| |
| |||||||
Log-Analyse und Auswertung: Virus - DKB Konto ausgespäht - Entrusted ToolbarWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.08.2013, 02:13
| #1 |
| |  Virus - DKB Konto ausgespäht - Entrusted Toolbar Hey Leute, ich brauch eure hilfe! ich befinde mich momentan in san diego, california wegen meines auslandssemesters. muss hier viel mit kreditkarte machen, deswegen bin ich oft im internet banking aktiv. nun folgendes problem: ich erhielt vorgestern morgen eine email von der deutschen kreditbank bei der ich mein konto habe, in dere mit mitgeteilt wurde, dass mein konto ausgespäht wurde. ich solle nun meinen rechner von einem it fachmann checken lassen etc. . man brauch gar nicht drumherum reden, ich war naiv und hab total vergessen mein abonemment zu verlängern bei mcaffee, hab meinen laptop neu (ultrabook asus i5 prozessor) und nun das! ich bin sehr verzweifelt, da ich nichts hier habe um den laptop zu formatieren oder sonst was. ich erhielt auch bei facebook auf einmal eine nachricht von einer dorcas peterson, war eine fake nachricht nur frag ich mich wieso die nachricht genau mich trifft. alles in diesem zeitraum in dem das mit meinem konto so von statten gegangen ist. außerdem hab ich seit dem die entrusted toolbar in meinem browser, wo auch immer der her kommt. ab und zu öffnen sich auch seiten in denen ich aufgefordert werde, eine media file zu installieren. habe eure schritte befolgt und die logfiles gespeichert, alle drei. ich hoffe ihr könnt mir helfen! |
|
15.08.2013, 07:52
| #2 | |
| /// the machine /// TB-Ausbilder    | Virus - DKB Konto ausgespäht - Entrusted Toolbar hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
15.08.2013, 10:27
| #3 |
| | Virus - DKB Konto ausgespäht - Entrusted Toolbar FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013 01
Ran by Dogan (administrator) on 14-08-2013 22:50:28
Running from C:\Users\Dogan\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Facebook Inc.) C:\Users\Dogan\AppData\Local\Facebook\Update\FacebookUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\mcuihost.exe
() C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
() C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-31] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] - "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe" [x]
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2864528 2012-08-20] (ELAN Microelectronics Corp.)
HKLM-x32\...\Runonce: [Del2392484] - cmd.exe /Q /D /c del "C:\Users\Dogan\AppData\Local\Temp\0.del" [x]
HKCU\...\Run: [Spotify Web Helper] - C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2012-09-26] ()
HKCU\...\Run: [Facebook Update] - C:\Users\Dogan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-24] (Facebook Inc.)
HKCU\...\Run: [NTRedirect] - C:\Users\Dogan\AppData\Roaming\BabSolution\Shared\NTRedirect.dll [127472 2013-08-04] () <===== ATTENTION
HKCU\...\Runonce: [Del2392484] - cmd.exe /Q /D /c del "C:\Users\Dogan\AppData\Local\Temp\0.del" [x]
MountPoints2: {a7b55ff9-fbcf-11e2-be86-689423302c16} - "F:\SETUP.EXE"
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] - [x]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [527864 2012-12-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKU\Default\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-08-21] (Acer Incorporated)
HKU\Default User\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-08-21] (Acer Incorporated)
AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll [2691536 2013-07-26] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=928A689423302C16&affID=119351&tt=110813_YTB&tsp=4974
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=928A689423302C16&affID=119351&tt=110813_YTB&tsp=4974
SearchScopes: HKLM - {4C6FA4B0-59D7-444A-A008-F5C32E0E4335} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {4C6FA4B0-59D7-444A-A008-F5C32E0E4335} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=928A689423302C16&affID=119351&tt=110813_YTB&tsp=4974
SearchScopes: HKCU - {4C6FA4B0-59D7-444A-A008-F5C32E0E4335} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: LyricXeeker - {13335f44-0a13-4f05-ac0e-50c6fed838ea} - C:\Program Files (x86)\LyriXeeker\126.dll (LyricXeeker)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TopArcadeHits Games - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\Dogan\AppData\Local\TopArcadeHits\Toparcadehits.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR HomePage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=928A689423302C16&affID=119351&tt=110813_YTB&tsp=4974
CHR RestoreOnStartup: "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=928A689423302C16&affID=119351&tt=110813_YTB&tsp=4974"
CHR DefaultSearchURL: (Conduit) - hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN73790641515421263&ctid=CT3281675&UM=2
CHR DefaultSuggestURL: (Conduit) - hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN73790641515421263&UM=2
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Dogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Extension: (Delta Toolbar) - C:\Users\Dogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0
CHR Extension: (LyricXeeker) - C:\Users\Dogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\epojlgbehpaeekopencdagbdamnkppci\1.126_0
CHR Extension: () - C:\Users\Dogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0
CHR Extension: (entrusted) - C:\Users\Dogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk\10.16.100.504_0
CHR Extension: (Gmail) - C:\Users\Dogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Dogan\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [epojlgbehpaeekopencdagbdamnkppci] - C:\Program Files (x86)\LyriXeeker\126.crx
CHR HKLM-x32\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\Dogan\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx
==================== Services (Whitelisted) =================
S2 0005281376503724mcinstcleanup; C:\Users\Dogan\AppData\Local\Temp\000528~1.EXE [833616 2013-01-30] (McAfee, Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2847696 2013-07-26] ()
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated)
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-26] (Dritek System INC.)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
S4 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [x]
S4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [x]
S2 mfevtp; "C:\windows\system32\mfevtps.exe" [x]
==================== Drivers (Whitelisted) ====================
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [104960 2012-07-07] (ASIX Electronics Corp.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-08-05] (DT Soft Ltd)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-21] (Intel Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-26] (Dritek System Inc.)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [50128 2012-12-10] (Cisco Systems, Inc.)
