.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00000154 _____ C:\ProgramData\ininolej.reg
2013-07-21 20:09 - 2013-07-21 20:09 - 00000059 _____ C:\ProgramData\ininolej.bat
2013-07-12 18:50 - 2013-07-12 18:50 - 00614400 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar.part
2013-07-12 18:50 - 2013-07-12 18:50 - 00000000 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar
2013-07-11 13:48 - 2013-07-11 14:08 - 60423352 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9.rar
2013-07-09 15:49 - 2013-07-09 15:49 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-09 15:49 - 2013-07-09 15:49 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
124

==================== One Month Modified Files and Folders =======

2013-08-06 13:58 - 2012-10-11 15:21 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-08-06 13:57 - 2013-08-06 13:57 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64(1).exe
2013-08-06 13:40 - 2011-01-03 00:44 - 00000000 ____D C:\Windows\System32\Tasks\NCH Swift Sound
2013-08-06 13:39 - 2013-04-12 14:29 - 00000000 ____D C:\Users\And\AppData\Roaming\Dropbox
2013-08-06 13:38 - 2010-02-28 16:16 - 00000125 ___SH C:\ProgramData\.zreglib
2013-08-06 13:38 - 2009-07-14 06:45 - 00017376 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-06 13:38 - 2009-07-14 06:45 - 00017376 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-06 13:37 - 2013-03-16 19:55 - 00000412 ____H C:\Windows\Tasks\schedule!3036567561.job
2013-08-06 13:37 - 2013-02-23 10:21 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-06 13:30 - 2013-08-06 00:29 - 00000392 _____ C:\Windows\setupact.log
2013-08-06 13:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-06 12:22 - 2010-01-24 08:37 - 01788763 _____ C:\Windows\WindowsUpdate.log
2013-08-06 12:06 - 2013-02-23 10:21 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-06 10:45 - 2013-08-06 10:45 - 00000818 _____ C:\Windows\PFRO.log
2013-08-06 10:21 - 2013-08-06 10:20 - 00001652 _____ C:\Users\And\Desktop\adwcleanert.txt
2013-08-06 10:16 - 2013-08-06 10:12 - 00001652 _____ C:\AdwCleaner[S5].txt
2013-08-06 09:50 - 2012-11-01 10:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-06 09:50 - 2012-11-01 10:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-06 04:17 - 2010-01-24 17:29 - 00663842 _____ C:\Windows\system32\perfh007.dat
2013-08-06 04:17 - 2010-01-24 17:29 - 00135078 _____ C:\Windows\system32\perfc007.dat
2013-08-06 04:17 - 2009-07-14 07:13 - 01547226 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-06 03:59 - 2009-11-05 05:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-06 02:59 - 2013-08-06 02:55 - 00004638 _____ C:\Windows\IE9_main.log
2013-08-06 02:42 - 2009-11-05 05:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-08-06 02:21 - 2009-07-14 04:34 - 00000510 _____ C:\Windows\win.ini
2013-08-06 01:17 - 2013-08-06 01:17 - 00000000 ____D C:\Windows\ERUNT
2013-08-06 01:16 - 2013-08-06 01:16 - 00003098 _____ C:\Windows\System32\Tasks\{3B137DB0-EE93-4304-A1D5-E1245BE95ABB}
2013-08-06 01:15 - 2013-08-06 01:15 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\And\Desktop\JRT.exe
2013-08-06 01:12 - 2013-08-06 01:11 - 00026563 _____ C:\Users\And\Downloads\Addition.txt
2013-08-06 01:10 - 2013-08-06 01:10 - 00000000 ____D C:\FRST
2013-08-06 01:09 - 2013-08-06 01:09 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64.exe
2013-08-06 01:03 - 2013-08-06 00:48 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-06 01:02 - 2013-08-06 01:02 - 00001326 _____ C:\Windows\system32\.crusader
2013-08-06 00:49 - 2013-08-06 00:49 - 00001869 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-06 00:49 - 2013-08-06 00:49 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-06 00:48 - 2013-08-06 00:47 - 09853928 _____ (SurfRight B.V.) C:\Users\And\Downloads\HitmanPro_x64.exe
2013-08-06 00:38 - 2013-08-06 00:35 - 00001757 _____ C:\AdwCleaner[S4].txt
2013-08-06 00:29 - 2013-08-06 00:29 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 00:18 - 2013-08-04 22:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-06 00:16 - 2010-04-01 03:10 - 00001768 _____ C:\Windows\wininit.ini
2013-08-06 00:10 - 2013-08-06 00:10 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00000000 ____D C:\Program Files\Java
2013-08-06 00:09 - 2013-08-06 00:08 - 33150376 _____ (Oracle Corporation) C:\Users\And\Downloads\jre-7u25-windows-x64.exe
2013-08-06 00:00 - 2010-03-24 16:00 - 00000000 ____D C:\Users\And\AppData\Local\Adobe
2013-08-05 23:59 - 2013-08-05 23:59 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-05 23:59 - 2009-11-05 02:38 - 00000000 ____D C:\ProgramData\Adobe
2013-08-05 23:59 - 2009-11-05 02:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-05 23:55 - 2013-08-05 23:53 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-05 23:55 - 2013-08-05 23:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-05 23:32 - 2013-02-25 00:02 - 00482816 ___SH C:\Users\And\Desktop\Thumbs.db
2013-08-05 23:17 - 2011-10-16 02:41 - 00000000 ____D C:\Users\And\AppData\Roaming\Vso
2013-08-05 23:17 - 2010-09-02 01:53 - 00000000 ____D C:\Users\And\AppData\Roaming\Media Player Classic
2013-08-05 23:17 - 2010-02-18 12:22 - 00000000 ____D C:\Users\And\Tracing
2013-08-05 23:10 - 2012-12-13 14:44 - 00000000 ____D C:\Users\And\AppData\Local\CrashDumps
2013-08-05 23:10 - 2009-07-27 22:41 - 00000000 ____D C:\Windows\Panther
2013-08-05 23:00 - 2013-08-05 23:00 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-05 23:00 - 2013-08-05 23:00 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-05 23:00 - 2013-08-05 23:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-05 22:58 - 2013-08-05 22:58 - 04429440 _____ (Piriform Ltd) C:\Users\And\Downloads\ccsetup404.exe
2013-08-05 16:23 - 2013-08-05 16:22 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-05 15:14 - 2013-08-05 15:14 - 00000000 _____ C:\autoexec.bat
2013-08-05 14:33 - 2013-08-05 14:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-05 14:25 - 2013-08-05 14:25 - 05799944 _____ (ParetoLogic, Inc.) C:\Users\And\Downloads\RegCureProSetup_RW.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\And\Downloads\SpyHunter-Installer.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00001205 _____ C:\Users\And\Downloads\FixNCR.reg
2013-08-05 11:10 - 2013-08-05 11:10 - 00001545 _____ C:\AdwCleaner[S3].txt
2013-08-05 11:09 - 2013-08-05 11:07 - 00001483 _____ C:\AdwCleaner[R3].txt
2013-08-05 09:13 - 2010-02-15 13:11 - 00000000 ____D C:\Users\And\AppData\Roaming\U3
2013-08-05 01:58 - 2013-08-04 15:36 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-08-04 23:00 - 2013-08-04 22:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-04 23:00 - 2013-03-16 19:54 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-04 22:19 - 2013-08-04 22:19 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-04 22:18 - 2013-08-04 22:17 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\And\Downloads\spybotsd-2.1.21-SR2.exe
2013-08-04 20:09 - 2013-08-04 20:09 - 00001951 _____ C:\AdwCleaner[S2].txt
2013-08-04 20:09 - 2013-08-04 20:07 - 00001883 _____ C:\AdwCleaner[R2].txt
2013-08-04 20:02 - 2013-08-04 20:02 - 00052900 _____ C:\AdwCleaner[S1].txt
2013-08-04 20:01 - 2013-08-04 20:00 - 00193497 _____ C:\AdwCleaner[R1].txt
2013-08-04 19:59 - 2013-08-04 20:01 - 00666633 _____ C:\Users\And\Desktop\adwcleaner06.exe
2013-08-04 19:59 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Downloads\adwcleaner06.exe
2013-08-04 18:30 - 2009-11-05 05:32 - 00000000 ____D C:\Program Files (x86)\Acer GameZone
2013-08-04 18:10 - 2009-11-05 02:36 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-08-04 17:56 - 2012-10-19 09:50 - 00000000 ____D C:\Users\And\AppData\Roaming\Amazon
2013-08-04 17:56 - 2012-10-19 09:50 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-08-04 17:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-04 16:04 - 2013-08-04 16:04 - 00000116 _____ C:\Users\And\AppData\Roaming\wklnhst.dat
2013-08-04 16:04 - 2013-08-04 16:04 - 00000000 ____D C:\Users\And\AppData\Roaming\Template
2013-08-04 16:04 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-04 15:47 - 2013-08-04 15:35 - 00000000 ____D C:\Users\And\AppData\Roaming\Windows Net Data
2013-08-04 15:42 - 2009-07-14 06:45 - 05082032 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-04 15:38 - 2013-08-04 15:38 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\Users\And\Downloads\freepdf
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\SoftwareUpdater
2013-08-04 15:36 - 2010-02-12 21:31 - 00139336 _____ C:\Users\And\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-04 15:35 - 2010-02-12 21:32 - 00000000 ____D C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-04 15:32 - 2013-08-04 15:32 - 00444400 _____ C:\Users\And\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-04 11:34 - 2011-10-07 09:26 - 00000000 ____D C:\Users\And\Desktop\Andy Fotoordner
2013-08-04 10:25 - 2013-08-04 10:25 - 00000000 ____D C:\Users\And\AppData\Roaming\Avira
2013-08-04 10:20 - 2013-08-04 10:20 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-04 10:19 - 2013-08-04 10:19 - 00001998 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-04 10:18 - 2013-08-04 10:18 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-04 10:18 - 2011-03-25 23:27 - 00000000 ____D C:\ProgramData\Avira
2013-08-04 10:10 - 2013-08-04 10:18 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-04 10:10 - 2013-08-04 10:18 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-04 10:10 - 2013-08-04 10:18 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-03 02:19 - 2013-04-09 12:38 - 00000000 ____D C:\Users\And\AppData\Roaming\vlc
2013-08-02 02:39 - 2012-04-11 12:13 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-08-01 03:08 - 2013-08-04 15:36 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-01 01:10 - 2013-02-23 10:22 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-31 16:54 - 2012-11-01 10:23 - 00003332 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2466762564-940141292-4185495133-1000
2013-07-31 16:54 - 2012-11-01 10:23 - 00003194 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2466762564-940141292-4185495133-1000
2013-07-30 20:39 - 2013-07-30 20:39 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-30 20:26 - 2013-07-30 20:26 - 00000000 ____D C:\Users\TigerBlade\AppData\Roaming\Malwarebytes
2013-07-30 20:25 - 2012-12-12 23:07 - 00139336 _____ C:\Users\TigerBlade\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-30 15:31 - 2013-06-16 21:43 - 00000000 ____D C:\Users\And\Desktop\NEW PROG PROJECT
2013-07-30 12:57 - 2012-07-26 23:40 - 00000000 ____D C:\Users\And\Desktop\DIVERSES
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Roaming\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Local\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\ProgramData\www.rene-zeidler.de
2013-07-29 22:42 - 2011-07-21 06:44 - 00000000 ____D C:\Users\And\Desktop\Doros Welt
2013-07-29 21:48 - 2013-07-29 21:48 - 00003376 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-29 21:47 - 2013-07-29 21:47 - 00001324 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2013-07-29 21:47 - 2012-11-24 02:35 - 00000000 ____D C:\ProgramData\Freemake
2013-07-29 21:46 - 2013-07-29 21:46 - 01264816 _____ (Ellora Assets Corporation                                   ) C:\Users\And\Downloads\FreemakeAudioConverterSetup(1).exe
2013-07-29 21:28 - 2013-07-29 21:28 - 01111837 _____ (PolySoft Solutions                                          ) C:\Users\And\Downloads\FreeFLACToMP3Converter.exe
2013-07-29 21:25 - 2013-07-29 21:22 - 93548569 _____ C:\Users\And\Downloads\Rabentour2.zip
2013-07-29 19:02 - 2013-07-29 18:55 - 38760251 _____ C:\Users\And\Downloads\ffactory3_install [1].exe
2013-07-29 18:54 - 2013-07-29 18:54 - 00620896 _____ C:\Users\And\Downloads\ffactory3_install.exe
2013-07-29 18:34 - 2013-07-29 18:34 - 00001297 _____ C:\Users\And\Desktop\AVS4YOU Software Navigator.lnk
2013-07-29 18:34 - 2011-11-04 13:22 - 00000000 ____D C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2013-07-29 18:34 - 2011-11-04 13:21 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-07-29 18:33 - 2013-07-29 18:32 - 46406640 _____ (Online Media Technologies Ltd.                              ) C:\Users\And\Downloads\avs-audio-converter_19024.exe
2013-07-29 16:27 - 2011-10-07 09:26 - 00000000 ____D C:\Users\And\Desktop\Andy neue Daten - WICHTIG
2013-07-29 12:49 - 2013-02-27 13:42 - 00000000 ____D C:\Users\And\Desktop\SOULSEEK-FILES
2013-07-29 11:20 - 2010-02-13 15:32 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-07-26 09:10 - 2013-07-26 09:10 - 00033692 _____ C:\Users\And\Downloads\masterplan_soulburn.gp4
2013-07-26 08:10 - 2013-07-26 08:09 - 00000000 ____D C:\Users\And\Desktop\Mastering
2013-07-24 11:47 - 2013-07-24 11:47 - 00408697 _____ C:\Users\And\Downloads\Outlook.zip
2013-07-23 23:57 - 2012-01-08 20:43 - 00001057 _____ C:\Users\And\AppData\Roaming\vso_ts_preview.xml
2013-07-23 22:05 - 2013-07-23 22:05 - 00000000 ____D C:\Users\And\Documents\My Stationery
2013-07-23 22:03 - 2013-07-23 22:03 - 00009258 _____ C:\Users\And\Downloads\Delivery Status Notification (Failure).zip
2013-07-22 21:17 - 2013-07-21 20:09 - 95023320 ____T C:\ProgramData\ininolej.pad
2013-07-22 21:17 - 2013-07-21 20:09 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00002731 _____ C:\ProgramData\ininolej.js
2013-07-21 20:09 - 2013-07-21 20:09 - 00001011 _____ C:\ProgramData\sdaksda.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00000154 _____ C:\ProgramData\ininolej.reg
2013-07-21 20:09 - 2013-07-21 20:09 - 00000059 _____ C:\ProgramData\ininolej.bat
2013-07-15 12:41 - 2012-04-25 00:03 - 00000000 ____D C:\Users\And\AppData\Roaming\Mp3tag
2013-07-14 21:55 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-13 00:01 - 2013-02-23 10:21 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 00:01 - 2013-02-23 10:21 - 00003848 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 18:50 - 2013-07-12 18:50 - 00614400 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar.part
2013-07-12 18:50 - 2013-07-12 18:50 - 00000000 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar
2013-07-11 14:08 - 2013-07-11 13:48 - 60423352 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9.rar
2013-07-09 15:49 - 2013-07-09 15:49 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-09 15:49 - 2013-07-09 15:49 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
2013-07-07 12:55 - 2012-06-14 21:55 - 00000156 _____ C:\Windows\Twunk001.MTX
2013-07-07 12:55 - 2012-06-14 21:55 - 00000004 _____ C:\Windows\Twain001.Mtx

Files to move or delete:
====================
C:\ProgramData\ininolej.bat
C:\ProgramData\ininolej.pad
C:\ProgramData\ininolej.reg
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\ProgramData\z7_0ytr.pad