S0 cfwids; system32\drivers\cfwids.sys [x]
S0 mfeapfk; system32\drivers\mfeapfk.sys [x]
R0 mfeavfk; system32\drivers\mfeavfk.sys [x]
U3 mfeavfk01; No ImagePath
S0 mfeelamk; system32\drivers\mfeelamk.sys [x]
S0 mfefirek; system32\drivers\mfefirek.sys [x]
R0 mfehidk; system32\drivers\mfehidk.sys [x]
S0 mferkdet; system32\drivers\mferkdet.sys [x]
R0 mfewfpk; system32\drivers\mfewfpk.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-14 22:50 - 2013-08-14 22:50 - 00000000 ____D C:\FRST
2013-08-14 22:49 - 2013-08-14 22:49 - 01575570 _____ (Farbar) C:\Users\Dogan\Downloads\FRST64.exe
2013-08-14 22:49 - 2013-08-14 22:49 - 00000542 _____ C:\Users\Dogan\Downloads\defogger_disable.log
2013-08-14 22:49 - 2013-08-14 22:49 - 00000168 _____ C:\Users\Dogan\defogger_reenable
2013-08-14 22:48 - 2013-08-14 22:48 - 00050477 _____ C:\Users\Dogan\Downloads\Defogger.exe
2013-08-14 20:16 - 2013-08-14 20:16 - 00003434 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-08-14 20:16 - 2013-08-14 20:16 - 00003382 _____ C:\Windows\System32\Tasks\EPUpdater
2013-08-14 20:16 - 2013-08-14 20:16 - 00003112 _____ C:\Windows\System32\Tasks\TopArcadeHits
2013-08-14 20:16 - 2013-08-14 20:16 - 00000276 _____ C:\Windows\Tasks\TopArcadeHits.job
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Yahoo!
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Mozilla
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\BabSolution
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Local\TopArcadeHits
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\ProgramData\Yahoo!
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-08-14 20:15 - 2013-08-14 20:15 - 00714352 _____ C:\Users\Dogan\Downloads\ZipOpenerSetup.exe
2013-08-14 20:15 - 2013-08-14 20:15 - 00002636 _____ C:\Windows\System32\Tasks\DSite
2013-08-14 20:15 - 2013-08-14 20:15 - 00001118 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-08-14 20:15 - 2013-08-14 20:15 - 00000390 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-08-14 20:15 - 2013-08-14 20:15 - 00000298 _____ C:\Windows\Tasks\DSite.job
2013-08-14 20:15 - 2013-08-14 20:15 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\DSite
2013-08-14 20:15 - 2013-08-14 20:15 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Babylon
2013-08-14 20:15 - 2013-08-14 20:15 - 00000000 ____D C:\ProgramData\Babylon
2013-08-14 20:15 - 2013-08-14 20:15 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-08-14 20:15 - 2013-08-14 20:15 - 00000000 ____D C:\Program Files (x86)\LyriXeeker
2013-08-14 19:40 - 2013-08-14 19:41 - 02092792 _____ C:\Users\Dogan\Downloads\avira_free_antivirus.exe
2013-08-13 07:16 - 2013-08-13 07:20 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-08-13 07:14 - 2013-08-13 07:14 - 02365840 _____ C:\Users\Dogan\Downloads\SecurityTaskManager_Setup.exe
2013-08-13 07:14 - 2013-08-13 07:14 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2013-08-13 07:07 - 2013-08-13 07:07 - 00000000 ____D C:\Users\Dogan\Downloads\backups
2013-08-13 07:01 - 2013-08-13 07:07 - 00015833 _____ C:\Users\Dogan\Downloads\hijackthis.log
2013-08-13 07:01 - 2013-08-13 07:01 - 00015922 _____ C:\Users\Dogan\Desktop\hijackthis.log
2013-08-13 06:59 - 2013-08-13 06:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dogan\Downloads\HiJackThis204 (1).exe
2013-08-13 06:57 - 2013-08-13 06:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dogan\Downloads\HiJackThis204.exe
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Windows\PCHEALTH
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-08-05 21:40 - 2013-08-05 21:40 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-08-05 21:39 - 2013-08-05 21:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-08-05 21:38 - 2013-08-14 20:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-05 21:38 - 2013-08-05 21:38 - 00000000 ____D C:\Users\Dogan\AppData\Local\Microsoft Help
2013-08-05 21:38 - 2013-08-05 21:38 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-05 21:38 - 2013-08-05 21:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-08-05 21:37 - 2013-08-05 21:37 - 00000000 __RHD C:\MSOCache
2013-08-05 21:36 - 2013-08-05 21:37 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\DAEMON Tools Lite
2013-08-05 21:36 - 2013-08-05 21:36 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-08-05 21:36 - 2013-08-05 21:36 - 00001958 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-08-05 21:36 - 2013-08-05 21:36 - 00000009 _____ C:\END
2013-08-05 21:36 - 2013-08-05 21:36 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\OpenCandy
2013-08-05 21:36 - 2013-08-05 21:36 - 00000000 ____D C:\Users\Dogan\AppData\Local\CRE
2013-08-05 21:36 - 2013-08-05 21:36 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-08-05 21:36 - 2013-08-05 21:36 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-08-05 21:35 - 2013-08-05 21:37 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-08-05 21:34 - 2013-08-05 21:35 - 13901152 _____ (Disc Soft Ltd) C:\Users\Dogan\Downloads\DTLite4471-0333.exe
2013-08-05 20:09 - 2013-08-05 20:25 - 820998144 _____ C:\Users\Dogan\Downloads\OfficeProfessionalPlus_x64_de-de.img
2013-08-05 20:02 - 2013-08-14 19:38 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2013-08-05 20:02 - 2013-08-14 19:36 - 00000286 _____ C:\Windows\Tasks\AutoKMS.job
2013-08-05 20:02 - 2013-08-05 21:49 - 00000000 ____D C:\Windows\AutoKMS
2013-08-04 21:09 - 2013-08-04 21:09 - 00000000 ____D C:\Users\Dogan\Neuer Ordner (2)
2013-08-04 21:09 - 2013-08-04 21:09 - 00000000 ____D C:\Users\Dogan\Neuer Ordner