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-05 14:16

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

die Addition.txt kann ich irgendwie nicht finden

ok ich hab die Addition.txt gefunden:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2013
Ran by And at 2013-08-06 14:12:43
Running from C:\Users\And\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Acer Arcade Deluxe (x32 Version: 3.0.7112)
Acer Backup Manager (x32 Version: 2.0.0.29)
Acer Crystal Eye Webcam (x32 Version: 5.2.9.3)
Acer ePower Management (x32 Version: 4.05.3004)
Acer eRecovery Management (x32 Version: 4.05.3005)
Acer GameZone Console (x32 Version: 5.1.0.2)
Acer GridVista (x32 Version: 3.01.0730)
Acer Registration (x32 Version: 1.02.3006)
Acer ScreenSaver (x32 Version: 1.7.0715)
Acer Updater (x32 Version: 1.01.3017)
Acer VCM (x32 Version: 4.05.3000)
Acrobat.com (x32 Version: 1.6.65)
Adobe After Effects CS6 (x32 Version: 11)
Adobe AIR (x32 Version: 3.2.0.2070)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Photoshop 7.0 (x32 Version: 7.0)
Adobe Photoshop Lightroom 4 64-bit (Version: 4.0.1)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005)
ALPS Touch Pad Driver (Version: 7.105.2015.1105)
Antares Auto-Tune v4.39 (x32)
AnyDVD (x32 Version: 7.0.9.0)
Apple Application Support (x32 Version: 2.3)
ARAX Disk Doctor Data Recovery (x32)
ATI Catalyst Install Manager (Version: 3.0.754.0)
AutoFriend (x32 Version: 4.00.0449)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
AviSynth 2.5 (x32)
AVS Update Manager 1.0 (x32)
AVS Video Converter 8 (x32)
AVS4YOU Software Navigator 1.4 (x32)
AVStoDVD 2.4.1 (x32 Version: 2.4.1)
Backup Manager Basic (x32 Version: 2.0.0.29)
Battle.net (x32)
Broadcom Gigabit NetLink Controller (Version: 12.33.03)
BrowseToSave (Version: 1.0)
Camtasia Studio 8 (x32 Version: 8.0.2.961)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center Graphics Full New (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center Graphics Light (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center InstallProxy (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center Localization All (x32 Version: 2009.1209.2335.42329)
CCC Help Chinese Standard (x32 Version: 2009.1209.2334.42329)
CCC Help Chinese Traditional (x32 Version: 2009.1209.2334.42329)
CCC Help Czech (x32 Version: 2009.1209.2334.42329)
CCC Help Danish (x32 Version: 2009.1209.2334.42329)
CCC Help Dutch (x32 Version: 2009.1209.2334.42329)
CCC Help English (x32 Version: 2009.1209.2334.42329)
CCC Help Finnish (x32 Version: 2009.1209.2334.42329)
CCC Help French (x32 Version: 2009.1209.2334.42329)
CCC Help German (x32 Version: 2009.1209.2334.42329)
CCC Help Greek (x32 Version: 2009.1209.2334.42329)
CCC Help Hungarian (x32 Version: 2009.1209.2334.42329)
CCC Help Italian (x32 Version: 2009.1209.2334.42329)
CCC Help Japanese (x32 Version: 2009.1209.2334.42329)
CCC Help Korean (x32 Version: 2009.1209.2334.42329)
CCC Help Norwegian (x32 Version: 2009.1209.2334.42329)
CCC Help Polish (x32 Version: 2009.1209.2334.42329)
CCC Help Portuguese (x32 Version: 2009.1209.2334.42329)
CCC Help Russian (x32 Version: 2009.1209.2334.42329)
CCC Help Spanish (x32 Version: 2009.1209.2334.42329)
CCC Help Swedish (x32 Version: 2009.1209.2334.42329)
CCC Help Thai (x32 Version: 2009.1209.2334.42329)
CCC Help Turkish (x32 Version: 2009.1209.2334.42329)
ccc-core-static (x32 Version: 2009.1209.2335.42329)
ccc-utility64 (Version: 2009.1209.2335.42329)
CDBurnerXP (Version: 4.3.8.2631)
CDisplay 1.8 (x32)
CloneDVD 4.1.0.23 (x32)
CloneDVD2 (x32)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
ContentSAFER (x32)
ConvertXtoDVD 4.1.2.336 (x32 Version: 4.1.2.336)
Doxillion Document Converter (x32)
Dream Day First Home (x32)
Dropbox (HKCU Version: 2.0.22)
DVD Decrypter (Remove Only) (x32)
DVDFab 8.2.1.5 (10/10/2012) Qt
eaner (Version: 4.04)
eBay Worldwide (x32 Version: 2.1.0901)
Free CD to MP3 Converter (x32)
Free DVD Decrypter version 1.5.6.908 (x32 Version: 1.5.6.908)
Free M4a to MP3 Converter 7.1 (x32)
Free MKV Video2Dvd 3.30 (x32)
Free Video Converter V 2.7 (x32 Version: 2.7.0.0)
Free WAV to MP3 Converter (x32 Version: 1.0)
Freemake Audio Converter Version 1.1.0 (x32 Version: 1.1.0)
GoforFiles (HKCU Version: 1.6.0)
Google Chrome (x32 Version: 28.0.1500.95)
Google Update Helper (x32 Version: 1.3.21.153)
Guitar Pro 5.1 (x32)
Guitar Pro 6 (x32)
Haali Media Splitter (x32)
Heroes of Hellas (x32)
High-Logic FontCreator 6.0 (x32)
HitmanPro 3.7 (Version: 3.7.7.203)
HomeTab 3.7 (x32 Version: 3.7)
Identity Card (x32 Version: 1.00.3003)
ImgBurn (x32 Version: 2.5.5.0)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel® Matrix Storage Manager
IPTInstaller (x32 Version: 4.0.4)
IVM Answering Attendant (x32)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 9 (x32 Version: 7.0.90)
Java Auto Updater (x32 Version: 2.1.9.0)
Java(TM) 6 Update 37 (x32 Version: 6.0.370)
JDownloader (x32 Version: 0.89)
Junk Mail filter update (x32 Version: 14.0.8089.726)
kikin Plugin (NO23 Edition) 1.11 (x32 Version: 1.11)
Launch Manager (x32 Version: 3.0.05)
Linkury Smartbar (x32 Version: 1.6.1.835)
LSI HDA Modem (Version: 2.2.98)
Magic Bullet Suite 64-bit (Version: 11.4.1)
Magic Bullet Suite 64-bit (x32 Version: 11.4.1)
Magic ISO Maker v5.5 (build 0281) (x32)
MAGIX Foto Clinic 4.5 (D) (x32 Version: 4.5.8.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Messer v0.992 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Language Pack 2007 - German/Deutsch (x32 Version: 12.0.6612.1000)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32)
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Word 2000 (x32 Version: 9.00.2816)
Microsoft Works (x32 Version: 9.7.0621)
MixMeister BPM Analyzer 1.0 (x32)
MKVtoolnix 4.9.1 (x32 Version: 4.9.1)
Monkey's Audio (x32)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mp3tag v2.51 (x32 Version: v2.51)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyVideoConverter 2.405 (x32 Version: 2.405)
MyWinLocker (x32 Version: 3.1.76.0)
Nero 7 Ultra Edition (x32 Version: 7.02.0936)
NJStar Chinese WP (x32 Version: 5.30)
No23 Recorder (x32 Version: 2.1.0.3)
Norton Online Backup (x32 Version: 1.2.0.36)
NTI Backup Now 5 (x32 Version: 5.1.2.627)
NTI Backup Now Standard (x32 Version: 5.1.2.627)
NTI Media Maker 8 (x32 Version: 8.0.12.6623)
Opera 11.51 (x32 Version: 11.51)
Paint.NET v3.5.10 (Version: 3.60.0)
PandoraRecovery (Remove Only) (x32)
PC Inspector File Recovery (x32 Version: 4.0)
PCSX2 - Playstation 2 Emulator (x32)
PDF24 Creator 4.9.0 (x32)
PhotoScape (x32)
PrimaScan 2400U (x32)
Project64 1.6 (x32 Version: 1.6)
QuickTime (x32 Version: 7.73.80.64)
Real Alternative 2.0.2 (x32 Version: 2.0.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32 Version: 15.0.6)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Recuva (Version: 1.39)
Redtube Video Downloader 3.27 (x32)
Revo Uninstaller 1.94 (x32 Version: 1.94)
Roadkil's Unstoppable Copier Version 5.2 (x32)
Sony Ericsson PC Companion 1.60.13 (x32 Version: 1.60.13)
Sony Ericsson Update Service (x32 Version: 2.11.7.13)
SoulSeek 157 NS 13e (x32)
Stamp ID3 Tag Editor (x32)
StuffIt Expander 2011 (Version: 15.0.1.17)
Super Luigi (x32)
Super Mario Combat (x32)
SWFPlayer 2.6.2.0 (x32 Version: 2.6.2.0)
Ultimate Sonic (x32)
UltraISO Premium V9.53 (x32)
Uninstall 1.0.0.1 (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0)
VLC media player 2.0.5 (Version: 2.0.5)
WaveLab 6 (x32 Version: 6.1.1.353)
Welcome Center (x32 Version: 1.00.3008)
Western Railway 3D Screensaver 1.0 (x32 Version: 1.0)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows Utils (x32)
WinISO (x32 Version: 6.2.0.4561)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001)
WinRAR
XSManager (x32 Version: 3.0)

==================== Restore Points  =========================

06-08-2013 09:31:41 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-02-07 16:31 - 00000944 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activation.cloud.techsmith.com
127.0.0.1 lmlicenses.wip4.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {1CD23554-B33D-46FF-916C-325F9F27F1CA} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2466762564-940141292-4185495133-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {26185D45-5F8C-4C0D-B0BB-63D41852AF5D} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe No File
Task: {26F55283-5C09-489E-BB12-4E7B20EAA129} - System32\Tasks\NCH Swift Sound\ivmShakeIcon => C:\Program Files (x86)\NCH Swift Sound\IVM\IVM.exe [2011-01-03] (NCH Software)
Task: {2A2C732F-C72B-4977-BC8C-ED4D3B8B0DF0} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2012-06-25] ()
Task: {463FC5CA-DEBB-44CD-BB16-5F371308683D} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File
Task: {58855AB7-D989-4402-B41C-906C98816BAC} - System32\Tasks\BrowserDefendert => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation)
Task: {63C53241-09EA-4F28-AE0F-A4396E9440FA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2466762564-940141292-4185495133-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {6A7F103C-4524-4BC0-8764-3D7A5A14F726} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe No File
Task: {78D09616-92E4-4F01-A244-1760B79B081C} - System32\Tasks\AdobeAAMUpdater-1.0-And-PC-And => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {97644A33-D20B-4900-B503-56C6D96752BF} - System32\Tasks\EPUpdater => C:\Users\And\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File
Task: {A238C6CC-6F3B-4D21-866B-38FC99EAE2BF} - System32\Tasks\DealPly => C:\Users\And\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE No File
Task: {A4342C0D-B7D6-4CEE-9621-9B6CEC5279C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.)
Task: {AAE87F3E-E936-47FF-AFBA-F50BFB764974} - System32\Tasks\schedule!3036567561 => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe No File
Task: {ABDF708E-3A66-4B3F-A63C-383F08C48EB5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {AD4643DF-A225-4F86-8E54-0DB89C6426DA} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe No File
Task: {AF61EF2A-880F-4659-8AA3-7D11152B6A37} - System32\Tasks\NCH Software\StampReminder => C:\Program Files (x86)\NCH Software\Stamp\Stamp.exe [2012-06-02] (NCH Software)
Task: {B25AA450-1194-4CFA-95C8-91284517A395} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {B2EC01C0-68F2-4523-8374-84CBEC6E8AE6} - \Browser Updater\Browser Updater No Task File
Task: {C7D66695-B35A-40CB-A5F0-09540CBA3B53} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe No File
Task: {D2998863-EAE5-4B9E-9913-B17B7FAA996F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.)
Task: {E3C4397C-658D-45B8-8BA6-434F5065DC97} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\schedule!3036567561.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe

==================== Faulty Device Manager Devices =============

Name: pcouffin device ...
Description: pcouffin device ...
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/06/2013 11:59:14 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.MFC,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {66D3DCA5-4396-3023-BB22-E980C88CBE12}

Error: (08/06/2013 10:33:57 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/06/2013 10:33:29 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/06/2013 10:33:24 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/06/2013 10:33:20 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/06/2013 10:32:29 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/06/2013 10:32:25 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/06/2013 10:32:20 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/06/2013 10:31:39 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/06/2013 03:59:20 AM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog


System errors:
=============
Error: (08/06/2013 01:56:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2661254)

Error: (08/06/2013 01:38:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5.1 unter Windows 7 und Windows Server 2008 R2 für x64-basierte Systeme (KB2742598)

Error: (08/06/2013 01:38:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2647753)

Error: (08/06/2013 01:38:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2644615)

Error: (08/06/2013 01:38:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-Systeme (KB2698365)

Error: (08/06/2013 01:38:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2813170)

Error: (08/06/2013 01:38:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2660649)

Error: (08/06/2013 01:38:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2619339)

Error: (08/06/2013 01:38:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2564958)

Error: (08/06/2013 01:38:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2511455)


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 49%
Total physical RAM: 3956.5 MB
Available physical RAM: 2009.52 MB
Total Pagefile: 6379.97 MB
Available Pagefile: 4155.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:286.27 GB) (Free:4.68 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 5CCE5CCE)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 06.08.2013, 13:39

Zitat:

2009-07-14 04:34 - 2013-02-07 16:31 - 00000944 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activation.cloud.techsmith.com
127.0.0.1 lmlicenses.wip4.adobe.com

Warum hast du diese Hosts-Datei-Einträge?
Aus welcher Quelle stammt dein Adobe CS6?

Virus_Killer · 06.08.2013, 14:15

das habe ich mal von einem Bekannten zur Bild und Videobearbeitung bekommen

cosinus · 06.08.2013, 14:18

Also ne illegale/gecrackte Geschichte.

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

Virus_Killer · 06.08.2013, 14:41

ok habe alles runtergeschmissen.Soll ich nochmal nen scan machen?

cosinus · 06.08.2013, 14:42

ja, neues Log mit FRST bittre

Virus_Killer · 06.08.2013, 14:50

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2013
Ran by And (administrator) on 06-08-2013 15:45:39
Running from C:\Users\And\Downloads
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Dropbox, Inc.) C:\Users\And\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Windows Net) C:\Users\And\AppData\Roaming\Windows Net Data\net.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
((주)마크애니) C:\Program Files (x86)\MarkAny\ContentSAFER\MAAgent.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Farbar) C:\Users\And\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-23] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKCU\...\Run: [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED [x]
HKCU\...\Run: [MRDaemon.exe] - C:\Program Files (x86)\Mnet\QuickManager2\MRDaemon.exe [x]
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [Eqxooqba] - C:\Users\And\AppData\Roaming\Toic\ytxoe.exe [x]
HKCU\...\Command Processor: "C:\Users\And\AppData\Local\Temp\lfxnbcwskkgdaillt.exe" <======= ATTENTION
HKCU\...\CurrentVersion\Windows: [Load] C:\Users\And\LOCALS~1\Temp\mswaqq.exe <===== ATTENTION!
MountPoints2: E - E:\HTC_Sync_Manager_PC.exe
MountPoints2: {0c0ac175-8f27-11e2-8d85-00262d83320a} - F:\HTC_Sync_Manager_PC.exe
MountPoints2: {23528b06-18fe-11df-b718-00262d83320a} - F:\LaunchU3.exe -a
MountPoints2: {6aba0b8d-5d6d-11e2-8da9-00262d83320a} - E:\HTC_Sync_Manager_PC.exe
MountPoints2: {b81641a4-6317-11e2-a7e1-00262d83320a} - E:\HTC_Sync_Manager_PC.exe
MountPoints2: {c7fe51d9-177d-11df-9573-00262d83320a} - E:\autorun.exe
MountPoints2: {ef840aab-4246-11e2-94d7-00262d83320a} - E:\HTC_Sync_Manager_PC.exe
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-09-25] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [IVM] - C:\Program Files (x86)\NCH Swift Sound\IVM\ivm.exe [1514500 2011-01-03] (NCH Software)
HKLM-x32\...\Run: [MAAgent] - C:\Program Files (x86)\MarkAny\ContentSAFER\MAAgent.exe [61440 2008-09-19] ((주)마크애니)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162408 2012-09-06] (Geek Software GmbH)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2012-11-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-08] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\And\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\And\AppData\Roaming\Windows Net Data\net.exe (Windows Net)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\And\AppData\Roaming\HomeTab\HomeTab.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\And\AppData\Roaming\HomeTab\HomeTab.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} -  No File
Handler: ipp - No CLSID Value - 
Handler: msdaipp - No CLSID Value - 
Handler-x32: ipp - No CLSID Value - 
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\PROGRA~2\MarkAny\CONTEN~1\MACSMA~1.DLL [192512 2004-11-23] (MarkAny Cooperation.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\And\AppData\Roaming\Mozilla\Firefox\Profiles\c4ua26qo.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] C:\Users\And\AppData\Roaming\13001.023
FF Extension: Java Link Helper - C:\Users\And\AppData\Roaming\13001.023
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Freemake Video Downloader) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0
CHR Extension: (Freemake Youtube Download Button) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0
CHR Extension: () - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html
CHR Extension: (Hedgehog in the fog) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fgibjgmnimooanbagcfpnkmngejcojaf] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx
CHR HKLM-x32\...\Chrome\Extension: [hempmfkijmahkaddljkmchcmjbojoedl] - C:\Users\And\AppData\Local\Temp\ccex.crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [mbcjjdjanpccmehilicphhmeobiljcpk] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-04] (Avira Operations GmbH & Co. KG)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-07-17] (Freemake)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-08-06] (SurfRight B.V.)
S2 IVMService; C:\Program Files (x86)\NCH Swift Sound\IVM\ivm.exe [1514500 2011-01-03] (NCH Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] ()
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-04] (soft Xpansion)
R2 XS Stick Service; C:\Windows\service4g.exe [125200 2009-06-17] (4G Systems GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-04] (Avira Operations GmbH & Co. KG)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2010-02-13] (Mobile Connector)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2013-02-28] ()
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2012-06-27] (WinISO.com)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-06 13:57 - 2013-08-06 13:57 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64(1).exe
2013-08-06 10:45 - 2013-08-06 10:45 - 00000818 _____ C:\Windows\PFRO.log
2013-08-06 10:20 - 2013-08-06 10:21 - 00001652 _____ C:\Users\And\Desktop\adwcleanert.txt
2013-08-06 10:12 - 2013-08-06 10:16 - 00001652 _____ C:\AdwCleaner[S5].txt
2013-08-06 02:55 - 2013-08-06 02:59 - 00004638 _____ C:\Windows\IE9_main.log
2013-08-06 01:17 - 2013-08-06 01:17 - 00000000 ____D C:\Windows\ERUNT
2013-08-06 01:16 - 2013-08-06 01:16 - 00003098 _____ C:\Windows\System32\Tasks\{3B137DB0-EE93-4304-A1D5-E1245BE95ABB}
2013-08-06 01:15 - 2013-08-06 01:15 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\And\Desktop\JRT.exe
2013-08-06 01:11 - 2013-08-06 14:13 - 00027371 _____ C:\Users\And\Downloads\Addition.txt
2013-08-06 01:10 - 2013-08-06 01:10 - 00000000 ____D C:\FRST
2013-08-06 01:09 - 2013-08-06 01:09 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64.exe
2013-08-06 01:02 - 2013-08-06 01:02 - 00001326 _____ C:\Windows\system32\.crusader
2013-08-06 00:49 - 2013-08-06 00:49 - 00001869 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-06 00:49 - 2013-08-06 00:49 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-06 00:48 - 2013-08-06 01:03 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-06 00:47 - 2013-08-06 00:48 - 09853928 _____ (SurfRight B.V.) C:\Users\And\Downloads\HitmanPro_x64.exe
2013-08-06 00:35 - 2013-08-06 00:38 - 00001757 _____ C:\AdwCleaner[S4].txt
2013-08-06 00:29 - 2013-08-06 15:03 - 00000448 _____ C:\Windows\setupact.log
2013-08-06 00:29 - 2013-08-06 00:29 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 00:10 - 2013-08-06 00:10 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00000000 ____D C:\Program Files\Java
2013-08-06 00:08 - 2013-08-06 00:09 - 33150376 _____ (Oracle Corporation) C:\Users\And\Downloads\jre-7u25-windows-x64.exe
2013-08-05 23:59 - 2013-08-05 23:59 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-05 23:53 - 2013-08-05 23:55 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-05 23:53 - 2013-08-05 23:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-05 23:52 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-08-05 23:52 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-08-05 23:20 - 2012-02-11 08:36 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-08-05 23:20 - 2012-02-11 08:32 - 00956416 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-08-05 23:20 - 2012-02-11 08:29 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-08-05 23:20 - 2012-02-11 08:29 - 00067584 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-08-05 23:20 - 2012-02-11 07:44 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-08-05 23:19 - 2012-06-02 07:25 - 01462784 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-05 23:19 - 2012-06-02 07:25 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-05 23:19 - 2012-06-02 07:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-05 23:19 - 2012-06-02 06:45 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-05 23:19 - 2012-06-02 06:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-05 23:19 - 2012-06-02 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-05 23:18 - 2011-11-19 17:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2013-08-05 23:18 - 2011-11-19 16:06 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2013-08-05 23:00 - 2013-08-05 23:00 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-05 23:00 - 2013-08-05 23:00 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-05 23:00 - 2013-08-05 23:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-05 22:58 - 2013-08-05 22:58 - 04429440 _____ (Piriform Ltd) C:\Users\And\Downloads\ccsetup404.exe
2013-08-05 22:40 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-08-05 22:40 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-08-05 22:40 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-08-05 22:40 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-08-05 22:39 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-08-05 22:39 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-08-05 16:22 - 2013-08-05 16:23 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-05 15:14 - 2013-08-05 15:14 - 00000000 _____ C:\autoexec.bat
2013-08-05 14:33 - 2013-08-05 14:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-05 14:25 - 2013-08-05 14:25 - 05799944 _____ (ParetoLogic, Inc.) C:\Users\And\Downloads\RegCureProSetup_RW.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\And\Downloads\SpyHunter-Installer.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00001205 _____ C:\Users\And\Downloads\FixNCR.reg
2013-08-05 11:10 - 2013-08-05 11:10 - 00001545 _____ C:\AdwCleaner[S3].txt
2013-08-05 11:07 - 2013-08-05 11:09 - 00001483 _____ C:\AdwCleaner[R3].txt
2013-08-04 22:19 - 2013-08-06 00:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-04 22:19 - 2013-08-04 23:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-04 22:19 - 2013-08-04 22:19 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-04 22:17 - 2013-08-04 22:18 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\And\Downloads\spybotsd-2.1.21-SR2.exe
2013-08-04 20:09 - 2013-08-04 20:09 - 00001951 _____ C:\AdwCleaner[S2].txt
2013-08-04 20:07 - 2013-08-04 20:09 - 00001883 _____ C:\AdwCleaner[R2].txt
2013-08-04 20:02 - 2013-08-04 20:02 - 00052900 _____ C:\AdwCleaner[S1].txt
2013-08-04 20:01 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Desktop\adwcleaner06.exe
2013-08-04 20:00 - 2013-08-04 20:01 - 00193497 _____ C:\AdwCleaner[R1].txt
2013-08-04 19:59 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Downloads\adwcleaner06.exe
2013-08-04 16:04 - 2013-08-04 16:04 - 00000116 _____ C:\Users\And\AppData\Roaming\wklnhst.dat
2013-08-04 16:04 - 2013-08-04 16:04 - 00000000 ____D C:\Users\And\AppData\Roaming\Template
2013-08-04 15:38 - 2013-08-04 15:38 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\Users\And\Downloads\freepdf
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\SoftwareUpdater
2013-08-04 15:36 - 2013-08-05 01:58 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-08-04 15:36 - 2013-08-01 03:08 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-04 15:35 - 2013-08-04 15:47 - 00000000 ____D C:\Users\And\AppData\Roaming\Windows Net Data
2013-08-04 15:32 - 2013-08-04 15:32 - 00444400 _____ C:\Users\And\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-04 10:25 - 2013-08-04 10:25 - 00000000 ____D C:\Users\And\AppData\Roaming\Avira
2013-08-04 10:20 - 2013-08-04 10:20 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-04 10:19 - 2013-08-04 10:19 - 00001998 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-04 10:18 - 2013-08-04 10:18 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-04 10:18 - 2013-08-04 10:10 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-04 10:18 - 2013-08-04 10:10 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-04 10:18 - 2013-08-04 10:10 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-30 20:39 - 2013-07-30 20:39 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-30 20:26 - 2013-07-30 20:26 - 00000000 ____D C:\Users\TigerBlade\AppData\Roaming\Malwarebytes
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Roaming\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Local\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\ProgramData\www.rene-zeidler.de
2013-07-29 21:48 - 2013-07-29 21:48 - 00003376 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-29 21:47 - 2013-07-29 21:47 - 00001324 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2013-07-29 21:46 - 2013-07-29 21:46 - 01264816 _____ (Ellora Assets Corporation                                   ) C:\Users\And\Downloads\FreemakeAudioConverterSetup(1).exe
2013-07-29 21:28 - 2013-07-29 21:28 - 01111837 _____ (PolySoft Solutions                                          ) C:\Users\And\Downloads\FreeFLACToMP3Converter.exe
2013-07-29 21:22 - 2013-07-29 21:25 - 93548569 _____ C:\Users\And\Downloads\Rabentour2.zip
2013-07-29 18:55 - 2013-07-29 19:02 - 38760251 _____ C:\Users\And\Downloads\ffactory3_install [1].exe
2013-07-29 18:54 - 2013-07-29 18:54 - 00620896 _____ C:\Users\And\Downloads\ffactory3_install.exe
2013-07-29 18:34 - 2013-07-29 18:34 - 00001297 _____ C:\Users\And\Desktop\AVS4YOU Software Navigator.lnk
2013-07-29 18:32 - 2013-07-29 18:33 - 46406640 _____ (Online Media Technologies Ltd.                              ) C:\Users\And\Downloads\avs-audio-converter_19024.exe
2013-07-26 09:10 - 2013-07-26 09:10 - 00033692 _____ C:\Users\And\Downloads\masterplan_soulburn.gp4
2013-07-26 08:09 - 2013-07-26 08:10 - 00000000 ____D C:\Users\And\Desktop\Mastering
2013-07-24 11:47 - 2013-07-24 11:47 - 00408697 _____ C:\Users\And\Downloads\Outlook.zip
2013-07-23 22:05 - 2013-07-23 22:05 - 00000000 ____D C:\Users\And\Documents\My Stationery
2013-07-23 22:03 - 2013-07-23 22:03 - 00009258 _____ C:\Users\And\Downloads\Delivery Status Notification (Failure).zip
2013-07-21 20:09 - 2013-07-22 21:17 - 95023320 ____T C:\ProgramData\ininolej.pad
2013-07-21 20:09 - 2013-07-22 21:17 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00002731 _____ C:\ProgramData\ininolej.js
2013-07-21 20:09 - 2013-07-21 20:09 - 00001011 _____ C:\ProgramData\sdaksda.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00000154 _____ C:\ProgramData\ininolej.reg
2013-07-21 20:09 - 2013-07-21 20:09 - 00000059 _____ C:\ProgramData\ininolej.bat
2013-07-12 18:50 - 2013-07-12 18:50 - 00614400 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar.part
2013-07-12 18:50 - 2013-07-12 18:50 - 00000000 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar
2013-07-11 13:48 - 2013-07-11 14:08 - 60423352 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9.rar
2013-07-09 15:49 - 2013-07-09 15:49 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-09 15:49 - 2013-07-09 15:49 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
140