2013-08-04 16:42 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-08-04 16:42 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-08-04 16:42 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-08-04 16:42 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-04 16:42 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-08-04 16:42 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-08-04 16:42 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-04 16:42 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-08-04 16:42 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-08-04 16:42 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-08-04 16:42 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-08-04 16:42 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2013-08-04 16:42 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-08-04 16:42 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-08-04 16:42 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-08-04 16:42 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-08-04 16:42 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-04 16:42 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-04 16:42 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2013-08-04 16:42 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2013-08-04 16:42 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-08-04 16:42 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2013-08-04 16:42 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2013-08-04 16:42 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2013-08-04 16:42 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2013-08-04 16:42 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2013-08-04 16:42 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-08-04 16:42 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2013-08-04 16:42 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2013-08-04 16:42 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-08-04 16:42 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-08-04 16:42 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-08-04 16:42 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-08-04 16:42 - 2013-05-20 02:08 - 00386642 _____ C:\Windows\system32\ApnDatabase.xml
2013-08-04 16:41 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-08-03 02:00 - 2013-08-05 21:48 - 00454064 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-24 23:22 - 2013-07-24 23:22 - 00955256 _____ C:\Users\Dogan\Downloads\[ Kein Betreff ].eml
2013-07-15 10:57 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-15 10:57 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-15 10:56 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-15 10:56 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-15 10:56 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-15 10:56 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-15 10:56 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-15 10:56 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-15 10:56 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-15 10:56 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-15 10:56 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-15 10:56 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-15 10:56 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-15 10:56 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-15 10:56 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-15 10:56 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-15 10:56 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-15 10:56 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-15 10:56 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-15 10:56 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-15 10:56 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-15 10:56 - 2013-05-31 01:14 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-15 10:56 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-15 10:56 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-15 10:50 - 2013-05-16 00:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-07-15 10:46 - 2013-07-15 10:46 - 00000000 ____D C:\Users\Dogan\AppData\Local\Cisco
2013-07-15 10:46 - 2013-07-15 10:46 - 00000000 ____D C:\ProgramData\Cisco
2013-07-15 10:46 - 2013-07-15 10:46 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-15 10:46 - 2012-12-10 15:00 - 00112080 ____R (Cisco Systems, Inc.) C:\Windows\system32\Drivers\acsock64.sys
2013-07-15 10:45 - 2013-07-15 10:45 - 02719064 _____ (Cisco Systems, Inc.) C:\Users\Dogan\Downloads\anyconnect-win-3.0.11042-web-deploy-k9.exe
2013-07-15 10:43 - 2013-07-15 10:43 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-15 10:43 - 2013-07-15 10:43 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-15 10:43 - 2013-07-15 10:43 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-15 10:43 - 2013-07-15 10:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-15 10:43 - 2013-07-15 10:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-15 10:43 - 2013-07-15 10:43 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-15 10:43 - 2013-07-15 10:43 - 00000000 ____D C:\ProgramData\Sun
2013-07-15 10:43 - 2013-07-15 10:43 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-15 10:41 - 2013-07-15 10:41 - 00903080 _____ (Oracle Corporation) C:\Users\Dogan\Downloads\chromeinstall-7u25.exe
2013-07-15 01:27 - 2013-07-15 01:27 - 00440943 _____ C:\Users\Dogan\Downloads\VLDiagnostik1_1_SS13 (1).pptx
2013-07-15 01:27 - 2013-07-15 01:27 - 00158680 _____ C:\Users\Dogan\Downloads\Grundlagen_der_psychologischen_Diagnostik-Neue_Dokumente.zip
==================== One Month Modified Files and Folders =======
2013-08-14 22:50 - 2013-08-14 22:50 - 00000000 ____D C:\FRST
2013-08-14 22:49 - 2013-08-14 22:49 - 01575570 _____ (Farbar) C:\Users\Dogan\Downloads\FRST64.exe
2013-08-14 22:49 - 2013-08-14 22:49 - 00000542 _____ C:\Users\Dogan\Downloads\defogger_disable.log
2013-08-14 22:49 - 2013-08-14 22:49 - 00000168 _____ C:\Users\Dogan\defogger_reenable
2013-08-14 22:49 - 2013-05-26 12:12 - 00000000 ____D C:\Users\Dogan
2013-08-14 22:48 - 2013-08-14 22:48 - 00050477 _____ C:\Users\Dogan\Downloads\Defogger.exe
2013-08-14 22:48 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-08-14 20:27 - 2013-05-29 16:11 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-14 20:16 - 2013-08-14 20:16 - 00003434 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-08-14 20:16 - 2013-08-14 20:16 - 00003382 _____ C:\Windows\System32\Tasks\EPUpdater
2013-08-14 20:16 - 2013-08-14 20:16 - 00003112 _____ C:\Windows\System32\Tasks\TopArcadeHits
2013-08-14 20:16 - 2013-08-14 20:16 - 00000276 _____ C:\Windows\Tasks\TopArcadeHits.job
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Yahoo!
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Mozilla
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\BabSolution
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Local\TopArcadeHits
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\ProgramData\Yahoo!
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-08-14 20:16 - 2013-05-29 14:53 - 00000000 ____D C:\Users\Dogan\AppData\Local\CrashDumps
2013-08-14 20:15 - 2013-08-14 20:15 - 00714352 _____ C:\Users\Dogan\Downloads\ZipOpenerSetup.exe
2013-08-14 20:15 - 2013-08-14 20:15 - 00002636 _____ C:\Windows\System32\Tasks\DSite
2013-08-14 20:15 - 2013-08-14 20:15 - 00001118 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-08-14 20:15 - 2013-08-14 20:15 - 00000390 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-08-14 20:15 - 2013-08-14 20:15 - 00000298 _____ C:\Windows\Tasks\DSite.job
2013-08-14 20:15 - 2013-08-14 20:15 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\DSite
2013-08-14 20:15 - 2013-08-14 20:15 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Babylon
2013-08-14 20:15 - 2013-08-14 20:15 - 00000000 ____D C:\ProgramData\Babylon
2013-08-14 20:15 - 2013-08-14 20:15 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-08-14 20:15 - 2013-08-14 20:15 - 00000000 ____D C:\Program Files (x86)\LyriXeeker
2013-08-14 20:10 - 2012-09-01 22:32 - 00000000 ____D C:\ProgramData\McAfee
2013-08-14 20:10 - 2012-09-01 22:32 - 00000000 ____D C:\Program Files\mcafee
2013-08-14 20:09 - 2012-07-26 10:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-08-14 20:06 - 2013-05-29 16:11 - 00000000 ____D C:\Users\Dogan\AppData\Local\Google
2013-08-14 20:06 - 2013-05-29 16:11 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-14 20:01 - 2013-08-05 21:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 19:58 - 2013-05-28 15:19 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-08-14 19:41 - 2013-08-14 19:40 - 02092792 _____ C:\Users\Dogan\Downloads\avira_free_antivirus.exe
2013-08-14 19:38 - 2013-08-05 20:02 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2013-08-14 19:36 - 2013-08-05 20:02 - 00000286 _____ C:\Windows\Tasks\AutoKMS.job
2013-08-14 19:36 - 2013-05-29 16:11 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-14 19:36 - 2012-08-03 19:14 - 00022616 _____ C:\Windows\PFRO.log
2013-08-14 19:36 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-13 07:20 - 2013-08-13 07:16 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-08-13 07:14 - 2013-08-13 07:14 - 02365840 _____ C:\Users\Dogan\Downloads\SecurityTaskManager_Setup.exe
2013-08-13 07:14 - 2013-08-13 07:14 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2013-08-13 07:07 - 2013-08-13 07:07 - 00000000 ____D C:\Users\Dogan\Downloads\backups
2013-08-13 07:07 - 2013-08-13 07:01 - 00015833 _____ C:\Users\Dogan\Downloads\hijackthis.log
2013-08-13 07:01 - 2013-08-13 07:01 - 00015922 _____ C:\Users\Dogan\Desktop\hijackthis.log
2013-08-13 06:59 - 2013-08-13 06:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dogan\Downloads\HiJackThis204 (1).exe
2013-08-13 06:59 - 2013-05-26 12:13 - 00000000 ____D C:\Users\Dogan\AppData\Local\VirtualStore
2013-08-13 06:57 - 2013-08-13 06:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dogan\Downloads\HiJackThis204.exe
2013-08-13 06:54 - 2012-09-27 00:28 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-08-13 06:54 - 2012-09-27 00:28 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-08-13 06:54 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-13 06:53 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-08-12 21:06 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-08-12 18:51 - 2013-05-26 12:12 - 01591743 _____ C:\Windows\WindowsUpdate.log
2013-08-11 21:57 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-11 21:52 - 2013-05-29 09:33 - 00167936 ___SH C:\Users\Dogan\Desktop\Thumbs.db
2013-08-11 06:10 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-08-05 22:03 - 2013-05-28 15:22 - 00000000 ____D C:\Users\Dogan\AppData\Local\Deployment
2013-08-05 21:49 - 2013-08-05 20:02 - 00000000 ____D C:\Windows\AutoKMS
2013-08-05 21:48 - 2013-08-03 02:00 - 00454064 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-05 21:43 - 2012-09-01 22:34 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Windows\PCHEALTH
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-08-05 21:42 - 2012-09-26 15:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-08-05 21:40 - 2013-08-05 21:40 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-08-05 21:40 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-05 21:39 - 2013-08-05 21:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-08-05 21:38 - 2013-08-05 21:38 - 00000000 ____D C:\Users\Dogan\AppData\Local\Microsoft Help