==================== One Month Modified Files and Folders =======

2013-08-06 15:45 - 2009-07-14 05:20 - 00000000 ____D C:\Users\Default
2013-08-06 15:36 - 2009-11-05 05:32 - 00000000 ____D C:\Program Files (x86)\Acer GameZone
2013-08-06 15:35 - 2011-03-01 15:42 - 00000000 ____D C:\Users\And\AppData\Roaming\Guitar Pro 6
2013-08-06 15:34 - 2012-12-12 22:52 - 00000000 ____D C:\Users\TigerBlade
2013-08-06 15:34 - 2011-03-25 23:15 - 00000000 ____D C:\Users\Andicore
2013-08-06 15:33 - 2012-12-12 23:22 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-08-06 15:26 - 2012-05-24 18:43 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-06 15:26 - 2012-05-24 18:41 - 00000000 ____D C:\Program Files\Adobe
2013-08-06 15:25 - 2009-11-05 02:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-06 15:14 - 2009-07-14 06:45 - 00017376 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-06 15:14 - 2009-07-14 06:45 - 00017376 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-06 15:08 - 2011-01-03 00:44 - 00000000 ____D C:\Windows\System32\Tasks\NCH Swift Sound
2013-08-06 15:07 - 2013-04-12 14:29 - 00000000 ____D C:\Users\And\AppData\Roaming\Dropbox
2013-08-06 15:06 - 2013-03-16 19:55 - 00000412 ____H C:\Windows\Tasks\schedule!3036567561.job
2013-08-06 15:06 - 2013-02-23 10:21 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-06 15:06 - 2013-02-23 10:21 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-06 15:06 - 2010-02-28 16:16 - 00000125 ___SH C:\ProgramData\.zreglib
2013-08-06 15:04 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-06 15:03 - 2013-08-06 00:29 - 00000448 _____ C:\Windows\setupact.log
2013-08-06 15:02 - 2010-01-24 08:37 - 01931339 _____ C:\Windows\WindowsUpdate.log
2013-08-06 14:13 - 2013-08-06 01:11 - 00027371 _____ C:\Users\And\Downloads\Addition.txt
2013-08-06 13:58 - 2012-10-11 15:21 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-08-06 13:57 - 2013-08-06 13:57 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64(1).exe
2013-08-06 10:45 - 2013-08-06 10:45 - 00000818 _____ C:\Windows\PFRO.log
2013-08-06 10:21 - 2013-08-06 10:20 - 00001652 _____ C:\Users\And\Desktop\adwcleanert.txt
2013-08-06 10:16 - 2013-08-06 10:12 - 00001652 _____ C:\AdwCleaner[S5].txt
2013-08-06 09:50 - 2012-11-01 10:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-06 09:50 - 2012-11-01 10:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-06 04:17 - 2010-01-24 17:29 - 00663842 _____ C:\Windows\system32\perfh007.dat
2013-08-06 04:17 - 2010-01-24 17:29 - 00135078 _____ C:\Windows\system32\perfc007.dat
2013-08-06 04:17 - 2009-07-14 07:13 - 01547226 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-06 03:59 - 2009-11-05 05:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-06 02:59 - 2013-08-06 02:55 - 00004638 _____ C:\Windows\IE9_main.log
2013-08-06 02:42 - 2009-11-05 05:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-08-06 02:21 - 2009-07-14 04:34 - 00000510 _____ C:\Windows\win.ini
2013-08-06 01:17 - 2013-08-06 01:17 - 00000000 ____D C:\Windows\ERUNT
2013-08-06 01:16 - 2013-08-06 01:16 - 00003098 _____ C:\Windows\System32\Tasks\{3B137DB0-EE93-4304-A1D5-E1245BE95ABB}
2013-08-06 01:15 - 2013-08-06 01:15 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\And\Desktop\JRT.exe
2013-08-06 01:10 - 2013-08-06 01:10 - 00000000 ____D C:\FRST
2013-08-06 01:09 - 2013-08-06 01:09 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64.exe
2013-08-06 01:03 - 2013-08-06 00:48 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-06 01:02 - 2013-08-06 01:02 - 00001326 _____ C:\Windows\system32\.crusader
2013-08-06 00:49 - 2013-08-06 00:49 - 00001869 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-06 00:49 - 2013-08-06 00:49 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-06 00:48 - 2013-08-06 00:47 - 09853928 _____ (SurfRight B.V.) C:\Users\And\Downloads\HitmanPro_x64.exe
2013-08-06 00:38 - 2013-08-06 00:35 - 00001757 _____ C:\AdwCleaner[S4].txt
2013-08-06 00:29 - 2013-08-06 00:29 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 00:18 - 2013-08-04 22:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-06 00:16 - 2010-04-01 03:10 - 00001768 _____ C:\Windows\wininit.ini
2013-08-06 00:10 - 2013-08-06 00:10 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00000000 ____D C:\Program Files\Java
2013-08-06 00:09 - 2013-08-06 00:08 - 33150376 _____ (Oracle Corporation) C:\Users\And\Downloads\jre-7u25-windows-x64.exe
2013-08-06 00:00 - 2010-03-24 16:00 - 00000000 ____D C:\Users\And\AppData\Local\Adobe
2013-08-05 23:59 - 2013-08-05 23:59 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-05 23:59 - 2009-11-05 02:38 - 00000000 ____D C:\ProgramData\Adobe
2013-08-05 23:55 - 2013-08-05 23:53 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-05 23:55 - 2013-08-05 23:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-05 23:32 - 2013-02-25 00:02 - 00482816 ___SH C:\Users\And\Desktop\Thumbs.db
2013-08-05 23:17 - 2011-10-16 02:41 - 00000000 ____D C:\Users\And\AppData\Roaming\Vso
2013-08-05 23:17 - 2010-09-02 01:53 - 00000000 ____D C:\Users\And\AppData\Roaming\Media Player Classic
2013-08-05 23:17 - 2010-02-18 12:22 - 00000000 ____D C:\Users\And\Tracing
2013-08-05 23:10 - 2012-12-13 14:44 - 00000000 ____D C:\Users\And\AppData\Local\CrashDumps
2013-08-05 23:10 - 2009-07-27 22:41 - 00000000 ____D C:\Windows\Panther
2013-08-05 23:00 - 2013-08-05 23:00 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-05 23:00 - 2013-08-05 23:00 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-05 23:00 - 2013-08-05 23:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-05 22:58 - 2013-08-05 22:58 - 04429440 _____ (Piriform Ltd) C:\Users\And\Downloads\ccsetup404.exe
2013-08-05 16:23 - 2013-08-05 16:22 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-05 15:14 - 2013-08-05 15:14 - 00000000 _____ C:\autoexec.bat
2013-08-05 14:33 - 2013-08-05 14:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-05 14:25 - 2013-08-05 14:25 - 05799944 _____ (ParetoLogic, Inc.) C:\Users\And\Downloads\RegCureProSetup_RW.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\And\Downloads\SpyHunter-Installer.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00001205 _____ C:\Users\And\Downloads\FixNCR.reg
2013-08-05 11:10 - 2013-08-05 11:10 - 00001545 _____ C:\AdwCleaner[S3].txt
2013-08-05 11:09 - 2013-08-05 11:07 - 00001483 _____ C:\AdwCleaner[R3].txt
2013-08-05 09:13 - 2010-02-15 13:11 - 00000000 ____D C:\Users\And\AppData\Roaming\U3
2013-08-05 01:58 - 2013-08-04 15:36 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-08-04 23:00 - 2013-08-04 22:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-04 23:00 - 2013-03-16 19:54 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-04 22:19 - 2013-08-04 22:19 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-04 22:18 - 2013-08-04 22:17 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\And\Downloads\spybotsd-2.1.21-SR2.exe
2013-08-04 20:09 - 2013-08-04 20:09 - 00001951 _____ C:\AdwCleaner[S2].txt
2013-08-04 20:09 - 2013-08-04 20:07 - 00001883 _____ C:\AdwCleaner[R2].txt
2013-08-04 20:02 - 2013-08-04 20:02 - 00052900 _____ C:\AdwCleaner[S1].txt
2013-08-04 20:01 - 2013-08-04 20:00 - 00193497 _____ C:\AdwCleaner[R1].txt
2013-08-04 19:59 - 2013-08-04 20:01 - 00666633 _____ C:\Users\And\Desktop\adwcleaner06.exe
2013-08-04 19:59 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Downloads\adwcleaner06.exe
2013-08-04 18:10 - 2009-11-05 02:36 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-08-04 17:56 - 2012-10-19 09:50 - 00000000 ____D C:\Users\And\AppData\Roaming\Amazon
2013-08-04 17:56 - 2012-10-19 09:50 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-08-04 17:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-04 16:04 - 2013-08-04 16:04 - 00000116 _____ C:\Users\And\AppData\Roaming\wklnhst.dat
2013-08-04 16:04 - 2013-08-04 16:04 - 00000000 ____D C:\Users\And\AppData\Roaming\Template
2013-08-04 16:04 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-04 15:47 - 2013-08-04 15:35 - 00000000 ____D C:\Users\And\AppData\Roaming\Windows Net Data
2013-08-04 15:42 - 2009-07-14 06:45 - 05082032 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-04 15:38 - 2013-08-04 15:38 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\Users\And\Downloads\freepdf
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\SoftwareUpdater
2013-08-04 15:36 - 2010-02-12 21:31 - 00139336 _____ C:\Users\And\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-04 15:35 - 2010-02-12 21:32 - 00000000 ____D C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-04 15:32 - 2013-08-04 15:32 - 00444400 _____ C:\Users\And\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-04 11:34 - 2011-10-07 09:26 - 00000000 ____D C:\Users\And\Desktop\Andy Fotoordner
2013-08-04 10:25 - 2013-08-04 10:25 - 00000000 ____D C:\Users\And\AppData\Roaming\Avira
2013-08-04 10:20 - 2013-08-04 10:20 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-04 10:19 - 2013-08-04 10:19 - 00001998 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-04 10:18 - 2013-08-04 10:18 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-04 10:18 - 2011-03-25 23:27 - 00000000 ____D C:\ProgramData\Avira
2013-08-04 10:10 - 2013-08-04 10:18 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-04 10:10 - 2013-08-04 10:18 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-04 10:10 - 2013-08-04 10:18 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-03 02:19 - 2013-04-09 12:38 - 00000000 ____D C:\Users\And\AppData\Roaming\vlc
2013-08-02 02:39 - 2012-04-11 12:13 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-08-01 03:08 - 2013-08-04 15:36 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-01 01:10 - 2013-02-23 10:22 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-31 16:54 - 2012-11-01 10:23 - 00003332 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2466762564-940141292-4185495133-1000
2013-07-31 16:54 - 2012-11-01 10:23 - 00003194 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2466762564-940141292-4185495133-1000
2013-07-30 20:39 - 2013-07-30 20:39 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-30 20:26 - 2013-07-30 20:26 - 00000000 ____D C:\Users\TigerBlade\AppData\Roaming\Malwarebytes
2013-07-30 20:25 - 2012-12-12 23:07 - 00139336 _____ C:\Users\TigerBlade\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-30 15:31 - 2013-06-16 21:43 - 00000000 ____D C:\Users\And\Desktop\NEW PROG PROJECT
2013-07-30 12:57 - 2012-07-26 23:40 - 00000000 ____D C:\Users\And\Desktop\DIVERSES
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Roaming\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Local\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\ProgramData\www.rene-zeidler.de
2013-07-29 22:42 - 2011-07-21 06:44 - 00000000 ____D C:\Users\And\Desktop\Doros Welt
2013-07-29 21:48 - 2013-07-29 21:48 - 00003376 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-29 21:47 - 2013-07-29 21:47 - 00001324 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2013-07-29 21:47 - 2012-11-24 02:35 - 00000000 ____D C:\ProgramData\Freemake
2013-07-29 21:46 - 2013-07-29 21:46 - 01264816 _____ (Ellora Assets Corporation                                   ) C:\Users\And\Downloads\FreemakeAudioConverterSetup(1).exe
2013-07-29 21:28 - 2013-07-29 21:28 - 01111837 _____ (PolySoft Solutions                                          ) C:\Users\And\Downloads\FreeFLACToMP3Converter.exe
2013-07-29 21:25 - 2013-07-29 21:22 - 93548569 _____ C:\Users\And\Downloads\Rabentour2.zip
2013-07-29 19:02 - 2013-07-29 18:55 - 38760251 _____ C:\Users\And\Downloads\ffactory3_install [1].exe
2013-07-29 18:54 - 2013-07-29 18:54 - 00620896 _____ C:\Users\And\Downloads\ffactory3_install.exe
2013-07-29 18:34 - 2013-07-29 18:34 - 00001297 _____ C:\Users\And\Desktop\AVS4YOU Software Navigator.lnk
2013-07-29 18:34 - 2011-11-04 13:22 - 00000000 ____D C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2013-07-29 18:34 - 2011-11-04 13:21 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-07-29 18:33 - 2013-07-29 18:32 - 46406640 _____ (Online Media Technologies Ltd.                              ) C:\Users\And\Downloads\avs-audio-converter_19024.exe
2013-07-29 16:27 - 2011-10-07 09:26 - 00000000 ____D C:\Users\And\Desktop\Andy neue Daten - WICHTIG
2013-07-29 12:49 - 2013-02-27 13:42 - 00000000 ____D C:\Users\And\Desktop\SOULSEEK-FILES
2013-07-29 11:20 - 2010-02-13 15:32 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-07-26 09:10 - 2013-07-26 09:10 - 00033692 _____ C:\Users\And\Downloads\masterplan_soulburn.gp4
2013-07-26 08:10 - 2013-07-26 08:09 - 00000000 ____D C:\Users\And\Desktop\Mastering
2013-07-24 11:47 - 2013-07-24 11:47 - 00408697 _____ C:\Users\And\Downloads\Outlook.zip
2013-07-23 23:57 - 2012-01-08 20:43 - 00001057 _____ C:\Users\And\AppData\Roaming\vso_ts_preview.xml
2013-07-23 22:05 - 2013-07-23 22:05 - 00000000 ____D C:\Users\And\Documents\My Stationery
2013-07-23 22:03 - 2013-07-23 22:03 - 00009258 _____ C:\Users\And\Downloads\Delivery Status Notification (Failure).zip
2013-07-22 21:17 - 2013-07-21 20:09 - 95023320 ____T C:\ProgramData\ininolej.pad
2013-07-22 21:17 - 2013-07-21 20:09 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00002731 _____ C:\ProgramData\ininolej.js
2013-07-21 20:09 - 2013-07-21 20:09 - 00001011 _____ C:\ProgramData\sdaksda.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00000154 _____ C:\ProgramData\ininolej.reg
2013-07-21 20:09 - 2013-07-21 20:09 - 00000059 _____ C:\ProgramData\ininolej.bat
2013-07-15 12:41 - 2012-04-25 00:03 - 00000000 ____D C:\Users\And\AppData\Roaming\Mp3tag
2013-07-14 21:55 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-13 00:01 - 2013-02-23 10:21 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 00:01 - 2013-02-23 10:21 - 00003848 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 18:50 - 2013-07-12 18:50 - 00614400 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar.part
2013-07-12 18:50 - 2013-07-12 18:50 - 00000000 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar
2013-07-11 14:08 - 2013-07-11 13:48 - 60423352 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9.rar
2013-07-09 15:49 - 2013-07-09 15:49 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-09 15:49 - 2013-07-09 15:49 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
2013-07-07 12:55 - 2012-06-14 21:55 - 00000156 _____ C:\Windows\Twunk001.MTX
2013-07-07 12:55 - 2012-06-14 21:55 - 00000004 _____ C:\Windows\Twain001.Mtx

Files to move or delete:
====================
C:\ProgramData\ininolej.bat
C:\ProgramData\ininolej.pad
C:\ProgramData\ininolej.reg
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\ProgramData\z7_0ytr.pad

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-05 14:16

==================== End Of Log ============================

--- --- ---

--- --- ---

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2013
Ran by And (administrator) on 06-08-2013 15:45:39
Running from C:\Users\And\Downloads
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Dropbox, Inc.) C:\Users\And\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Windows Net) C:\Users\And\AppData\Roaming\Windows Net Data\net.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
((주)마크애니) C:\Program Files (x86)\MarkAny\ContentSAFER\MAAgent.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Farbar) C:\Users\And\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-23] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKCU\...\Run: [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED [x]
HKCU\...\Run: [MRDaemon.exe] - C:\Program Files (x86)\Mnet\QuickManager2\MRDaemon.exe [x]
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [Eqxooqba] - C:\Users\And\AppData\Roaming\Toic\ytxoe.exe [x]
HKCU\...\Command Processor: "C:\Users\And\AppData\Local\Temp\lfxnbcwskkgdaillt.exe" <======= ATTENTION
HKCU\...\CurrentVersion\Windows: [Load] C:\Users\And\LOCALS~1\Temp\mswaqq.exe <===== ATTENTION!
MountPoints2: E - E:\HTC_Sync_Manager_PC.exe
MountPoints2: {0c0ac175-8f27-11e2-8d85-00262d83320a} - F:\HTC_Sync_Manager_PC.exe
MountPoints2: {23528b06-18fe-11df-b718-00262d83320a} - F:\LaunchU3.exe -a
MountPoints2: {6aba0b8d-5d6d-11e2-8da9-00262d83320a} - E:\HTC_Sync_Manager_PC.exe
MountPoints2: {b81641a4-6317-11e2-a7e1-00262d83320a} - E:\HTC_Sync_Manager_PC.exe
MountPoints2: {c7fe51d9-177d-11df-9573-00262d83320a} - E:\autorun.exe
MountPoints2: {ef840aab-4246-11e2-94d7-00262d83320a} - E:\HTC_Sync_Manager_PC.exe
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-09-25] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [IVM] - C:\Program Files (x86)\NCH Swift Sound\IVM\ivm.exe [1514500 2011-01-03] (NCH Software)
HKLM-x32\...\Run: [MAAgent] - C:\Program Files (x86)\MarkAny\ContentSAFER\MAAgent.exe [61440 2008-09-19] ((주)마크애니)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162408 2012-09-06] (Geek Software GmbH)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2012-11-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-08] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\And\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\And\AppData\Roaming\Windows Net Data\net.exe (Windows Net)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\And\AppData\Roaming\HomeTab\HomeTab.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\And\AppData\Roaming\HomeTab\HomeTab.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} -  No File
Handler: ipp - No CLSID Value - 
Handler: msdaipp - No CLSID Value - 
Handler-x32: ipp - No CLSID Value - 
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\PROGRA~2\MarkAny\CONTEN~1\MACSMA~1.DLL [192512 2004-11-23] (MarkAny Cooperation.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\And\AppData\Roaming\Mozilla\Firefox\Profiles\c4ua26qo.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] C:\Users\And\AppData\Roaming\13001.023
FF Extension: Java Link Helper - C:\Users\And\AppData\Roaming\13001.023
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Freemake Video Downloader) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0
CHR Extension: (Freemake Youtube Download Button) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0
CHR Extension: () - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html
CHR Extension: (Hedgehog in the fog) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fgibjgmnimooanbagcfpnkmngejcojaf] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx
CHR HKLM-x32\...\Chrome\Extension: [hempmfkijmahkaddljkmchcmjbojoedl] - C:\Users\And\AppData\Local\Temp\ccex.crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [mbcjjdjanpccmehilicphhmeobiljcpk] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-04] (Avira Operations GmbH & Co. KG)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-07-17] (Freemake)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-08-06] (SurfRight B.V.)
S2 IVMService; C:\Program Files (x86)\NCH Swift Sound\IVM\ivm.exe [1514500 2011-01-03] (NCH Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] ()
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-04] (soft Xpansion)
R2 XS Stick Service; C:\Windows\service4g.exe [125200 2009-06-17] (4G Systems GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-04] (Avira Operations GmbH & Co. KG)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2010-02-13] (Mobile Connector)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2013-02-28] ()
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2012-06-27] (WinISO.com)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-06 13:57 - 2013-08-06 13:57 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64(1).exe
2013-08-06 10:45 - 2013-08-06 10:45 - 00000818 _____ C:\Windows\PFRO.log
2013-08-06 10:20 - 2013-08-06 10:21 - 00001652 _____ C:\Users\And\Desktop\adwcleanert.txt
2013-08-06 10:12 - 2013-08-06 10:16 - 00001652 _____ C:\AdwCleaner[S5].txt
2013-08-06 02:55 - 2013-08-06 02:59 - 00004638 _____ C:\Windows\IE9_main.log
2013-08-06 01:17 - 2013-08-06 01:17 - 00000000 ____D C:\Windows\ERUNT
2013-08-06 01:16 - 2013-08-06 01:16 - 00003098 _____ C:\Windows\System32\Tasks\{3B137DB0-EE93-4304-A1D5-E1245BE95ABB}
2013-08-06 01:15 - 2013-08-06 01:15 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\And\Desktop\JRT.exe
2013-08-06 01:11 - 2013-08-06 14:13 - 00027371 _____ C:\Users\And\Downloads\Addition.txt
2013-08-06 01:10 - 2013-08-06 01:10 - 00000000 ____D C:\FRST
2013-08-06 01:09 - 2013-08-06 01:09 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64.exe
2013-08-06 01:02 - 2013-08-06 01:02 - 00001326 _____ C:\Windows\system32\.crusader
2013-08-06 00:49 - 2013-08-06 00:49 - 00001869 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-06 00:49 - 2013-08-06 00:49 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-06 00:48 - 2013-08-06 01:03 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-06 00:47 - 2013-08-06 00:48 - 09853928 _____ (SurfRight B.V.) C:\Users\And\Downloads\HitmanPro_x64.exe
2013-08-06 00:35 - 2013-08-06 00:38 - 00001757 _____ C:\AdwCleaner[S4].txt
2013-08-06 00:29 - 2013-08-06 15:03 - 00000448 _____ C:\Windows\setupact.log
2013-08-06 00:29 - 2013-08-06 00:29 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 00:10 - 2013-08-06 00:10 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00000000 ____D C:\Program Files\Java
2013-08-06 00:08 - 2013-08-06 00:09 - 33150376 _____ (Oracle Corporation) C:\Users\And\Downloads\jre-7u25-windows-x64.exe
2013-08-05 23:59 - 2013-08-05 23:59 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-05 23:53 - 2013-08-05 23:55 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-05 23:53 - 2013-08-05 23:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-05 23:52 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-08-05 23:52 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-08-05 23:20 - 2012-02-11 08:36 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-08-05 23:20 - 2012-02-11 08:32 - 00956416 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-08-05 23:20 - 2012-02-11 08:29 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-08-05 23:20 - 2012-02-11 08:29 - 00067584 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-08-05 23:20 - 2012-02-11 07:44 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-08-05 23:19 - 2012-06-02 07:25 - 01462784 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-05 23:19 - 2012-06-02 07:25 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-05 23:19 - 2012-06-02 07:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-05 23:19 - 2012-06-02 06:45 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-05 23:19 - 2012-06-02 06:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-05 23:19 - 2012-06-02 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-05 23:18 - 2011-11-19 17:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2013-08-05 23:18 - 2011-11-19 16:06 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2013-08-05 23:00 - 2013-08-05 23:00 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-05 23:00 - 2013-08-05 23:00 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-05 23:00 - 2013-08-05 23:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-05 22:58 - 2013-08-05 22:58 - 04429440 _____ (Piriform Ltd) C:\Users\And\Downloads\ccsetup404.exe
2013-08-05 22:40 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-08-05 22:40 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-08-05 22:40 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-08-05 22:40 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-08-05 22:39 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-08-05 22:39 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-08-05 16:22 - 2013-08-05 16:23 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-05 15:14 - 2013-08-05 15:14 - 00000000 _____ C:\autoexec.bat
2013-08-05 14:33 - 2013-08-05 14:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-05 14:25 - 2013-08-05 14:25 - 05799944 _____ (ParetoLogic, Inc.) C:\Users\And\Downloads\RegCureProSetup_RW.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\And\Downloads\SpyHunter-Installer.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00001205 _____ C:\Users\And\Downloads\FixNCR.reg
2013-08-05 11:10 - 2013-08-05 11:10 - 00001545 _____ C:\AdwCleaner[S3].txt
2013-08-05 11:07 - 2013-08-05 11:09 - 00001483 _____ C:\AdwCleaner[R3].txt
2013-08-04 22:19 - 2013-08-06 00:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-04 22:19 - 2013-08-04 23:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-04 22:19 - 2013-08-04 22:19 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-04 22:17 - 2013-08-04 22:18 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\And\Downloads\spybotsd-2.1.21-SR2.exe
2013-08-04 20:09 - 2013-08-04 20:09 - 00001951 _____ C:\AdwCleaner[S2].txt
2013-08-04 20:07 - 2013-08-04 20:09 - 00001883 _____ C:\AdwCleaner[R2].txt
2013-08-04 20:02 - 2013-08-04 20:02 - 00052900 _____ C:\AdwCleaner[S1].txt
2013-08-04 20:01 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Desktop\adwcleaner06.exe
2013-08-04 20:00 - 2013-08-04 20:01 - 00193497 _____ C:\AdwCleaner[R1].txt
2013-08-04 19:59 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Downloads\adwcleaner06.exe
2013-08-04 16:04 - 2013-08-04 16:04 - 00000116 _____ C:\Users\And\AppData\Roaming\wklnhst.dat
2013-08-04 16:04 - 2013-08-04 16:04 - 00000000 ____D C:\Users\And\AppData\Roaming\Template
2013-08-04 15:38 - 2013-08-04 15:38 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\Users\And\Downloads\freepdf
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\SoftwareUpdater
2013-08-04 15:36 - 2013-08-05 01:58 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-08-04 15:36 - 2013-08-01 03:08 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-04 15:35 - 2013-08-04 15:47 - 00000000 ____D C:\Users\And\AppData\Roaming\Windows Net Data
2013-08-04 15:32 - 2013-08-04 15:32 - 00444400 _____ C:\Users\And\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-04 10:25 - 2013-08-04 10:25 - 00000000 ____D C:\Users\And\AppData\Roaming\Avira
2013-08-04 10:20 - 2013-08-04 10:20 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-04 10:19 - 2013-08-04 10:19 - 00001998 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-04 10:18 - 2013-08-04 10:18 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-04 10:18 - 2013-08-04 10:10 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-04 10:18 - 2013-08-04 10:10 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-04 10:18 - 2013-08-04 10:10 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-30 20:39 - 2013-07-30 20:39 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-30 20:26 - 2013-07-30 20:26 - 00000000 ____D C:\Users\TigerBlade\AppData\Roaming\Malwarebytes
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Roaming\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Local\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\ProgramData\www.rene-zeidler.de
2013-07-29 21:48 - 2013-07-29 21:48 - 00003376 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-29 21:47 - 2013-07-29 21:47 - 00001324 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2013-07-29 21:46 - 2013-07-29 21:46 - 01264816 _____ (Ellora Assets Corporation                                   ) C:\Users\And\Downloads\FreemakeAudioConverterSetup(1).exe
2013-07-29 21:28 - 2013-07-29 21:28 - 01111837 _____ (PolySoft Solutions                                          ) C:\Users\And\Downloads\FreeFLACToMP3Converter.exe
2013-07-29 21:22 - 2013-07-29 21:25 - 93548569 _____ C:\Users\And\Downloads\Rabentour2.zip
2013-07-29 18:55 - 2013-07-29 19:02 - 38760251 _____ C:\Users\And\Downloads\ffactory3_install [1].exe
2013-07-29 18:54 - 2013-07-29 18:54 - 00620896 _____ C:\Users\And\Downloads\ffactory3_install.exe
2013-07-29 18:34 - 2013-07-29 18:34 - 00001297 _____ C:\Users\And\Desktop\AVS4YOU Software Navigator.lnk
2013-07-29 18:32 - 2013-07-29 18:33 - 46406640 _____ (Online Media Technologies Ltd.                              ) C:\Users\And\Downloads\avs-audio-converter_19024.exe
2013-07-26 09:10 - 2013-07-26 09:10 - 00033692 _____ C:\Users\And\Downloads\masterplan_soulburn.gp4
2013-07-26 08:09 - 2013-07-26 08:10 - 00000000 ____D C:\Users\And\Desktop\Mastering
2013-07-24 11:47 - 2013-07-24 11:47 - 00408697 _____ C:\Users\And\Downloads\Outlook.zip
2013-07-23 22:05 - 2013-07-23 22:05 - 00000000 ____D C:\Users\And\Documents\My Stationery
2013-07-23 22:03 - 2013-07-23 22:03 - 00009258 _____ C:\Users\And\Downloads\Delivery Status Notification (Failure).zip
2013-07-21 20:09 - 2013-07-22 21:17 - 95023320 ____T C:\ProgramData\ininolej.pad
2013-07-21 20:09 - 2013-07-22 21:17 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00002731 _____ C:\ProgramData\ininolej.js
2013-07-21 20:09 - 2013-07-21 20:09 - 00001011 _____ C:\ProgramData\sdaksda.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00000154 _____ C:\ProgramData\ininolej.reg
2013-07-21 20:09 - 2013-07-21 20:09 - 00000059 _____ C:\ProgramData\ininolej.bat
2013-07-12 18:50 - 2013-07-12 18:50 - 00614400 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar.part
2013-07-12 18:50 - 2013-07-12 18:50 - 00000000 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar
2013-07-11 13:48 - 2013-07-11 14:08 - 60423352 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9.rar
2013-07-09 15:49 - 2013-07-09 15:49 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-09 15:49 - 2013-07-09 15:49 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
140