2013-08-05 21:38 - 2013-08-05 21:38 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-05 21:38 - 2013-08-05 21:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-08-05 21:38 - 2012-07-26 09:52 - 00000000 ____D C:\Windows\ShellNew
2013-08-05 21:38 - 2012-07-26 07:26 - 00000199 _____ C:\Windows\win.ini
2013-08-05 21:37 - 2013-08-05 21:37 - 00000000 __RHD C:\MSOCache
2013-08-05 21:37 - 2013-08-05 21:36 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\DAEMON Tools Lite
2013-08-05 21:37 - 2013-08-05 21:35 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-08-05 21:36 - 2013-08-05 21:36 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-08-05 21:36 - 2013-08-05 21:36 - 00001958 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-08-05 21:36 - 2013-08-05 21:36 - 00000009 _____ C:\END
2013-08-05 21:36 - 2013-08-05 21:36 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\OpenCandy
2013-08-05 21:36 - 2013-08-05 21:36 - 00000000 ____D C:\Users\Dogan\AppData\Local\CRE
2013-08-05 21:36 - 2013-08-05 21:36 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-08-05 21:36 - 2013-08-05 21:36 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-08-05 21:35 - 2013-08-05 21:34 - 13901152 _____ (Disc Soft Ltd) C:\Users\Dogan\Downloads\DTLite4471-0333.exe
2013-08-05 20:43 - 2013-06-10 16:24 - 00412672 ___SH C:\Users\Dogan\Downloads\Thumbs.db
2013-08-05 20:30 - 2013-06-10 16:04 - 00000000 ___HD C:\Users\Dogan\Downloads\.picasaoriginals
2013-08-05 20:25 - 2013-08-05 20:09 - 820998144 _____ C:\Users\Dogan\Downloads\OfficeProfessionalPlus_x64_de-de.img
2013-08-05 20:04 - 2013-05-26 15:18 - 00000000 ____D C:\Users\Dogan\Documents\Bluetooth Folder
2013-08-05 20:02 - 2012-07-26 09:21 - 00032484 _____ C:\Windows\setupact.log
2013-08-04 21:09 - 2013-08-04 21:09 - 00000000 ____D C:\Users\Dogan\Neuer Ordner (2)
2013-08-04 21:09 - 2013-08-04 21:09 - 00000000 ____D C:\Users\Dogan\Neuer Ordner
2013-08-03 02:06 - 2013-05-26 12:12 - 00000000 ____D C:\Users\Dogan\AppData\Local\Packages
2013-08-03 02:01 - 2012-09-01 22:32 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-08-03 01:58 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing
2013-07-31 00:28 - 2013-05-29 16:12 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-28 23:56 - 2013-05-29 10:03 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-24 23:22 - 2013-07-24 23:22 - 00955256 _____ C:\Users\Dogan\Downloads\[ Kein Betreff ].eml
2013-07-24 01:48 - 2013-05-26 12:21 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4039273427-3422687684-3539813997-1001
2013-07-20 01:36 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-20 01:35 - 2013-05-26 12:18 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Spotify
2013-07-16 00:22 - 2013-05-29 16:11 - 00004092 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 00:22 - 2013-05-29 16:11 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-15 10:46 - 2013-07-15 10:46 - 00000000 ____D C:\Users\Dogan\AppData\Local\Cisco
2013-07-15 10:46 - 2013-07-15 10:46 - 00000000 ____D C:\ProgramData\Cisco
2013-07-15 10:46 - 2013-07-15 10:46 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-07-15 10:45 - 2013-07-15 10:45 - 02719064 _____ (Cisco Systems, Inc.) C:\Users\Dogan\Downloads\anyconnect-win-3.0.11042-web-deploy-k9.exe
2013-07-15 10:43 - 2013-07-15 10:43 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-15 10:43 - 2013-07-15 10:43 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-15 10:43 - 2013-07-15 10:43 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-15 10:43 - 2013-07-15 10:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-15 10:43 - 2013-07-15 10:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-15 10:43 - 2013-07-15 10:43 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-15 10:43 - 2013-07-15 10:43 - 00000000 ____D C:\ProgramData\Sun
2013-07-15 10:43 - 2013-07-15 10:43 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-15 10:41 - 2013-07-15 10:41 - 00903080 _____ (Oracle Corporation) C:\Users\Dogan\Downloads\chromeinstall-7u25.exe
2013-07-15 01:27 - 2013-07-15 01:27 - 00440943 _____ C:\Users\Dogan\Downloads\VLDiagnostik1_1_SS13 (1).pptx
2013-07-15 01:27 - 2013-07-15 01:27 - 00158680 _____ C:\Users\Dogan\Downloads\Grundlagen_der_psychologischen_Diagnostik-Neue_Dokumente.zip
Files to move or delete:
====================
C:\Users\Dogan\AppData\Roaming\BabSolution\Shared\NTRedirect.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-11 22:01
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2013 01
Ran by Dogan at 2013-08-14 22:51:11
Running from C:\Users\Dogan\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
clear.fi SDK - Video 2 (x32 Version: 2.1.1925)
clear.fi SDK- Movie 2 (x32 Version: 2.1.2008)