==================== One Month Modified Files and Folders =======

2013-08-06 15:45 - 2009-07-14 05:20 - 00000000 ____D C:\Users\Default
2013-08-06 15:36 - 2009-11-05 05:32 - 00000000 ____D C:\Program Files (x86)\Acer GameZone
2013-08-06 15:35 - 2011-03-01 15:42 - 00000000 ____D C:\Users\And\AppData\Roaming\Guitar Pro 6
2013-08-06 15:34 - 2012-12-12 22:52 - 00000000 ____D C:\Users\TigerBlade
2013-08-06 15:34 - 2011-03-25 23:15 - 00000000 ____D C:\Users\Andicore
2013-08-06 15:33 - 2012-12-12 23:22 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-08-06 15:26 - 2012-05-24 18:43 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-06 15:26 - 2012-05-24 18:41 - 00000000 ____D C:\Program Files\Adobe
2013-08-06 15:25 - 2009-11-05 02:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-06 15:14 - 2009-07-14 06:45 - 00017376 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-06 15:14 - 2009-07-14 06:45 - 00017376 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-06 15:08 - 2011-01-03 00:44 - 00000000 ____D C:\Windows\System32\Tasks\NCH Swift Sound
2013-08-06 15:07 - 2013-04-12 14:29 - 00000000 ____D C:\Users\And\AppData\Roaming\Dropbox
2013-08-06 15:06 - 2013-03-16 19:55 - 00000412 ____H C:\Windows\Tasks\schedule!3036567561.job
2013-08-06 15:06 - 2013-02-23 10:21 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-06 15:06 - 2013-02-23 10:21 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-06 15:06 - 2010-02-28 16:16 - 00000125 ___SH C:\ProgramData\.zreglib
2013-08-06 15:04 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-06 15:03 - 2013-08-06 00:29 - 00000448 _____ C:\Windows\setupact.log
2013-08-06 15:02 - 2010-01-24 08:37 - 01931339 _____ C:\Windows\WindowsUpdate.log
2013-08-06 14:13 - 2013-08-06 01:11 - 00027371 _____ C:\Users\And\Downloads\Addition.txt
2013-08-06 13:58 - 2012-10-11 15:21 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-08-06 13:57 - 2013-08-06 13:57 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64(1).exe
2013-08-06 10:45 - 2013-08-06 10:45 - 00000818 _____ C:\Windows\PFRO.log
2013-08-06 10:21 - 2013-08-06 10:20 - 00001652 _____ C:\Users\And\Desktop\adwcleanert.txt
2013-08-06 10:16 - 2013-08-06 10:12 - 00001652 _____ C:\AdwCleaner[S5].txt
2013-08-06 09:50 - 2012-11-01 10:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-06 09:50 - 2012-11-01 10:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-06 04:17 - 2010-01-24 17:29 - 00663842 _____ C:\Windows\system32\perfh007.dat
2013-08-06 04:17 - 2010-01-24 17:29 - 00135078 _____ C:\Windows\system32\perfc007.dat
2013-08-06 04:17 - 2009-07-14 07:13 - 01547226 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-06 03:59 - 2009-11-05 05:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-06 02:59 - 2013-08-06 02:55 - 00004638 _____ C:\Windows\IE9_main.log
2013-08-06 02:42 - 2009-11-05 05:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-08-06 02:21 - 2009-07-14 04:34 - 00000510 _____ C:\Windows\win.ini
2013-08-06 01:17 - 2013-08-06 01:17 - 00000000 ____D C:\Windows\ERUNT
2013-08-06 01:16 - 2013-08-06 01:16 - 00003098 _____ C:\Windows\System32\Tasks\{3B137DB0-EE93-4304-A1D5-E1245BE95ABB}
2013-08-06 01:15 - 2013-08-06 01:15 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\And\Desktop\JRT.exe
2013-08-06 01:10 - 2013-08-06 01:10 - 00000000 ____D C:\FRST
2013-08-06 01:09 - 2013-08-06 01:09 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64.exe
2013-08-06 01:03 - 2013-08-06 00:48 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-06 01:02 - 2013-08-06 01:02 - 00001326 _____ C:\Windows\system32\.crusader
2013-08-06 00:49 - 2013-08-06 00:49 - 00001869 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-06 00:49 - 2013-08-06 00:49 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-06 00:48 - 2013-08-06 00:47 - 09853928 _____ (SurfRight B.V.) C:\Users\And\Downloads\HitmanPro_x64.exe
2013-08-06 00:38 - 2013-08-06 00:35 - 00001757 _____ C:\AdwCleaner[S4].txt
2013-08-06 00:29 - 2013-08-06 00:29 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 00:18 - 2013-08-04 22:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-06 00:16 - 2010-04-01 03:10 - 00001768 _____ C:\Windows\wininit.ini
2013-08-06 00:10 - 2013-08-06 00:10 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00000000 ____D C:\Program Files\Java
2013-08-06 00:09 - 2013-08-06 00:08 - 33150376 _____ (Oracle Corporation) C:\Users\And\Downloads\jre-7u25-windows-x64.exe
2013-08-06 00:00 - 2010-03-24 16:00 - 00000000 ____D C:\Users\And\AppData\Local\Adobe
2013-08-05 23:59 - 2013-08-05 23:59 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-05 23:59 - 2009-11-05 02:38 - 00000000 ____D C:\ProgramData\Adobe
2013-08-05 23:55 - 2013-08-05 23:53 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-05 23:55 - 2013-08-05 23:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-05 23:32 - 2013-02-25 00:02 - 00482816 ___SH C:\Users\And\Desktop\Thumbs.db
2013-08-05 23:17 - 2011-10-16 02:41 - 00000000 ____D C:\Users\And\AppData\Roaming\Vso
2013-08-05 23:17 - 2010-09-02 01:53 - 00000000 ____D C:\Users\And\AppData\Roaming\Media Player Classic
2013-08-05 23:17 - 2010-02-18 12:22 - 00000000 ____D C:\Users\And\Tracing
2013-08-05 23:10 - 2012-12-13 14:44 - 00000000 ____D C:\Users\And\AppData\Local\CrashDumps
2013-08-05 23:10 - 2009-07-27 22:41 - 00000000 ____D C:\Windows\Panther
2013-08-05 23:00 - 2013-08-05 23:00 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-05 23:00 - 2013-08-05 23:00 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-05 23:00 - 2013-08-05 23:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-05 22:58 - 2013-08-05 22:58 - 04429440 _____ (Piriform Ltd) C:\Users\And\Downloads\ccsetup404.exe
2013-08-05 16:23 - 2013-08-05 16:22 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-05 15:14 - 2013-08-05 15:14 - 00000000 _____ C:\autoexec.bat
2013-08-05 14:33 - 2013-08-05 14:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-05 14:25 - 2013-08-05 14:25 - 05799944 _____ (ParetoLogic, Inc.) C:\Users\And\Downloads\RegCureProSetup_RW.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\And\Downloads\SpyHunter-Installer.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00001205 _____ C:\Users\And\Downloads\FixNCR.reg
2013-08-05 11:10 - 2013-08-05 11:10 - 00001545 _____ C:\AdwCleaner[S3].txt
2013-08-05 11:09 - 2013-08-05 11:07 - 00001483 _____ C:\AdwCleaner[R3].txt
2013-08-05 09:13 - 2010-02-15 13:11 - 00000000 ____D C:\Users\And\AppData\Roaming\U3
2013-08-05 01:58 - 2013-08-04 15:36 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-08-04 23:00 - 2013-08-04 22:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-04 23:00 - 2013-03-16 19:54 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-04 22:19 - 2013-08-04 22:19 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-04 22:18 - 2013-08-04 22:17 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\And\Downloads\spybotsd-2.1.21-SR2.exe
2013-08-04 20:09 - 2013-08-04 20:09 - 00001951 _____ C:\AdwCleaner[S2].txt
2013-08-04 20:09 - 2013-08-04 20:07 - 00001883 _____ C:\AdwCleaner[R2].txt
2013-08-04 20:02 - 2013-08-04 20:02 - 00052900 _____ C:\AdwCleaner[S1].txt
2013-08-04 20:01 - 2013-08-04 20:00 - 00193497 _____ C:\AdwCleaner[R1].txt
2013-08-04 19:59 - 2013-08-04 20:01 - 00666633 _____ C:\Users\And\Desktop\adwcleaner06.exe
2013-08-04 19:59 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Downloads\adwcleaner06.exe
2013-08-04 18:10 - 2009-11-05 02:36 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-08-04 17:56 - 2012-10-19 09:50 - 00000000 ____D C:\Users\And\AppData\Roaming\Amazon
2013-08-04 17:56 - 2012-10-19 09:50 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-08-04 17:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-04 16:04 - 2013-08-04 16:04 - 00000116 _____ C:\Users\And\AppData\Roaming\wklnhst.dat
2013-08-04 16:04 - 2013-08-04 16:04 - 00000000 ____D C:\Users\And\AppData\Roaming\Template
2013-08-04 16:04 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-04 15:47 - 2013-08-04 15:35 - 00000000 ____D C:\Users\And\AppData\Roaming\Windows Net Data
2013-08-04 15:42 - 2009-07-14 06:45 - 05082032 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-04 15:38 - 2013-08-04 15:38 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\Users\And\Downloads\freepdf
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\SoftwareUpdater
2013-08-04 15:36 - 2010-02-12 21:31 - 00139336 _____ C:\Users\And\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-04 15:35 - 2010-02-12 21:32 - 00000000 ____D C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-04 15:32 - 2013-08-04 15:32 - 00444400 _____ C:\Users\And\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-04 11:34 - 2011-10-07 09:26 - 00000000 ____D C:\Users\And\Desktop\Andy Fotoordner
2013-08-04 10:25 - 2013-08-04 10:25 - 00000000 ____D C:\Users\And\AppData\Roaming\Avira
2013-08-04 10:20 - 2013-08-04 10:20 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-04 10:19 - 2013-08-04 10:19 - 00001998 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-04 10:18 - 2013-08-04 10:18 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-04 10:18 - 2011-03-25 23:27 - 00000000 ____D C:\ProgramData\Avira
2013-08-04 10:10 - 2013-08-04 10:18 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-04 10:10 - 2013-08-04 10:18 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-04 10:10 - 2013-08-04 10:18 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-03 02:19 - 2013-04-09 12:38 - 00000000 ____D C:\Users\And\AppData\Roaming\vlc
2013-08-02 02:39 - 2012-04-11 12:13 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-08-01 03:08 - 2013-08-04 15:36 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-01 01:10 - 2013-02-23 10:22 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-31 16:54 - 2012-11-01 10:23 - 00003332 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2466762564-940141292-4185495133-1000
2013-07-31 16:54 - 2012-11-01 10:23 - 00003194 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2466762564-940141292-4185495133-1000
2013-07-30 20:39 - 2013-07-30 20:39 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-30 20:26 - 2013-07-30 20:26 - 00000000 ____D C:\Users\TigerBlade\AppData\Roaming\Malwarebytes
2013-07-30 20:25 - 2012-12-12 23:07 - 00139336 _____ C:\Users\TigerBlade\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-30 15:31 - 2013-06-16 21:43 - 00000000 ____D C:\Users\And\Desktop\NEW PROG PROJECT
2013-07-30 12:57 - 2012-07-26 23:40 - 00000000 ____D C:\Users\And\Desktop\DIVERSES
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Roaming\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Local\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\ProgramData\www.rene-zeidler.de
2013-07-29 22:42 - 2011-07-21 06:44 - 00000000 ____D C:\Users\And\Desktop\Doros Welt
2013-07-29 21:48 - 2013-07-29 21:48 - 00003376 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-29 21:47 - 2013-07-29 21:47 - 00001324 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2013-07-29 21:47 - 2012-11-24 02:35 - 00000000 ____D C:\ProgramData\Freemake
2013-07-29 21:46 - 2013-07-29 21:46 - 01264816 _____ (Ellora Assets Corporation                                   ) C:\Users\And\Downloads\FreemakeAudioConverterSetup(1).exe
2013-07-29 21:28 - 2013-07-29 21:28 - 01111837 _____ (PolySoft Solutions                                          ) C:\Users\And\Downloads\FreeFLACToMP3Converter.exe
2013-07-29 21:25 - 2013-07-29 21:22 - 93548569 _____ C:\Users\And\Downloads\Rabentour2.zip
2013-07-29 19:02 - 2013-07-29 18:55 - 38760251 _____ C:\Users\And\Downloads\ffactory3_install [1].exe
2013-07-29 18:54 - 2013-07-29 18:54 - 00620896 _____ C:\Users\And\Downloads\ffactory3_install.exe
2013-07-29 18:34 - 2013-07-29 18:34 - 00001297 _____ C:\Users\And\Desktop\AVS4YOU Software Navigator.lnk
2013-07-29 18:34 - 2011-11-04 13:22 - 00000000 ____D C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2013-07-29 18:34 - 2011-11-04 13:21 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-07-29 18:33 - 2013-07-29 18:32 - 46406640 _____ (Online Media Technologies Ltd.                              ) C:\Users\And\Downloads\avs-audio-converter_19024.exe
2013-07-29 16:27 - 2011-10-07 09:26 - 00000000 ____D C:\Users\And\Desktop\Andy neue Daten - WICHTIG
2013-07-29 12:49 - 2013-02-27 13:42 - 00000000 ____D C:\Users\And\Desktop\SOULSEEK-FILES
2013-07-29 11:20 - 2010-02-13 15:32 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-07-26 09:10 - 2013-07-26 09:10 - 00033692 _____ C:\Users\And\Downloads\masterplan_soulburn.gp4
2013-07-26 08:10 - 2013-07-26 08:09 - 00000000 ____D C:\Users\And\Desktop\Mastering
2013-07-24 11:47 - 2013-07-24 11:47 - 00408697 _____ C:\Users\And\Downloads\Outlook.zip
2013-07-23 23:57 - 2012-01-08 20:43 - 00001057 _____ C:\Users\And\AppData\Roaming\vso_ts_preview.xml
2013-07-23 22:05 - 2013-07-23 22:05 - 00000000 ____D C:\Users\And\Documents\My Stationery
2013-07-23 22:03 - 2013-07-23 22:03 - 00009258 _____ C:\Users\And\Downloads\Delivery Status Notification (Failure).zip
2013-07-22 21:17 - 2013-07-21 20:09 - 95023320 ____T C:\ProgramData\ininolej.pad
2013-07-22 21:17 - 2013-07-21 20:09 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00002731 _____ C:\ProgramData\ininolej.js
2013-07-21 20:09 - 2013-07-21 20:09 - 00001011 _____ C:\ProgramData\sdaksda.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00000154 _____ C:\ProgramData\ininolej.reg
2013-07-21 20:09 - 2013-07-21 20:09 - 00000059 _____ C:\ProgramData\ininolej.bat
2013-07-15 12:41 - 2012-04-25 00:03 - 00000000 ____D C:\Users\And\AppData\Roaming\Mp3tag
2013-07-14 21:55 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-13 00:01 - 2013-02-23 10:21 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 00:01 - 2013-02-23 10:21 - 00003848 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 18:50 - 2013-07-12 18:50 - 00614400 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar.part
2013-07-12 18:50 - 2013-07-12 18:50 - 00000000 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar
2013-07-11 14:08 - 2013-07-11 13:48 - 60423352 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9.rar
2013-07-09 15:49 - 2013-07-09 15:49 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-09 15:49 - 2013-07-09 15:49 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
2013-07-07 12:55 - 2012-06-14 21:55 - 00000156 _____ C:\Windows\Twunk001.MTX
2013-07-07 12:55 - 2012-06-14 21:55 - 00000004 _____ C:\Windows\Twain001.Mtx

Files to move or delete:
====================
C:\ProgramData\ininolej.bat
C:\ProgramData\ininolej.pad
C:\ProgramData\ininolej.reg
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\ProgramData\z7_0ytr.pad

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-05 14:16

==================== End Of Log ============================

--- --- ---

--- --- ---

Virus_Killer · 06.08.2013, 15:00

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2013
Ran by And at 2013-08-06 15:48:43
Running from C:\Users\And\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Acer Arcade Deluxe (x32 Version: 3.0.7112)
Acer Backup Manager (x32 Version: 2.0.0.29)
Acer Crystal Eye Webcam (x32 Version: 5.2.9.3)
Acer ePower Management (x32 Version: 4.05.3004)
Acer eRecovery Management (x32 Version: 4.05.3005)
Acer GameZone Console (x32 Version: 5.1.0.2)
Acer GridVista (x32 Version: 3.01.0730)
Acer Registration (x32 Version: 1.02.3006)
Acer ScreenSaver (x32 Version: 1.7.0715)
Acer Updater (x32 Version: 1.01.3017)
Acer VCM (x32 Version: 4.05.3000)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 3.2.0.2070)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Photoshop 7.0 (x32 Version: 7.0)
Adobe Photoshop Lightroom 4 64-bit (Version: 4.0.1)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005)
ALPS Touch Pad Driver (Version: 7.105.2015.1105)
Apple Application Support (x32 Version: 2.3)
ARAX Disk Doctor Data Recovery (x32)
ATI Catalyst Install Manager (Version: 3.0.754.0)
AutoFriend (x32 Version: 4.00.0449)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
AviSynth 2.5 (x32)
AVS Update Manager 1.0 (x32)
AVS Video Converter 8 (x32)
AVS4YOU Software Navigator 1.4 (x32)
AVStoDVD 2.4.1 (x32 Version: 2.4.1)
Backup Manager Basic (x32 Version: 2.0.0.29)
Battle.net (x32)
Broadcom Gigabit NetLink Controller (Version: 12.33.03)
BrowseToSave (Version: 1.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center Graphics Full New (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center Graphics Light (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center InstallProxy (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center Localization All (x32 Version: 2009.1209.2335.42329)
CCC Help Chinese Standard (x32 Version: 2009.1209.2334.42329)
CCC Help Chinese Traditional (x32 Version: 2009.1209.2334.42329)
CCC Help Czech (x32 Version: 2009.1209.2334.42329)
CCC Help Danish (x32 Version: 2009.1209.2334.42329)
CCC Help Dutch (x32 Version: 2009.1209.2334.42329)
CCC Help English (x32 Version: 2009.1209.2334.42329)
CCC Help Finnish (x32 Version: 2009.1209.2334.42329)
CCC Help French (x32 Version: 2009.1209.2334.42329)
CCC Help German (x32 Version: 2009.1209.2334.42329)
CCC Help Greek (x32 Version: 2009.1209.2334.42329)
CCC Help Hungarian (x32 Version: 2009.1209.2334.42329)
CCC Help Italian (x32 Version: 2009.1209.2334.42329)
CCC Help Japanese (x32 Version: 2009.1209.2334.42329)
CCC Help Korean (x32 Version: 2009.1209.2334.42329)
CCC Help Norwegian (x32 Version: 2009.1209.2334.42329)
CCC Help Polish (x32 Version: 2009.1209.2334.42329)
CCC Help Portuguese (x32 Version: 2009.1209.2334.42329)
CCC Help Russian (x32 Version: 2009.1209.2334.42329)
CCC Help Spanish (x32 Version: 2009.1209.2334.42329)
CCC Help Swedish (x32 Version: 2009.1209.2334.42329)
CCC Help Thai (x32 Version: 2009.1209.2334.42329)
CCC Help Turkish (x32 Version: 2009.1209.2334.42329)
ccc-core-static (x32 Version: 2009.1209.2335.42329)
ccc-utility64 (Version: 2009.1209.2335.42329)
CDBurnerXP (Version: 4.3.8.2631)
CDisplay 1.8 (x32)
CloneDVD 4.1.0.23 (x32)
CloneDVD2 (x32)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
ContentSAFER (x32)
ConvertXtoDVD 4.1.2.336 (x32 Version: 4.1.2.336)
Doxillion Document Converter (x32)
Dream Day First Home (x32)
Dropbox (HKCU Version: 2.0.22)
DVD Decrypter (Remove Only) (x32)
DVDFab 8.2.1.5 (10/10/2012) Qt
eaner (Version: 4.04)
eBay Worldwide (x32 Version: 2.1.0901)
Free CD to MP3 Converter (x32)
Free DVD Decrypter version 1.5.6.908 (x32 Version: 1.5.6.908)
Free M4a to MP3 Converter 7.1 (x32)
Free MKV Video2Dvd 3.30 (x32)
Free Video Converter V 2.7 (x32 Version: 2.7.0.0)
Free WAV to MP3 Converter (x32 Version: 1.0)
Freemake Audio Converter Version 1.1.0 (x32 Version: 1.1.0)
GoforFiles (HKCU Version: 1.6.0)
Google Chrome (x32 Version: 28.0.1500.95)
Google Update Helper (x32 Version: 1.3.21.153)
Haali Media Splitter (x32)
High-Logic FontCreator 6.0 (x32)
HitmanPro 3.7 (Version: 3.7.7.203)
HomeTab 3.7 (x32 Version: 3.7)
Identity Card (x32 Version: 1.00.3003)
ImgBurn (x32 Version: 2.5.5.0)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel® Matrix Storage Manager
IPTInstaller (x32 Version: 4.0.4)
IVM Answering Attendant (x32)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 9 (x32 Version: 7.0.90)
Java Auto Updater (x32 Version: 2.1.9.0)
Java(TM) 6 Update 37 (x32 Version: 6.0.370)
JDownloader (x32 Version: 0.89)
Junk Mail filter update (x32 Version: 14.0.8089.726)
kikin Plugin (NO23 Edition) 1.11 (x32 Version: 1.11)
Launch Manager (x32 Version: 3.0.05)
Linkury Smartbar (x32 Version: 1.6.1.835)
LSI HDA Modem (Version: 2.2.98)
Magic Bullet Suite 64-bit (Version: 11.4.1)
Magic Bullet Suite 64-bit (x32 Version: 11.4.1)
Magic ISO Maker v5.5 (build 0281) (x32)
MAGIX Foto Clinic 4.5 (D) (x32 Version: 4.5.8.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Messer v0.992 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Language Pack 2007 - German/Deutsch (x32 Version: 12.0.6612.1000)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32)
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Word 2000 (x32 Version: 9.00.2816)
Microsoft Works (x32 Version: 9.7.0621)
MixMeister BPM Analyzer 1.0 (x32)
MKVtoolnix 4.9.1 (x32 Version: 4.9.1)
Monkey's Audio (x32)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mp3tag v2.51 (x32 Version: v2.51)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyVideoConverter 2.405 (x32 Version: 2.405)
MyWinLocker (x32 Version: 3.1.76.0)
Nero 7 Ultra Edition (x32 Version: 7.02.0936)
NJStar Chinese WP (x32 Version: 5.30)
No23 Recorder (x32 Version: 2.1.0.3)
Norton Online Backup (x32 Version: 1.2.0.36)
NTI Backup Now 5 (x32 Version: 5.1.2.627)
NTI Backup Now Standard (x32 Version: 5.1.2.627)
NTI Media Maker 8 (x32 Version: 8.0.12.6623)
Opera 11.51 (x32 Version: 11.51)
Paint.NET v3.5.10 (Version: 3.60.0)
PandoraRecovery (Remove Only) (x32)
PC Inspector File Recovery (x32 Version: 4.0)
PCSX2 - Playstation 2 Emulator (x32)
PDF24 Creator 4.9.0 (x32)
PhotoScape (x32)
PrimaScan 2400U (x32)
Project64 1.6 (x32 Version: 1.6)
QuickTime (x32 Version: 7.73.80.64)
Real Alternative 2.0.2 (x32 Version: 2.0.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32 Version: 15.0.6)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Recuva (Version: 1.39)
Revo Uninstaller 1.94 (x32 Version: 1.94)
Roadkil's Unstoppable Copier Version 5.2 (x32)
Sony Ericsson PC Companion 1.60.13 (x32 Version: 1.60.13)
Sony Ericsson Update Service (x32 Version: 2.11.7.13)
SoulSeek 157 NS 13e (x32)
Stamp ID3 Tag Editor (x32)
StuffIt Expander 2011 (Version: 15.0.1.17)
Super Luigi (x32)
Super Mario Combat (x32)
SWFPlayer 2.6.2.0 (x32 Version: 2.6.2.0)
Ultimate Sonic (x32)
UltraISO Premium V9.53 (x32)
Uninstall 1.0.0.1 (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0)
VLC media player 2.0.5 (Version: 2.0.5)
WaveLab 6 (x32 Version: 6.1.1.353)
Welcome Center (x32 Version: 1.00.3008)
Western Railway 3D Screensaver 1.0 (x32 Version: 1.0)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows Utils (x32)
WinISO (x32 Version: 6.2.0.4561)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001)
WinRAR
XSManager (x32 Version: 3.0)

==================== Restore Points  =========================

06-08-2013 09:31:41 Windows Update
06-08-2013 12:33:08 Windows Update
06-08-2013 13:29:32 Camtasia Studio 8 wird entfernt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-02-07 16:31 - 00000944 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activation.cloud.techsmith.com
127.0.0.1 lmlicenses.wip4.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {1CD23554-B33D-46FF-916C-325F9F27F1CA} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2466762564-940141292-4185495133-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {26185D45-5F8C-4C0D-B0BB-63D41852AF5D} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe No File
Task: {2A2C732F-C72B-4977-BC8C-ED4D3B8B0DF0} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2012-06-25] ()
Task: {463FC5CA-DEBB-44CD-BB16-5F371308683D} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File
Task: {58855AB7-D989-4402-B41C-906C98816BAC} - System32\Tasks\BrowserDefendert => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation)
Task: {63C53241-09EA-4F28-AE0F-A4396E9440FA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2466762564-940141292-4185495133-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {6A7F103C-4524-4BC0-8764-3D7A5A14F726} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe No File
Task: {7CCCD295-0B69-4A5C-9AD6-EBBED5C1E5BF} - System32\Tasks\NCH Swift Sound\ivmShakeIcon => C:\Program Files (x86)\NCH Swift Sound\IVM\IVM.exe [2011-01-03] (NCH Software)
Task: {97644A33-D20B-4900-B503-56C6D96752BF} - System32\Tasks\EPUpdater => C:\Users\And\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File
Task: {A238C6CC-6F3B-4D21-866B-38FC99EAE2BF} - System32\Tasks\DealPly => C:\Users\And\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE No File
Task: {A4342C0D-B7D6-4CEE-9621-9B6CEC5279C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.)
Task: {AAE87F3E-E936-47FF-AFBA-F50BFB764974} - System32\Tasks\schedule!3036567561 => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe No File
Task: {ABDF708E-3A66-4B3F-A63C-383F08C48EB5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {AD4643DF-A225-4F86-8E54-0DB89C6426DA} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe No File
Task: {AF61EF2A-880F-4659-8AA3-7D11152B6A37} - System32\Tasks\NCH Software\StampReminder => C:\Program Files (x86)\NCH Software\Stamp\Stamp.exe [2012-06-02] (NCH Software)
Task: {B25AA450-1194-4CFA-95C8-91284517A395} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {B2EC01C0-68F2-4523-8374-84CBEC6E8AE6} - \Browser Updater\Browser Updater No Task File
Task: {C7D66695-B35A-40CB-A5F0-09540CBA3B53} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe No File
Task: {D2998863-EAE5-4B9E-9913-B17B7FAA996F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.)
Task: {E3C4397C-658D-45B8-8BA6-434F5065DC97} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\schedule!3036567561.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe

==================== Faulty Device Manager Devices =============

Name: pcouffin device ...
Description: pcouffin device ...
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/06/2013 11:59:14 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.MFC,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {66D3DCA5-4396-3023-BB22-E980C88CBE12}

Error: (08/06/2013 10:33:57 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/06/2013 10:33:29 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/06/2013 10:33:24 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/06/2013 10:33:20 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/06/2013 10:32:29 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/06/2013 10:32:25 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/06/2013 10:32:20 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/06/2013 10:31:39 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (08/06/2013 03:59:20 AM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog


System errors:
=============
Error: (08/06/2013 03:08:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/06/2013 03:08:27 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht.

Error: (08/06/2013 03:04:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PPDevice" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (08/06/2013 03:04:06 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ppsio2.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/06/2013 03:03:43 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎06.‎08.‎2013 um 15:02:02 unerwartet heruntergefahren.

Error: (08/06/2013 01:56:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2661254)

Error: (08/06/2013 01:38:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5.1 unter Windows 7 und Windows Server 2008 R2 für x64-basierte Systeme (KB2742598)

Error: (08/06/2013 01:38:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2647753)

Error: (08/06/2013 01:38:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2644615)

Error: (08/06/2013 01:38:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-Systeme (KB2698365)


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 3956.5 MB
Available physical RAM: 2097.43 MB
Total Pagefile: 7712.04 MB
Available Pagefile: 5577.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:286.27 GB) (Free:7.25 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 5CCE5CCE)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS)

==================== End Of Log ============================

ich hoffe alles ist entfernt sonst bitte mich drauf hinweisen falls ich etwas übersehn habe

cosinus · 06.08.2013, 15:04

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Virus_Killer · 06.08.2013, 15:44

alles klar hier ist die Combofix.txt :

Code:

ATTFilter

ComboFix 13-08-05.03 - And 06.08.2013  16:17:58.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3956.2191 [GMT 2:00]
ausgeführt von:: c:\users\And\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
 ADS - Windows: deleted 48 bytes in 1 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\programdata\46980872
c:\programdata\ininolej.pad
c:\programdata\wavav0bdtzbtb43b.bat
c:\programdata\z7_0ytr.pad
c:\users\And\AppData\Local\lame_enc.dll
c:\users\And\AppData\Local\no23xwrapper.dll
c:\users\And\AppData\Local\ogg.dll
c:\users\And\AppData\Local\vorbisenc.dll
c:\users\And\AppData\Local\vorbisfile.dll
c:\users\And\AppData\Roaming\13001.021
c:\users\And\AppData\Roaming\13001.021\chrome.manifest
c:\users\And\AppData\Roaming\13001.021\components\AcroFF.txt
c:\users\And\AppData\Roaming\13001.021\install.rdf
c:\users\And\AppData\Roaming\13001.022
c:\users\And\AppData\Roaming\13001.022\chrome.manifest
c:\users\And\AppData\Roaming\13001.022\components\AcroFF.txt
c:\users\And\AppData\Roaming\13001.022\install.rdf
c:\users\And\AppData\Roaming\13001.023
c:\users\And\AppData\Roaming\13001.023\chrome.manifest
c:\users\And\AppData\Roaming\13001.023\components\AcroFF.txt
c:\users\And\AppData\Roaming\13001.023\install.rdf
c:\users\And\AppData\Roaming\Acna
c:\users\And\AppData\Roaming\Acna\usnya.kal
c:\users\And\AppData\Roaming\AcroIEHelpe.txt
c:\users\And\AppData\Roaming\Hyazlu
c:\users\And\AppData\Roaming\Hyazlu\iriq.xuq
c:\users\And\AppData\Roaming\Iqwapo
c:\users\And\AppData\Roaming\Iqwapo\pyum.ylc
c:\users\And\AppData\Roaming\Kayt
c:\users\And\AppData\Roaming\Kayt\veaka.uta
c:\users\And\AppData\Roaming\srvblck5.tmp
c:\users\And\AppData\Roaming\Syizka
c:\users\And\AppData\Roaming\Syizka\meidt.agd
c:\windows\IsUn0407.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-06 bis 2013-08-06  ))))))))))))))))))))))))))))))
.
.
2013-08-06 14:27 . 2013-08-06 14:27	--------	d-----w-	c:\users\TigerBlade\AppData\Local\temp
2013-08-06 14:27 . 2013-08-06 14:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-08-06 14:27 . 2013-08-06 14:27	--------	d-----w-	c:\users\Andicore\AppData\Local\temp
2013-08-05 23:17 . 2013-08-05 23:17	--------	d-----w-	c:\windows\ERUNT
2013-08-05 23:10 . 2013-08-05 23:10	--------	d-----w-	C:\FRST
2013-08-05 22:49 . 2013-08-05 22:49	--------	d-----w-	c:\program files\HitmanPro
2013-08-05 22:48 . 2013-08-05 23:03	--------	d-----w-	c:\programdata\HitmanPro
2013-08-05 22:10 . 2013-08-05 22:10	972712	----a-w-	c:\windows\system32\deployJava1.dll
2013-08-05 22:10 . 2013-08-05 22:10	312232	----a-w-	c:\windows\system32\javaws.exe
2013-08-05 22:10 . 2013-08-05 22:10	1093032	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-08-05 22:10 . 2013-08-05 22:10	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-08-05 22:10 . 2013-08-05 22:10	189352	----a-w-	c:\windows\system32\javaw.exe
2013-08-05 22:10 . 2013-08-05 22:10	188840	----a-w-	c:\windows\system32\java.exe
2013-08-05 22:10 . 2013-08-05 22:10	--------	d-----w-	c:\program files\Java
2013-08-05 21:53 . 2013-08-05 21:55	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-05 21:53 . 2013-08-05 21:55	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-05 21:52 . 2011-04-09 06:58	142336	----a-w-	c:\windows\system32\poqexec.exe
2013-08-05 21:52 . 2011-04-09 05:56	123904	----a-w-	c:\windows\SysWow64\poqexec.exe
2013-08-05 21:20 . 2012-02-11 06:32	956416	----a-w-	c:\windows\system32\localspl.dll
2013-08-05 21:20 . 2012-02-11 06:36	751104	----a-w-	c:\windows\system32\win32spl.dll
2013-08-05 21:20 . 2012-02-11 06:29	559104	----a-w-	c:\windows\system32\spoolsv.exe
2013-08-05 21:20 . 2012-02-11 06:29	67584	----a-w-	c:\windows\splwow64.exe
2013-08-05 21:20 . 2012-02-11 05:44	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-08-05 21:19 . 2012-06-02 05:25	1462784	----a-w-	c:\windows\system32\crypt32.dll
2013-08-05 21:19 . 2012-06-02 05:25	182272	----a-w-	c:\windows\system32\cryptsvc.dll
2013-08-05 21:19 . 2012-06-02 05:25	140288	----a-w-	c:\windows\system32\cryptnet.dll
2013-08-05 21:19 . 2012-06-02 04:45	139264	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-08-05 21:19 . 2012-06-02 04:45	1157632	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-08-05 21:19 . 2012-06-02 04:45	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-08-05 21:18 . 2011-11-19 15:07	77312	----a-w-	c:\windows\system32\packager.dll
2013-08-05 21:18 . 2011-11-19 14:06	67072	----a-w-	c:\windows\SysWow64\packager.dll
2013-08-05 21:00 . 2013-08-05 21:00	--------	d-----w-	c:\program files\CCleaner
2013-08-05 20:40 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2013-08-05 20:40 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2013-08-05 20:40 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2013-08-05 20:40 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2013-08-05 20:39 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2013-08-05 20:39 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2013-08-05 14:22 . 2013-08-05 14:23	--------	d-----w-	c:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-05 12:33 . 2013-08-05 12:33	--------	d-----w-	c:\program files\Enigma Software Group
2013-08-05 12:31 . 2013-08-05 12:31	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-08-04 20:19 . 2013-08-04 21:00	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-08-04 20:19 . 2013-08-05 22:18	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2013-08-04 14:04 . 2013-08-04 14:04	--------	d-----w-	c:\users\And\AppData\Roaming\Template
2013-08-04 13:39 . 2013-08-04 13:39	--------	d-----w-	c:\program files (x86)\Common Files\soft Xpansion
2013-08-04 13:38 . 2013-08-04 13:38	--------	d-----w-	C:\SoftwareUpdater
2013-08-04 13:36 . 2013-08-01 01:08	32328	----a-w-	c:\windows\Launcher.exe
2013-08-04 13:35 . 2013-08-04 13:47	--------	d-----w-	c:\users\And\AppData\Roaming\Windows Net Data
2013-08-04 08:25 . 2013-08-04 08:25	--------	d-----w-	c:\users\And\AppData\Roaming\Avira
2013-08-04 08:20 . 2013-08-04 08:20	83672	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-08-04 08:18 . 2013-08-04 08:10	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-08-04 08:18 . 2013-08-04 08:10	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-08-04 08:18 . 2013-08-04 08:10	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-08-04 08:18 . 2013-08-04 08:18	--------	d-----w-	c:\program files (x86)\Avira
2013-07-30 18:26 . 2013-07-30 18:26	--------	d-----w-	c:\users\TigerBlade\AppData\Roaming\Malwarebytes
2013-07-30 10:56 . 2013-07-30 10:56	--------	d-----w-	c:\users\And\AppData\Local\www.rene-zeidler.de
2013-07-30 10:56 . 2013-07-30 10:56	--------	d-----w-	c:\users\And\AppData\Roaming\www.rene-zeidler.de
2013-07-30 10:56 . 2013-07-30 10:56	--------	d-----w-	c:\programdata\www.rene-zeidler.de
2013-07-21 18:09 . 2013-07-21 18:09	59	----a-w-	c:\programdata\ininolej.bat
2013-07-21 18:09 . 2013-07-21 18:09	2731	----a-w-	c:\programdata\ininolej.js
2013-07-21 18:09 . 2013-07-21 18:09	154	----a-w-	c:\programdata\ininolej.reg
2013-07-09 13:49 . 2013-07-09 13:49	162	----a-w-	c:\programdata\wavav0bdtzbtb43b.reg
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-06 14:34 . 2013-08-06 14:34	32000	----a-w-	c:\windows\system32\drivers\hitmanpro37.sys
2013-08-03 11:57 . 2013-08-03 11:57	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B9C1BC9-A7B9-4BC2-BF19-382EC5C548E8}\offreg.dll
2013-07-02 08:34 . 2013-07-18 04:15	9460976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B9C1BC9-A7B9-4BC2-BF19-382EC5C548E8}\mpengine.dll
2013-06-23 22:41 . 2010-02-19 11:37	78185248	----a-w-	c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41	120104	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-09 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"IVM"="c:\program files (x86)\NCH Swift Sound\IVM\ivm.exe" [2011-01-02 1514500]
"MAAgent"="c:\program files (x86)\MarkAny\ContentSAFER\MAAgent.exe" [2008-09-19 61440]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-09-06 162408]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-11-01 296096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-08-04 345144]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\And\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
net.lnk - c:\users\And\AppData\Roaming\Windows Net Data\net.exe [2013-8-4 709120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 IVMService;IVM Answering Attendant;c:\program files (x86)\NCH Swift Sound\IVM\ivm.exe;c:\program files (x86)\NCH Swift Sound\IVM\ivm.exe [x]
R2 ppsio2;PPDevice; [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmnsusbser.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 SXDS10;soft Xpansion Dispatch Service;c:\program files (x86)\Common Files\soft Xpansion\sxds10.exe \Service;c:\program files (x86)\Common Files\soft Xpansion\sxds10.exe \Service [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 WinisoCDBus;WinISO Virtual CD Drive;c:\windows\system32\drivers\WinisoCDBus.sys;c:\windows\SYSNATIVE\drivers\WinisoCDBus.sys [x]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe;c:\windows\service4g.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - HITMANPRO37
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 23:08	1173456	----a-w-	c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23 08:21]
.
2013-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23 08:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44	137512	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
IE: {{92808042-fb78-4fa0-bb4f-c9a95e0e9c10} - {ba696155-d96e-4281-b467-0367a0456474} - c:\users\And\AppData\Roaming\HomeTab\HomeTab.dll
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\And\AppData\Roaming\Mozilla\Firefox\Profiles\c4ua26qo.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{ba696155-d96e-4281-b467-0367a0456474} - c:\users\And\AppData\Roaming\HomeTab\HomeTab.dll
Toolbar-{ba696155-d96e-4281-b467-0367a0456474} - c:\users\And\AppData\Roaming\HomeTab\HomeTab.dll
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Wow6432Node-HKCU-Run-MRDaemon.exe - c:\program files (x86)\Mnet\QuickManager2\MRDaemon.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Eqxooqba - c:\users\And\AppData\Roaming\Toic\ytxoe.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-Free DVD Decrypter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-kikin Plugin (NO23 Edition) - c:\program files (x86)\kikin\uninst.exe
AddRemove-SP_f2a323db - c:\program files (x86)\BrowseToSave\uninstall.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
AddRemove-{3a4935b3-b7a0-4065-8ccc-0030471b33f1}_is1 - c:\program files (x86)\HomeTab\unins000.exe
AddRemove-GoforFiles - c:\program files (x86)\GoforFiles\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\starter4g.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\users\And\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-06  16:40:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-08-06 14:40
.
Vor Suchlauf: 6.898.270.208 Bytes frei
Nach Suchlauf: 6.283.636.736 Bytes frei
.
- - End Of File - - 087D8695E5E44887D28A750A5DAB6729
5C616939100B85E558DA92B899A0FC36

cosinus · 06.08.2013, 16:13

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit Farbars Tool bitte:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Virus_Killer · 06.08.2013, 21:32

okay hier die JRT.txt :

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.3 (08.04.2013:1)
OS: Windows 7 Home Premium x64
Ran by And on 06.08.2013 at 21:48:13,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.08.2013 at 21:56:26,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und hier die Adwcleaner Log:

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 06/08/2013 um 22:05:19 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : And - AND-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\And\Desktop\adwcleaner06.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.16722

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\And\AppData\Roaming\Mozilla\Firefox\Profiles\c4ua26qo.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Andicore\AppData\Roaming\Mozilla\Firefox\Profiles\toomd3re.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v28.0.1500.95

Datei : C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v11.51.1087.0

Datei : C:\Users\And\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [193497 octets] - [04/08/2013 20:00:00]
AdwCleaner[R2].txt - [1883 octets] - [04/08/2013 20:07:03]
AdwCleaner[R3].txt - [1483 octets] - [05/08/2013 11:07:51]
AdwCleaner[S1].txt - [52900 octets] - [04/08/2013 20:02:21]
AdwCleaner[S2].txt - [1951 octets] - [04/08/2013 20:09:33]
AdwCleaner[S3].txt - [1545 octets] - [05/08/2013 11:10:22]
AdwCleaner[S4].txt - [1757 octets] - [06/08/2013 00:35:47]
AdwCleaner[S5].txt - [1652 octets] - [06/08/2013 10:12:39]
AdwCleaner[S6].txt - [1583 octets] - [06/08/2013 22:05:19]

########## EOF - C:\AdwCleaner[S6].txt - [1643 octets] ##########

und hier die FRST.txt und Addition.txt :