Acer Backup Manager (x32 Version: 4.0.0.0059)
Acer Device Fast-lane (Version: 1.00.3007)
Acer Instant Update Service (Version: 1.00.3013)
Acer Power Management (Version: 7.00.3006)
Acer Recovery Management (Version: 6.00.3011)
Acer Theft Shield (Version: 1.01.3006)
AcerCloud (x32 Version: 2.01.3115)
AcerCloud Docs (x32 Version: 1.00.3201)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98)
Aloha TriPeaks (x32 Version: 2.2.0.98)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Backup Manager v4 (x32 Version: 4.0.0.0059)
Bejeweled 3 (x32 Version: 2.2.0.98)
Bonjour (Version: 3.0.0.10)
BrowserDefender (x32)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.11042)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.11042)
clear.fi Media (x32 Version: 2.01.3108)
clear.fi Photo (x32 Version: 2.01.3108)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98)
Delta Chrome Toolbar (x32)
Dolby Home Theater v4 (x32 Version: 7.2.8000.13)
eBay Worldwide (x32 Version: 2.3.0630)
ExpressCache (Version: 1.0.86)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Google Chrome (x32 Version: 28.0.1500.95)
Google Update Helper (x32 Version: 1.3.21.153)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110)
Identity Card (x32 Version: 2.00.3004)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2867)
Intel(R) Rapid Start Technology (x32 Version: 2.1.0.1002)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.0.1207)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Island Tribe (x32 Version: 2.2.0.98)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Jewel Match 3 (x32 Version: 2.2.0.98)
John Deere Drive Green (x32 Version: 2.2.0.95)
Launch Manager (x32 Version: 7.0.4)
Live Updater (x32 Version: 2.00.3004)
LyricXeeker (x32)
Magic Academy (x32 Version: 2.2.0.98)
Microsoft Office 365 Home Premium - de-de (Version: 15.0.4517.1509)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft SkyDrive (HKCU Version: 17.0.2003.1112)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0)
MyWinLocker (Version: 4.0.14.35)
MyWinLocker 4 (x32 Version: 4.0.14.35)
MyWinLocker Suite (x32 Version: 4.0.14.24)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4517.1509)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4517.1509)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4517.1509)
Office Addin (x32 Version: 2.01.3200)
Open It! (x32 Version: 1.1.1)
Penguins! (x32 Version: 2.2.0.98)
Picasa 3 (x32 Version: 3.9)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
Polar Bowler (x32 Version: 2.2.0.97)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.220)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (x32 Version: 11.41)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6690)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030)
Security Task Manager 1.8g (x32 Version: 1.8g)
Shared C Run-time for x64 (Version: 10.0.0)
Shredder (Version: 2.0.8.9)
Shredder (x32 Version: 2.0.8.9)
Sleep Memory Optimizer (Version: 1.01.3000)
Smart Timer (x32 Version: 1.00.3007)
Spotify (x32 Version: 0.8.4.99.ga249b5f1)
Tales of Lagoona (x32 Version: 2.2.0.110)
TopArcadeHits (HKCU)
Update for Zip Opener (HKCU)
Update Installer for WildTangent Games App (x32)
Visual Studio 2005 Tools for Office Second Edition Runtime (x32)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729)
Visual Studio Tools for the Office system 3.0 Runtime (x32)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (x32 Version: 1)
Ware PS/2-X64 11.6.6.002_WHQL (Version: 11.6.6.002)
WildTangent Games (x32 Version: 1.0.3.0)
WildTangent Games App (x32 Version: 4.0.9.3)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
Yahoo! Software Update (x32)
Yahoo! Toolbar (x32)
Zip Opener Packages (HKCU)
Zuma's Revenge (x32 Version: 2.2.0.98)
==================== Restore Points =========================
28-07-2013 21:55:00 Windows Update
02-08-2013 23:56:56 Windows Update
05-08-2013 18:31:56 Microsoft Office Shared MUI (German) 2013 wird installiert
11-08-2013 04:08:52 Windows Update
==================== Hosts content: ==========================
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {022D51F2-FB81-442E-89A1-776587FA1759} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {0B904F64-E264-4375-B507-7737FAF9B802} - System32\Tasks\TopArcadeHits => C:\Users\Dogan\AppData\Local\TopArcadeHits\updater.exe [2013-08-14] ()
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {11C8A6BB-D07D-481B-BA46-8FCD494FF068} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {16BE4442-8E14-4A1F-A735-F1BD9BCA2B55} - System32\Tasks\BrowserDefendert => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {211E8190-4806-4183-8DE2-515982FC18EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29] (Google Inc.)
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {4BEFEC32-E8B0-4F16-944A-DB596E3B30B5} - System32\Tasks\Theft Shield\AcerTheftShieldTask => C:\Program Files\Acer\Acer Theft Shield\USecuAppLauncher.exe [2012-11-12] (Acer Incorporated)
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {5D7E1113-995D-46B0-BAE4-D500B7BAA695} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {65735B5B-2830-45BA-BDB5-0C486D7B786C} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {6606C5A8-BA5E-41DB-A276-54B59821E020} - System32\Tasks\EPUpdater => C:\Users\Dogan\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-08-04] ()
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {70FC0B1B-17C9-44CF-BBC9-329986FF43D6} - System32\Tasks\DSite => C:\Users\Dogan\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE [2013-08-14] ()
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7B27F501-25CB-450E-B3E4-F2ADDABEEE7D} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {89744D80-0790-4EC7-AF0A-48BA6B50915A} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {99C60366-522E-4ED0-A0FC-DDE0171432FC} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)
Task: {A01219C0-0502-4B47-B2F5-B7A354F3FB77} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AE791701-D72F-4A0B-9568-1B9C7EC2CE74} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-08-05] ()
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AECBD729-C5BC-4115-868E-B8DFD76CE438} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B79C753C-FE6D-4244-9609-F1680085D9A1} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {C83BBC70-0E2D-4BF7-93B0-94B1E5D1E7BC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-09] (Microsoft Corporation)
Task: {CB91D079-CF80-455A-9945-04D76C4C3A70} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4039273427-3422687684-3539813997-500
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D24BCB68-16F5-4EAF-A75B-0AA830369D28} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-08-14] (Microsoft Corporation)
Task: {D64BBF8C-1679-42D9-9572-1126B5619803} - System32\Tasks\Smart Timer Task Scheduler => C:\Program Files\Smart Timer\Smart_Timer.exe [2012-06-22] (Acer Incorporated)
Task: {D83136C9-F572-497E-9331-1B4926EC5BE7} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: {D8C55F2A-9E27-404E-82BD-83BE82B698A3} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
Task: {D98A6124-692A-45B8-95C5-68FEB1F2A9BB} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E20DDC34-6A93-4D9F-BDBE-9D571F9C4CB7} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {EE95979E-9F2C-46D1-A5A4-A468DB35927D} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4039273427-3422687684-3539813997-1001
Task: {F825629A-C0DB-4DFD-ACE2-93F005D24D48} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FC62B149-E9AC-4606-BF3E-947C5DCBC883} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29] (Google Inc.)
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\DSite.job => C:\Users\Dogan\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4039273427-3422687684-3539813997-1001Core.job => C:\Users\Dogan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\LyricXeeker Update.job => C:\Program Files (x86)\LyriXeeker\LyriXupdate.exe
Task: C:\Windows\Tasks\TopArcadeHits.job => C:\Users\Dogan\AppData\Local\TopArcadeHits\updater.exe
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/14/2013 10:45:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1188
Error: (08/14/2013 10:45:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1188
Error: (08/14/2013 10:45:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/14/2013 08:16:13 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.2.9200.16384, Zeitstempel: 0x50109e4e
Name des fehlerhaften Moduls: BrowserDefender.dll, Version: 2.6.1519.190, Zeitstempel: 0x51f24af7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00178d49
ID des fehlerhaften Prozesses: 0xb68
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe0
Pfad der fehlerhaften Anwendung: rundll32.exe1
Pfad des fehlerhaften Moduls: rundll32.exe2
Berichtskennung: rundll32.exe3
Vollständiger Name des fehlerhaften Pakets: rundll32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: rundll32.exe5
Error: (08/14/2013 08:16:12 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.2.9200.16384, Zeitstempel: 0x50109e4e
Name des fehlerhaften Moduls: BrowserDefender.dll, Version: 2.6.1519.190, Zeitstempel: 0x51f24af7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00178d49
ID des fehlerhaften Prozesses: 0xb68
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe0
Pfad der fehlerhaften Anwendung: rundll32.exe1
Pfad des fehlerhaften Moduls: rundll32.exe2
Berichtskennung: rundll32.exe3
Vollständiger Name des fehlerhaften Pakets: rundll32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: rundll32.exe5
Error: (08/14/2013 03:35:10 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (08/14/2013 03:33:14 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (08/13/2013 05:39:05 PM) (Source: Application Hang) (User: )
Description: Programm taskman.exe, Version 1.8.6.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 195c
Startzeit: 01ce983b26db638e
Endzeit: 47
Anwendungspfad: C:\Program Files (x86)\Security Task Manager\taskman.exe
Berichts-ID: 728c7a90-042e-11e3-be89-689423302c16
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (08/13/2013 07:32:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2578
Error: (08/13/2013 07:32:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2578
System errors:
=============
Error: (08/14/2013 07:36:17 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 14.08.2013 um 06:53:52 unerwartet heruntergefahren.
Error: (08/12/2013 09:04:10 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 12.08.2013 um 19:41:42 unerwartet heruntergefahren.