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2013
Ran by And (administrator) on 06-08-2013 22:26:18
Running from C:\Users\And\Downloads
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Dropbox, Inc.) C:\Users\And\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Windows Net) C:\Users\And\AppData\Roaming\Windows Net Data\net.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
((주)마크애니) C:\Program Files (x86)\MarkAny\ContentSAFER\MAAgent.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Farbar) C:\Users\And\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-23] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-09-25] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [IVM] - C:\Program Files (x86)\NCH Swift Sound\IVM\ivm.exe [1514500 2011-01-03] (NCH Software)
HKLM-x32\...\Run: [MAAgent] - C:\Program Files (x86)\MarkAny\ContentSAFER\MAAgent.exe [61440 2008-09-19] ((주)마크애니)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162408 2012-09-06] (Geek Software GmbH)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2012-11-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-08] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\And\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\And\AppData\Roaming\Windows Net Data\net.exe (Windows Net)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360210d006l0458z1h5t4471e56q
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\And\AppData\Roaming\HomeTab\HomeTab.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\And\AppData\Roaming\HomeTab\HomeTab.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} -  No File
Handler: ipp - No CLSID Value - 
Handler: msdaipp - No CLSID Value - 
Handler-x32: ipp - No CLSID Value - 
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\PROGRA~2\MarkAny\CONTEN~1\MACSMA~1.DLL [192512 2004-11-23] (MarkAny Cooperation.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\And\AppData\Roaming\Mozilla\Firefox\Profiles\c4ua26qo.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] C:\Users\And\AppData\Roaming\13001.023
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Freemake Video Downloader) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0
CHR Extension: (Freemake Youtube Download Button) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0
CHR Extension: () - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html
CHR Extension: (Hedgehog in the fog) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\And\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fgibjgmnimooanbagcfpnkmngejcojaf] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx
CHR HKLM-x32\...\Chrome\Extension: [hempmfkijmahkaddljkmchcmjbojoedl] - C:\Users\And\AppData\Local\Temp\ccex.crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [mbcjjdjanpccmehilicphhmeobiljcpk] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-04] (Avira Operations GmbH & Co. KG)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-07-17] (Freemake)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-08-06] (SurfRight B.V.)
S2 IVMService; C:\Program Files (x86)\NCH Swift Sound\IVM\ivm.exe [1514500 2011-01-03] (NCH Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] ()
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-04] (soft Xpansion)
R2 XS Stick Service; C:\Windows\service4g.exe [125200 2009-06-17] (4G Systems GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-04] (Avira Operations GmbH & Co. KG)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2010-02-13] (Mobile Connector)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2013-02-28] ()
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2012-06-27] (WinISO.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-06 21:56 - 2013-08-06 21:56 - 00000623 _____ C:\Users\And\Desktop\JRT.txt
2013-08-06 21:45 - 2013-08-06 21:45 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\And\Downloads\JRT.exe
2013-08-06 16:40 - 2013-08-06 16:40 - 00024054 _____ C:\ComboFix.txt
2013-08-06 16:13 - 2013-08-06 16:11 - 05100695 ____R (Swearware) C:\Users\And\Desktop\ComboFix.exe
2013-08-06 16:12 - 2013-08-06 16:40 - 00000000 ____D C:\Qoobox
2013-08-06 16:12 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-06 16:12 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-06 16:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-06 16:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-06 16:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-06 16:12 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-06 16:12 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-06 16:12 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-06 16:11 - 2013-08-06 16:38 - 00000000 ____D C:\Windows\erdnt
2013-08-06 16:11 - 2013-08-06 16:11 - 05100695 ____R (Swearware) C:\Users\And\Downloads\ComboFix.exe
2013-08-06 13:57 - 2013-08-06 13:57 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64(1).exe
2013-08-06 10:45 - 2013-08-06 16:30 - 00002260 _____ C:\Windows\PFRO.log
2013-08-06 10:20 - 2013-08-06 10:21 - 00001652 _____ C:\Users\And\Desktop\adwcleanert.txt
2013-08-06 10:12 - 2013-08-06 10:16 - 00001652 _____ C:\AdwCleaner[S5].txt
2013-08-06 02:55 - 2013-08-06 02:59 - 00004638 _____ C:\Windows\IE9_main.log
2013-08-06 01:17 - 2013-08-06 01:17 - 00000000 ____D C:\Windows\ERUNT
2013-08-06 01:16 - 2013-08-06 01:16 - 00003098 _____ C:\Windows\System32\Tasks\{3B137DB0-EE93-4304-A1D5-E1245BE95ABB}
2013-08-06 01:15 - 2013-08-06 01:15 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\And\Desktop\JRT.exe
2013-08-06 01:11 - 2013-08-06 15:49 - 00026579 _____ C:\Users\And\Downloads\Addition.txt
2013-08-06 01:10 - 2013-08-06 01:10 - 00000000 ____D C:\FRST
2013-08-06 01:09 - 2013-08-06 01:09 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64.exe
2013-08-06 01:02 - 2013-08-06 01:02 - 00001326 _____ C:\Windows\system32\.crusader
2013-08-06 00:49 - 2013-08-06 00:49 - 00001869 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-06 00:49 - 2013-08-06 00:49 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-06 00:48 - 2013-08-06 01:03 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-06 00:47 - 2013-08-06 00:48 - 09853928 _____ (SurfRight B.V.) C:\Users\And\Downloads\HitmanPro_x64.exe
2013-08-06 00:35 - 2013-08-06 00:38 - 00001757 _____ C:\AdwCleaner[S4].txt
2013-08-06 00:29 - 2013-08-06 22:15 - 00000616 _____ C:\Windows\setupact.log
2013-08-06 00:29 - 2013-08-06 00:29 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 00:10 - 2013-08-06 00:10 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00000000 ____D C:\Program Files\Java
2013-08-06 00:08 - 2013-08-06 00:09 - 33150376 _____ (Oracle Corporation) C:\Users\And\Downloads\jre-7u25-windows-x64.exe
2013-08-05 23:59 - 2013-08-05 23:59 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-05 23:53 - 2013-08-05 23:55 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-05 23:53 - 2013-08-05 23:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-05 23:52 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-08-05 23:52 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-08-05 23:20 - 2012-02-11 08:36 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-08-05 23:20 - 2012-02-11 08:32 - 00956416 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-08-05 23:20 - 2012-02-11 08:29 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-08-05 23:20 - 2012-02-11 08:29 - 00067584 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-08-05 23:20 - 2012-02-11 07:44 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-08-05 23:19 - 2012-06-02 07:25 - 01462784 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-05 23:19 - 2012-06-02 07:25 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-05 23:19 - 2012-06-02 07:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-05 23:19 - 2012-06-02 06:45 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-05 23:19 - 2012-06-02 06:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-05 23:19 - 2012-06-02 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-05 23:18 - 2011-11-19 17:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2013-08-05 23:18 - 2011-11-19 16:06 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2013-08-05 23:00 - 2013-08-05 23:00 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-05 23:00 - 2013-08-05 23:00 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-05 23:00 - 2013-08-05 23:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-05 22:58 - 2013-08-05 22:58 - 04429440 _____ (Piriform Ltd) C:\Users\And\Downloads\ccsetup404.exe
2013-08-05 22:40 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-08-05 22:40 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-08-05 22:40 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-08-05 22:40 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-08-05 22:39 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-08-05 22:39 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-08-05 16:22 - 2013-08-05 16:23 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-05 15:14 - 2013-08-05 15:14 - 00000000 _____ C:\autoexec.bat
2013-08-05 14:33 - 2013-08-05 14:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-05 14:25 - 2013-08-05 14:25 - 05799944 _____ (ParetoLogic, Inc.) C:\Users\And\Downloads\RegCureProSetup_RW.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\And\Downloads\SpyHunter-Installer.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00001205 _____ C:\Users\And\Downloads\FixNCR.reg
2013-08-05 11:10 - 2013-08-05 11:10 - 00001545 _____ C:\AdwCleaner[S3].txt
2013-08-05 11:07 - 2013-08-05 11:09 - 00001483 _____ C:\AdwCleaner[R3].txt
2013-08-04 22:19 - 2013-08-06 00:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-04 22:19 - 2013-08-04 23:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-04 22:19 - 2013-08-04 22:19 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-04 22:17 - 2013-08-04 22:18 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\And\Downloads\spybotsd-2.1.21-SR2.exe
2013-08-04 20:09 - 2013-08-04 20:09 - 00001951 _____ C:\AdwCleaner[S2].txt
2013-08-04 20:07 - 2013-08-04 20:09 - 00001883 _____ C:\AdwCleaner[R2].txt
2013-08-04 20:02 - 2013-08-04 20:02 - 00052900 _____ C:\AdwCleaner[S1].txt
2013-08-04 20:01 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Desktop\adwcleaner06.exe
2013-08-04 20:00 - 2013-08-04 20:01 - 00193497 _____ C:\AdwCleaner[R1].txt
2013-08-04 19:59 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Downloads\adwcleaner06.exe
2013-08-04 16:04 - 2013-08-04 16:04 - 00000116 _____ C:\Users\And\AppData\Roaming\wklnhst.dat
2013-08-04 16:04 - 2013-08-04 16:04 - 00000000 ____D C:\Users\And\AppData\Roaming\Template
2013-08-04 15:38 - 2013-08-04 15:38 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\Users\And\Downloads\freepdf
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\SoftwareUpdater
2013-08-04 15:36 - 2013-08-05 01:58 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-08-04 15:36 - 2013-08-01 03:08 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-04 15:35 - 2013-08-04 15:47 - 00000000 ____D C:\Users\And\AppData\Roaming\Windows Net Data
2013-08-04 15:32 - 2013-08-04 15:32 - 00444400 _____ C:\Users\And\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-04 10:25 - 2013-08-04 10:25 - 00000000 ____D C:\Users\And\AppData\Roaming\Avira
2013-08-04 10:20 - 2013-08-04 10:20 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-04 10:19 - 2013-08-04 10:19 - 00001998 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-04 10:18 - 2013-08-04 10:18 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-04 10:18 - 2013-08-04 10:10 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-04 10:18 - 2013-08-04 10:10 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-04 10:18 - 2013-08-04 10:10 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-30 20:39 - 2013-07-30 20:39 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-30 20:26 - 2013-07-30 20:26 - 00000000 ____D C:\Users\TigerBlade\AppData\Roaming\Malwarebytes
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Roaming\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Local\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\ProgramData\www.rene-zeidler.de
2013-07-29 21:48 - 2013-07-29 21:48 - 00003376 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-29 21:47 - 2013-07-29 21:47 - 00001324 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2013-07-29 21:46 - 2013-07-29 21:46 - 01264816 _____ (Ellora Assets Corporation                                   ) C:\Users\And\Downloads\FreemakeAudioConverterSetup(1).exe
2013-07-29 21:28 - 2013-07-29 21:28 - 01111837 _____ (PolySoft Solutions                                          ) C:\Users\And\Downloads\FreeFLACToMP3Converter.exe
2013-07-29 21:22 - 2013-07-29 21:25 - 93548569 _____ C:\Users\And\Downloads\Rabentour2.zip
2013-07-29 18:55 - 2013-07-29 19:02 - 38760251 _____ C:\Users\And\Downloads\ffactory3_install [1].exe
2013-07-29 18:54 - 2013-07-29 18:54 - 00620896 _____ C:\Users\And\Downloads\ffactory3_install.exe
2013-07-29 18:34 - 2013-07-29 18:34 - 00001297 _____ C:\Users\And\Desktop\AVS4YOU Software Navigator.lnk
2013-07-29 18:32 - 2013-07-29 18:33 - 46406640 _____ (Online Media Technologies Ltd.                              ) C:\Users\And\Downloads\avs-audio-converter_19024.exe
2013-07-26 09:10 - 2013-07-26 09:10 - 00033692 _____ C:\Users\And\Downloads\masterplan_soulburn.gp4
2013-07-26 08:09 - 2013-07-26 08:10 - 00000000 ____D C:\Users\And\Desktop\Mastering
2013-07-24 11:47 - 2013-07-24 11:47 - 00408697 _____ C:\Users\And\Downloads\Outlook.zip
2013-07-23 22:05 - 2013-07-23 22:05 - 00000000 ____D C:\Users\And\Documents\My Stationery
2013-07-23 22:03 - 2013-07-23 22:03 - 00009258 _____ C:\Users\And\Downloads\Delivery Status Notification (Failure).zip
2013-07-21 20:09 - 2013-07-22 21:17 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00002731 _____ C:\ProgramData\ininolej.js
2013-07-21 20:09 - 2013-07-21 20:09 - 00001011 _____ C:\ProgramData\sdaksda.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00000154 _____ C:\ProgramData\ininolej.reg
2013-07-21 20:09 - 2013-07-21 20:09 - 00000059 _____ C:\ProgramData\ininolej.bat
2013-07-12 18:50 - 2013-07-12 18:50 - 00614400 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar.part
2013-07-12 18:50 - 2013-07-12 18:50 - 00000000 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar
2013-07-11 13:48 - 2013-07-11 14:08 - 60423352 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9.rar
2013-07-09 15:49 - 2013-07-09 15:49 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
177

==================== One Month Modified Files and Folders =======

2013-08-06 22:25 - 2009-07-14 06:45 - 00017376 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-06 22:25 - 2009-07-14 06:45 - 00017376 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-06 22:22 - 2010-01-24 08:37 - 01608805 _____ C:\Windows\WindowsUpdate.log
2013-08-06 22:19 - 2011-01-03 00:44 - 00000000 ____D C:\Windows\System32\Tasks\NCH Swift Sound
2013-08-06 22:18 - 2013-04-12 14:29 - 00000000 ____D C:\Users\And\AppData\Roaming\Dropbox
2013-08-06 22:17 - 2013-02-23 10:21 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-06 22:15 - 2013-08-06 00:29 - 00000616 _____ C:\Windows\setupact.log
2013-08-06 22:15 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-06 22:08 - 2013-08-06 22:05 - 00001712 _____ C:\AdwCleaner[S6].txt
2013-08-06 22:07 - 2013-02-23 10:21 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-06 21:56 - 2013-08-06 21:56 - 00000623 _____ C:\Users\And\Desktop\JRT.txt
2013-08-06 21:45 - 2013-08-06 21:45 - 00563461 _____ (Oleg N. Scherbakov) C:\Users\And\Downloads\JRT.exe
2013-08-06 16:40 - 2013-08-06 16:40 - 00024054 _____ C:\ComboFix.txt
2013-08-06 16:40 - 2013-08-06 16:12 - 00000000 ____D C:\Qoobox
2013-08-06 16:40 - 2009-07-14 05:20 - 00000000 ____D C:\Users\Default
2013-08-06 16:38 - 2013-08-06 16:11 - 00000000 ____D C:\Windows\erdnt
2013-08-06 16:31 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-06 16:30 - 2013-08-06 10:45 - 00002260 _____ C:\Windows\PFRO.log
2013-08-06 16:29 - 2009-07-14 04:34 - 76283904 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-08-06 16:29 - 2009-07-14 04:34 - 22282240 _____ C:\Windows\system32\config\SYSTEM.bak
2013-08-06 16:29 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-08-06 16:29 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-08-06 16:29 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2013-08-06 16:11 - 2013-08-06 16:13 - 05100695 ____R (Swearware) C:\Users\And\Desktop\ComboFix.exe
2013-08-06 16:11 - 2013-08-06 16:11 - 05100695 ____R (Swearware) C:\Users\And\Downloads\ComboFix.exe
2013-08-06 15:56 - 2010-02-28 16:16 - 00000125 ___SH C:\ProgramData\.zreglib
2013-08-06 15:49 - 2013-08-06 01:11 - 00026579 _____ C:\Users\And\Downloads\Addition.txt
2013-08-06 15:36 - 2009-11-05 05:32 - 00000000 ____D C:\Program Files (x86)\Acer GameZone
2013-08-06 15:35 - 2011-03-01 15:42 - 00000000 ____D C:\Users\And\AppData\Roaming\Guitar Pro 6
2013-08-06 15:34 - 2012-12-12 22:52 - 00000000 ____D C:\Users\TigerBlade
2013-08-06 15:34 - 2011-03-25 23:15 - 00000000 ____D C:\Users\Andicore
2013-08-06 15:33 - 2012-12-12 23:22 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-08-06 15:26 - 2012-05-24 18:43 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-06 15:26 - 2012-05-24 18:41 - 00000000 ____D C:\Program Files\Adobe
2013-08-06 15:25 - 2009-11-05 02:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-06 15:23 - 2013-02-07 15:00 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-08-06 13:58 - 2012-10-11 15:21 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-08-06 13:57 - 2013-08-06 13:57 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64(1).exe
2013-08-06 10:21 - 2013-08-06 10:20 - 00001652 _____ C:\Users\And\Desktop\adwcleanert.txt
2013-08-06 10:16 - 2013-08-06 10:12 - 00001652 _____ C:\AdwCleaner[S5].txt
2013-08-06 09:50 - 2012-11-01 10:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-06 09:50 - 2012-11-01 10:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-06 04:17 - 2010-01-24 17:29 - 00663842 _____ C:\Windows\system32\perfh007.dat
2013-08-06 04:17 - 2010-01-24 17:29 - 00135078 _____ C:\Windows\system32\perfc007.dat
2013-08-06 04:17 - 2009-07-14 07:13 - 01547226 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-06 03:59 - 2009-11-05 05:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-06 02:59 - 2013-08-06 02:55 - 00004638 _____ C:\Windows\IE9_main.log
2013-08-06 02:42 - 2009-11-05 05:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-08-06 02:21 - 2009-07-14 04:34 - 00000510 _____ C:\Windows\win.ini
2013-08-06 01:17 - 2013-08-06 01:17 - 00000000 ____D C:\Windows\ERUNT
2013-08-06 01:16 - 2013-08-06 01:16 - 00003098 _____ C:\Windows\System32\Tasks\{3B137DB0-EE93-4304-A1D5-E1245BE95ABB}
2013-08-06 01:15 - 2013-08-06 01:15 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\And\Desktop\JRT.exe
2013-08-06 01:10 - 2013-08-06 01:10 - 00000000 ____D C:\FRST
2013-08-06 01:09 - 2013-08-06 01:09 - 01788685 _____ (Farbar) C:\Users\And\Downloads\FRST64.exe
2013-08-06 01:03 - 2013-08-06 00:48 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-06 01:02 - 2013-08-06 01:02 - 00001326 _____ C:\Windows\system32\.crusader
2013-08-06 00:49 - 2013-08-06 00:49 - 00001869 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-06 00:49 - 2013-08-06 00:49 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-06 00:48 - 2013-08-06 00:47 - 09853928 _____ (SurfRight B.V.) C:\Users\And\Downloads\HitmanPro_x64.exe
2013-08-06 00:38 - 2013-08-06 00:35 - 00001757 _____ C:\AdwCleaner[S4].txt
2013-08-06 00:29 - 2013-08-06 00:29 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 00:18 - 2013-08-04 22:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-06 00:16 - 2010-04-01 03:10 - 00001768 _____ C:\Windows\wininit.ini
2013-08-06 00:10 - 2013-08-06 00:10 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-06 00:10 - 2013-08-06 00:10 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-06 00:10 - 2013-08-06 00:10 - 00000000 ____D C:\Program Files\Java
2013-08-06 00:09 - 2013-08-06 00:08 - 33150376 _____ (Oracle Corporation) C:\Users\And\Downloads\jre-7u25-windows-x64.exe
2013-08-06 00:00 - 2010-03-24 16:00 - 00000000 ____D C:\Users\And\AppData\Local\Adobe
2013-08-05 23:59 - 2013-08-05 23:59 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-05 23:59 - 2009-11-05 02:38 - 00000000 ____D C:\ProgramData\Adobe
2013-08-05 23:55 - 2013-08-05 23:53 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-05 23:55 - 2013-08-05 23:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-05 23:32 - 2013-02-25 00:02 - 00482816 ___SH C:\Users\And\Desktop\Thumbs.db
2013-08-05 23:17 - 2011-10-16 02:41 - 00000000 ____D C:\Users\And\AppData\Roaming\Vso
2013-08-05 23:17 - 2010-09-02 01:53 - 00000000 ____D C:\Users\And\AppData\Roaming\Media Player Classic
2013-08-05 23:17 - 2010-02-18 12:22 - 00000000 ____D C:\Users\And\Tracing
2013-08-05 23:10 - 2012-12-13 14:44 - 00000000 ____D C:\Users\And\AppData\Local\CrashDumps
2013-08-05 23:10 - 2009-07-27 22:41 - 00000000 ____D C:\Windows\Panther
2013-08-05 23:00 - 2013-08-05 23:00 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-05 23:00 - 2013-08-05 23:00 - 00000786 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-05 23:00 - 2013-08-05 23:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-05 22:58 - 2013-08-05 22:58 - 04429440 _____ (Piriform Ltd) C:\Users\And\Downloads\ccsetup404.exe
2013-08-05 16:23 - 2013-08-05 16:22 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-05 15:14 - 2013-08-05 15:14 - 00000000 _____ C:\autoexec.bat
2013-08-05 14:33 - 2013-08-05 14:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-05 14:25 - 2013-08-05 14:25 - 05799944 _____ (ParetoLogic, Inc.) C:\Users\And\Downloads\RegCureProSetup_RW.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\And\Downloads\SpyHunter-Installer.exe
2013-08-05 14:25 - 2013-08-05 14:25 - 00001205 _____ C:\Users\And\Downloads\FixNCR.reg
2013-08-05 11:10 - 2013-08-05 11:10 - 00001545 _____ C:\AdwCleaner[S3].txt
2013-08-05 11:09 - 2013-08-05 11:07 - 00001483 _____ C:\AdwCleaner[R3].txt
2013-08-05 09:13 - 2010-02-15 13:11 - 00000000 ____D C:\Users\And\AppData\Roaming\U3
2013-08-05 01:58 - 2013-08-04 15:36 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-08-04 23:00 - 2013-08-04 22:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-04 23:00 - 2013-03-16 19:54 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-04 22:19 - 2013-08-04 22:19 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-04 22:18 - 2013-08-04 22:17 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\And\Downloads\spybotsd-2.1.21-SR2.exe
2013-08-04 20:09 - 2013-08-04 20:09 - 00001951 _____ C:\AdwCleaner[S2].txt
2013-08-04 20:09 - 2013-08-04 20:07 - 00001883 _____ C:\AdwCleaner[R2].txt
2013-08-04 20:02 - 2013-08-04 20:02 - 00052900 _____ C:\AdwCleaner[S1].txt
2013-08-04 20:01 - 2013-08-04 20:00 - 00193497 _____ C:\AdwCleaner[R1].txt
2013-08-04 19:59 - 2013-08-04 20:01 - 00666633 _____ C:\Users\And\Desktop\adwcleaner06.exe
2013-08-04 19:59 - 2013-08-04 19:59 - 00666633 _____ C:\Users\And\Downloads\adwcleaner06.exe
2013-08-04 18:10 - 2009-11-05 02:36 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-08-04 17:56 - 2012-10-19 09:50 - 00000000 ____D C:\Users\And\AppData\Roaming\Amazon
2013-08-04 17:56 - 2012-10-19 09:50 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-08-04 17:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-04 16:04 - 2013-08-04 16:04 - 00000116 _____ C:\Users\And\AppData\Roaming\wklnhst.dat
2013-08-04 16:04 - 2013-08-04 16:04 - 00000000 ____D C:\Users\And\AppData\Roaming\Template
2013-08-04 16:04 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-04 15:47 - 2013-08-04 15:35 - 00000000 ____D C:\Users\And\AppData\Roaming\Windows Net Data
2013-08-04 15:42 - 2009-07-14 06:45 - 05082032 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-04 15:38 - 2013-08-04 15:38 - 00010464 _____ C:\Windows\SysWOW64\sx_p2d.tlb
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\Users\And\Downloads\freepdf
2013-08-04 15:38 - 2013-08-04 15:38 - 00000000 ____D C:\SoftwareUpdater
2013-08-04 15:36 - 2010-02-12 21:31 - 00139336 _____ C:\Users\And\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-04 15:35 - 2010-02-12 21:32 - 00000000 ____D C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-04 15:32 - 2013-08-04 15:32 - 00444400 _____ C:\Users\And\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-04 11:34 - 2011-10-07 09:26 - 00000000 ____D C:\Users\And\Desktop\Andy Fotoordner
2013-08-04 10:25 - 2013-08-04 10:25 - 00000000 ____D C:\Users\And\AppData\Roaming\Avira
2013-08-04 10:20 - 2013-08-04 10:20 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-04 10:19 - 2013-08-04 10:19 - 00001998 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-04 10:18 - 2013-08-04 10:18 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-04 10:18 - 2011-03-25 23:27 - 00000000 ____D C:\ProgramData\Avira
2013-08-04 10:10 - 2013-08-04 10:18 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-04 10:10 - 2013-08-04 10:18 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-04 10:10 - 2013-08-04 10:18 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-03 02:19 - 2013-04-09 12:38 - 00000000 ____D C:\Users\And\AppData\Roaming\vlc
2013-08-02 02:39 - 2012-04-11 12:13 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-08-01 03:08 - 2013-08-04 15:36 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-01 01:10 - 2013-02-23 10:22 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-31 16:54 - 2012-11-01 10:23 - 00003332 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2466762564-940141292-4185495133-1000
2013-07-31 16:54 - 2012-11-01 10:23 - 00003194 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2466762564-940141292-4185495133-1000
2013-07-30 20:39 - 2013-07-30 20:39 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-30 20:26 - 2013-07-30 20:26 - 00000000 ____D C:\Users\TigerBlade\AppData\Roaming\Malwarebytes
2013-07-30 20:25 - 2012-12-12 23:07 - 00139336 _____ C:\Users\TigerBlade\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-30 15:31 - 2013-06-16 21:43 - 00000000 ____D C:\Users\And\Desktop\NEW PROG PROJECT
2013-07-30 12:57 - 2012-07-26 23:40 - 00000000 ____D C:\Users\And\Desktop\DIVERSES
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Roaming\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\Users\And\AppData\Local\www.rene-zeidler.de
2013-07-30 12:56 - 2013-07-30 12:56 - 00000000 ____D C:\ProgramData\www.rene-zeidler.de
2013-07-29 22:42 - 2011-07-21 06:44 - 00000000 ____D C:\Users\And\Desktop\Doros Welt
2013-07-29 21:48 - 2013-07-29 21:48 - 00003376 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-29 21:47 - 2013-07-29 21:47 - 00001324 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2013-07-29 21:47 - 2012-11-24 02:35 - 00000000 ____D C:\ProgramData\Freemake
2013-07-29 21:46 - 2013-07-29 21:46 - 01264816 _____ (Ellora Assets Corporation                                   ) C:\Users\And\Downloads\FreemakeAudioConverterSetup(1).exe
2013-07-29 21:28 - 2013-07-29 21:28 - 01111837 _____ (PolySoft Solutions                                          ) C:\Users\And\Downloads\FreeFLACToMP3Converter.exe
2013-07-29 21:25 - 2013-07-29 21:22 - 93548569 _____ C:\Users\And\Downloads\Rabentour2.zip
2013-07-29 19:02 - 2013-07-29 18:55 - 38760251 _____ C:\Users\And\Downloads\ffactory3_install [1].exe
2013-07-29 18:54 - 2013-07-29 18:54 - 00620896 _____ C:\Users\And\Downloads\ffactory3_install.exe
2013-07-29 18:34 - 2013-07-29 18:34 - 00001297 _____ C:\Users\And\Desktop\AVS4YOU Software Navigator.lnk
2013-07-29 18:34 - 2011-11-04 13:22 - 00000000 ____D C:\Users\And\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2013-07-29 18:34 - 2011-11-04 13:21 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-07-29 18:33 - 2013-07-29 18:32 - 46406640 _____ (Online Media Technologies Ltd.                              ) C:\Users\And\Downloads\avs-audio-converter_19024.exe
2013-07-29 16:27 - 2011-10-07 09:26 - 00000000 ____D C:\Users\And\Desktop\Andy neue Daten - WICHTIG
2013-07-29 12:49 - 2013-02-27 13:42 - 00000000 ____D C:\Users\And\Desktop\SOULSEEK-FILES
2013-07-29 11:20 - 2010-02-13 15:32 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-07-26 09:10 - 2013-07-26 09:10 - 00033692 _____ C:\Users\And\Downloads\masterplan_soulburn.gp4
2013-07-26 08:10 - 2013-07-26 08:09 - 00000000 ____D C:\Users\And\Desktop\Mastering
2013-07-24 11:47 - 2013-07-24 11:47 - 00408697 _____ C:\Users\And\Downloads\Outlook.zip
2013-07-23 23:57 - 2012-01-08 20:43 - 00001057 _____ C:\Users\And\AppData\Roaming\vso_ts_preview.xml
2013-07-23 22:05 - 2013-07-23 22:05 - 00000000 ____D C:\Users\And\Documents\My Stationery
2013-07-23 22:03 - 2013-07-23 22:03 - 00009258 _____ C:\Users\And\Downloads\Delivery Status Notification (Failure).zip
2013-07-22 21:17 - 2013-07-21 20:09 - 00000000 _____ C:\ProgramData\g252qs.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00002731 _____ C:\ProgramData\ininolej.js
2013-07-21 20:09 - 2013-07-21 20:09 - 00001011 _____ C:\ProgramData\sdaksda.txt
2013-07-21 20:09 - 2013-07-21 20:09 - 00000154 _____ C:\ProgramData\ininolej.reg
2013-07-21 20:09 - 2013-07-21 20:09 - 00000059 _____ C:\ProgramData\ininolej.bat
2013-07-15 12:41 - 2012-04-25 00:03 - 00000000 ____D C:\Users\And\AppData\Roaming\Mp3tag
2013-07-14 21:55 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-13 00:01 - 2013-02-23 10:21 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 00:01 - 2013-02-23 10:21 - 00003848 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 18:50 - 2013-07-12 18:50 - 00614400 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar.part
2013-07-12 18:50 - 2013-07-12 18:50 - 00000000 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9(1).rar
2013-07-11 14:08 - 2013-07-11 13:48 - 60423352 _____ C:\Users\And\Downloads\The_xx-Coexist-2012-pLAN9.rar
2013-07-09 15:49 - 2013-07-09 15:49 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-07 12:55 - 2012-06-14 21:55 - 00000156 _____ C:\Windows\Twunk001.MTX
2013-07-07 12:55 - 2012-06-14 21:55 - 00000004 _____ C:\Windows\Twain001.Mtx

Files to move or delete:
====================
C:\ProgramData\ininolej.bat
C:\ProgramData\ininolej.reg
C:\ProgramData\wavav0bdtzbtb43b.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-05 14:16

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2013
Ran by And at 2013-08-06 22:26:51
Running from C:\Users\And\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Acer Arcade Deluxe (x32 Version: 3.0.7112)
Acer Backup Manager (x32 Version: 2.0.0.29)
Acer Crystal Eye Webcam (x32 Version: 5.2.9.3)
Acer ePower Management (x32 Version: 4.05.3004)
Acer eRecovery Management (x32 Version: 4.05.3005)
Acer GameZone Console (x32 Version: 5.1.0.2)
Acer GridVista (x32 Version: 3.01.0730)
Acer Registration (x32 Version: 1.02.3006)
Acer ScreenSaver (x32 Version: 1.7.0715)
Acer Updater (x32 Version: 1.01.3017)
Acer VCM (x32 Version: 4.05.3000)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 3.2.0.2070)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Photoshop 7.0 (x32 Version: 7.0)
Adobe Photoshop Lightroom 4 64-bit (Version: 4.0.1)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005)
ALPS Touch Pad Driver (Version: 7.105.2015.1105)
Apple Application Support (x32 Version: 2.3)
ARAX Disk Doctor Data Recovery (x32)
ATI Catalyst Install Manager (Version: 3.0.754.0)
AutoFriend (x32 Version: 4.00.0449)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
AviSynth 2.5 (x32)
AVS Update Manager 1.0 (x32)
AVS Video Converter 8 (x32)
AVS4YOU Software Navigator 1.4 (x32)
AVStoDVD 2.4.1 (x32 Version: 2.4.1)
Backup Manager Basic (x32 Version: 2.0.0.29)
Battle.net (x32)
Broadcom Gigabit NetLink Controller (Version: 12.33.03)
BrowseToSave (Version: 1.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center Graphics Full New (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center Graphics Light (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center InstallProxy (x32 Version: 2009.1209.2335.42329)
Catalyst Control Center Localization All (x32 Version: 2009.1209.2335.42329)
CCC Help Chinese Standard (x32 Version: 2009.1209.2334.42329)
CCC Help Chinese Traditional (x32 Version: 2009.1209.2334.42329)
CCC Help Czech (x32 Version: 2009.1209.2334.42329)
CCC Help Danish (x32 Version: 2009.1209.2334.42329)
CCC Help Dutch (x32 Version: 2009.1209.2334.42329)
CCC Help English (x32 Version: 2009.1209.2334.42329)
CCC Help Finnish (x32 Version: 2009.1209.2334.42329)
CCC Help French (x32 Version: 2009.1209.2334.42329)
CCC Help German (x32 Version: 2009.1209.2334.42329)
CCC Help Greek (x32 Version: 2009.1209.2334.42329)
CCC Help Hungarian (x32 Version: 2009.1209.2334.42329)
CCC Help Italian (x32 Version: 2009.1209.2334.42329)
CCC Help Japanese (x32 Version: 2009.1209.2334.42329)
CCC Help Korean (x32 Version: 2009.1209.2334.42329)
CCC Help Norwegian (x32 Version: 2009.1209.2334.42329)
CCC Help Polish (x32 Version: 2009.1209.2334.42329)
CCC Help Portuguese (x32 Version: 2009.1209.2334.42329)
CCC Help Russian (x32 Version: 2009.1209.2334.42329)
CCC Help Spanish (x32 Version: 2009.1209.2334.42329)
CCC Help Swedish (x32 Version: 2009.1209.2334.42329)
CCC Help Thai (x32 Version: 2009.1209.2334.42329)
CCC Help Turkish (x32 Version: 2009.1209.2334.42329)
ccc-core-static (x32 Version: 2009.1209.2335.42329)
ccc-utility64 (Version: 2009.1209.2335.42329)
CDBurnerXP (Version: 4.3.8.2631)
CDisplay 1.8 (x32)
CloneDVD 4.1.0.23 (x32)
CloneDVD2 (x32)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
ContentSAFER (x32)
ConvertXtoDVD 4.1.2.336 (x32 Version: 4.1.2.336)
Doxillion Document Converter (x32)
Dream Day First Home (x32)
Dropbox (HKCU Version: 2.0.22)
DVD Decrypter (Remove Only) (x32)
DVDFab 8.2.1.5 (10/10/2012) Qt
eaner (Version: 4.04)
eBay Worldwide (x32 Version: 2.1.0901)
Free CD to MP3 Converter (x32)
Free DVD Decrypter version 1.5.6.908 (x32 Version: 1.5.6.908)
Free M4a to MP3 Converter 7.1 (x32)
Free MKV Video2Dvd 3.30 (x32)
Free Video Converter V 2.7 (x32 Version: 2.7.0.0)
Free WAV to MP3 Converter (x32 Version: 1.0)
Freemake Audio Converter Version 1.1.0 (x32 Version: 1.1.0)
Google Chrome (x32 Version: 28.0.1500.95)
Google Update Helper (x32 Version: 1.3.21.153)
Haali Media Splitter (x32)
High-Logic FontCreator 6.0 (x32)
HitmanPro 3.7 (Version: 3.7.7.203)
HomeTab 3.7 (x32 Version: 3.7)
Identity Card (x32 Version: 1.00.3003)
ImgBurn (x32 Version: 2.5.5.0)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel® Matrix Storage Manager
IPTInstaller (x32 Version: 4.0.4)
IVM Answering Attendant (x32)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 9 (x32 Version: 7.0.90)
Java Auto Updater (x32 Version: 2.1.9.0)
Java(TM) 6 Update 37 (x32 Version: 6.0.370)
JDownloader (x32 Version: 0.89)
Junk Mail filter update (x32 Version: 14.0.8089.726)
kikin Plugin (NO23 Edition) 1.11 (x32 Version: 1.11)
Launch Manager (x32 Version: 3.0.05)
Linkury Smartbar (x32 Version: 1.6.1.835)
LSI HDA Modem (Version: 2.2.98)
Magic Bullet Suite 64-bit (Version: 11.4.1)
Magic Bullet Suite 64-bit (x32 Version: 11.4.1)
Magic ISO Maker v5.5 (build 0281) (x32)
MAGIX Foto Clinic 4.5 (D) (x32 Version: 4.5.8.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Messer v0.992 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Language Pack 2007 - German/Deutsch (x32 Version: 12.0.6612.1000)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32)
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Word 2000 (x32 Version: 9.00.2816)
Microsoft Works (x32 Version: 9.7.0621)
MixMeister BPM Analyzer 1.0 (x32)
MKVtoolnix 4.9.1 (x32 Version: 4.9.1)
Monkey's Audio (x32)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mp3tag v2.51 (x32 Version: v2.51)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyVideoConverter 2.405 (x32 Version: 2.405)
MyWinLocker (x32 Version: 3.1.76.0)
Nero 7 Ultra Edition (x32 Version: 7.02.0936)
NJStar Chinese WP (x32 Version: 5.30)
No23 Recorder (x32 Version: 2.1.0.3)
Norton Online Backup (x32 Version: 1.2.0.36)
NTI Backup Now 5 (x32 Version: 5.1.2.627)
NTI Backup Now Standard (x32 Version: 5.1.2.627)
NTI Media Maker 8 (x32 Version: 8.0.12.6623)
Opera 11.51 (x32 Version: 11.51)
Paint.NET v3.5.10 (Version: 3.60.0)
PandoraRecovery (Remove Only) (x32)
PC Inspector File Recovery (x32 Version: 4.0)
PCSX2 - Playstation 2 Emulator (x32)
PDF24 Creator 4.9.0 (x32)
PhotoScape (x32)
PrimaScan 2400U (x32)
Project64 1.6 (x32 Version: 1.6)
QuickTime (x32 Version: 7.73.80.64)
Real Alternative 2.0.2 (x32 Version: 2.0.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32 Version: 15.0.6)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Recuva (Version: 1.39)
Revo Uninstaller 1.94 (x32 Version: 1.94)
Roadkil's Unstoppable Copier Version 5.2 (x32)
Sony Ericsson PC Companion 1.60.13 (x32 Version: 1.60.13)
Sony Ericsson Update Service (x32 Version: 2.11.7.13)
SoulSeek 157 NS 13e (x32)
Stamp ID3 Tag Editor (x32)
StuffIt Expander 2011 (Version: 15.0.1.17)
Super Luigi (x32)
Super Mario Combat (x32)
SWFPlayer 2.6.2.0 (x32 Version: 2.6.2.0)
Ultimate Sonic (x32)
UltraISO Premium V9.53 (x32)
Uninstall 1.0.0.1 (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0)
VLC media player 2.0.5 (Version: 2.0.5)
WaveLab 6 (x32 Version: 6.1.1.353)
Welcome Center (x32 Version: 1.00.3008)
Western Railway 3D Screensaver 1.0 (x32 Version: 1.0)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows Utils (x32)
WinISO (x32 Version: 6.2.0.4561)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001)
WinRAR
XSManager (x32 Version: 3.0)

==================== Restore Points  =========================

06-08-2013 14:46:26 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-02-07 16:31 - 00000944 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activation.cloud.techsmith.com
127.0.0.1 lmlicenses.wip4.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {1CD23554-B33D-46FF-916C-325F9F27F1CA} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2466762564-940141292-4185495133-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {26185D45-5F8C-4C0D-B0BB-63D41852AF5D} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe No File
Task: {2A2C732F-C72B-4977-BC8C-ED4D3B8B0DF0} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2012-06-25] ()
Task: {45714E99-785A-432C-A713-6842350135FD} - System32\Tasks\NCH Swift Sound\ivmShakeIcon => C:\Program Files (x86)\NCH Swift Sound\IVM\IVM.exe [2011-01-03] (NCH Software)
Task: {463FC5CA-DEBB-44CD-BB16-5F371308683D} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File
Task: {58855AB7-D989-4402-B41C-906C98816BAC} - System32\Tasks\BrowserDefendert => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation)
Task: {63C53241-09EA-4F28-AE0F-A4396E9440FA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2466762564-940141292-4185495133-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {6A7F103C-4524-4BC0-8764-3D7A5A14F726} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe No File
Task: {97644A33-D20B-4900-B503-56C6D96752BF} - System32\Tasks\EPUpdater => C:\Users\And\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File
Task: {A238C6CC-6F3B-4D21-866B-38FC99EAE2BF} - System32\Tasks\DealPly => C:\Users\And\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE No File
Task: {A4342C0D-B7D6-4CEE-9621-9B6CEC5279C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.)
Task: {ABDF708E-3A66-4B3F-A63C-383F08C48EB5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {AD4643DF-A225-4F86-8E54-0DB89C6426DA} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe No File
Task: {AF61EF2A-880F-4659-8AA3-7D11152B6A37} - System32\Tasks\NCH Software\StampReminder => C:\Program Files (x86)\NCH Software\Stamp\Stamp.exe [2012-06-02] (NCH Software)
Task: {B25AA450-1194-4CFA-95C8-91284517A395} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {B2EC01C0-68F2-4523-8374-84CBEC6E8AE6} - \Browser Updater\Browser Updater No Task File
Task: {C7D66695-B35A-40CB-A5F0-09540CBA3B53} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe No File
Task: {D2998863-EAE5-4B9E-9913-B17B7FAA996F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.)
Task: {E3C4397C-658D-45B8-8BA6-434F5065DC97} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: pcouffin device ...
Description: pcouffin device ...
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (08/06/2013 10:18:56 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (08/06/2013 10:16:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PPDevice" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (08/06/2013 10:16:02 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ppsio2.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/06/2013 10:15:48 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎06.‎08.‎2013 um 22:14:09 unerwartet heruntergefahren.

Error: (08/06/2013 09:58:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800705b4 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2644615)


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-08-06 16:27:02.535
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-06 16:27:02.488
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 60%
Total physical RAM: 3956.5 MB
Available physical RAM: 1562.5 MB
Total Pagefile: 7911.15 MB
Available Pagefile: 5478.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:286.27 GB) (Free:5.65 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 5CCE5CCE)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 06.08.2013, 23:33

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

ShortcutTarget: net.lnk -> C:\Users\And\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
Toolbar: HKLM-x32 - HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\And\AppData\Roaming\HomeTab\HomeTab.dll No File
FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] C:\Users\And\AppData\Roaming\13001.023
C:\ProgramData\ininolej.bat
C:\ProgramData\ininolej.reg
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\ProgramData\g252qs.txt
C:\ProgramData\ininolej.js
C:\ProgramData\sdaksda.txt
C:\ProgramData\ininolej.reg
C:\ProgramData\ininolej.bat
C:\Users\And\AppData\Roaming\13001.023
C:\Users\And\AppData\Roaming\HomeTab
C:\Users\And\AppData\Roaming\Windows Net Data

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

06.08.2013, 14:42	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malware http://www_getwindowinfo/ läßt sich nicht entfernen ja, neues Log mit FRST bittre __________________ Logfiles bitte immer in CODE-Tags posten

Malware http://www_getwindowinfo/ läßt sich nicht entfernen

Log-Analyse und Auswertung: Malware http://www_getwindowinfo/ läßt sich nicht entfernen