Error: (08/12/2013 07:06:11 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FIX87",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{32A528D0-343E-40F1-AC1A-6CC8585D9EF0}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (08/12/2013 07:06:01 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FIX87",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{32A528D0-343E-40F1-AC1A-6CC8585D9EF0}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (08/05/2013 09:46:47 PM) (Source: DCOM) (User: DOGAN)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (08/05/2013 08:22:46 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ILHAN-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{32A528D0-343E-40F1-AC1A-6CC8585D9EF0}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (08/03/2013 01:59:41 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst mfevtp erreicht.
Error: (08/03/2013 01:57:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f082f fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2822241)
Error: (07/31/2013 03:01:16 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{32A528D0-343E-40F1-AC1A-6CC8585D9EF0}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (07/31/2013 00:12:59 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{32A528D0-343E-40F1-AC1A-6CC8585D9EF0}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Microsoft Office Sessions:
=========================
Error: (08/14/2013 10:45:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1188
Error: (08/14/2013 10:45:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1188
Error: (08/14/2013 10:45:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/14/2013 08:16:13 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.2.9200.1638450109e4eBrowserDefender.dll2.6.1519.19051f24af7c000000500178d49b6801ce991a55272043C:\Windows\SysWOW64\rundll32.exeC:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll99bcd36f-050d-11e3-be8a-689423302c16
Error: (08/14/2013 08:16:12 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.2.9200.1638450109e4eBrowserDefender.dll2.6.1519.19051f24af7c000000500178d49b6801ce991a55272043C:\Windows\SysWOW64\rundll32.exeC:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll9918503c-050d-11e3-be8a-689423302c16
Error: (08/14/2013 03:35:10 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (08/14/2013 03:33:14 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161
Error: (08/13/2013 05:39:05 PM) (Source: Application Hang)(User: )
Description: taskman.exe1.8.6.0195c01ce983b26db638e47C:\Program Files (x86)\Security Task Manager\taskman.exe728c7a90-042e-11e3-be89-689423302c16
Error: (08/13/2013 07:32:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2578
Error: (08/13/2013 07:32:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2578
==================== Memory info ===========================
Percentage of memory in use: 73%
Total physical RAM: 3911.27 MB
Available physical RAM: 1045.2 MB
Total Pagefile: 5511.27 MB
Available Pagefile: 2311.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:452.25 GB) (Free:365.55 GB) NTFS (Disk=0 Partition=4)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 16DEC2BE)
Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 19 GB) (Disk ID: D49C17B0)
Partition: GPT Partition Type
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-14 23:02:02
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003e Hitachi_HTS545050A7E380 rev.GG2OA6C0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Dogan\AppData\Local\Temp\pgtoapow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\dwm.exe[1028] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fa11051532 4 bytes [05, 11, FA, 07]
.text C:\Windows\system32\dwm.exe[1028] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fa1105153a 4 bytes [05, 11, FA, 07]
.text C:\Windows\system32\dwm.exe[1028] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fa1105165a 4 bytes [05, 11, FA, 07]
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1112] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fa2265177a 4 bytes [65, 22, FA, 07]
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1112] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fa22651782 4 bytes [65, 22, FA, 07]
.text C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe[536] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fa2265177a 4 bytes [65, 22, FA, 07]
.text C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe[536] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fa22651782 4 bytes [65, 22, FA, 07]
.text C:\Windows\system32\taskhostex.exe[3096] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fa11051532 4 bytes [05, 11, FA, 07]
.text C:\Windows\system32\taskhostex.exe[3096] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fa1105153a 4 bytes [05, 11, FA, 07]
.text C:\Windows\system32\taskhostex.exe[3096] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fa1105165a 4 bytes [05, 11, FA, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [612:636] fffff960009345e8
Thread C:\Windows\System32\svchost.exe [984:1308] 000007fa204497dc
Thread C:\Windows\System32\svchost.exe [984:1316] 000007fa1d43c0f0
Thread C:\Windows\System32\svchost.exe [984:1332] 000007fa1c99ba00
Thread C:\Windows\System32\svchost.exe [984:1336] 000007fa1d47c138
Thread C:\Windows\System32\svchost.exe [984:4088] 000007fa17f6d594
Thread C:\Windows\System32\svchost.exe [984:4788] 000007fa17f64150
Thread C:\Windows\system32\svchost.exe [1256:1588] 000007fa1c2c7a10
Thread C:\Windows\system32\svchost.exe [1256:2064] 000007fa1b6dadf0
Thread C:\Windows\system32\svchost.exe [1256:4316] 000007fa1b585c38
Thread C:\Windows\system32\svchost.exe [1256:2456] 000007fa192d77b0
Thread C:\Windows\system32\svchost.exe [1256:2436] 000007fa192d77b0
Thread C:\Windows\system32\svchost.exe [1472:1496] 000007fa21253c90
Thread C:\Windows\system32\svchost.exe [1472:1500] 000007fa21253c90
Thread C:\Windows\system32\svchost.exe [1472:1552] 000007fa21253c90
Thread C:\Windows\system32\svchost.exe [1472:1560] 000007fa1c31c4f0
Thread C:\Windows\system32\svchost.exe [1472:1580] 000007fa1c334e10
Thread C:\Windows\system32\svchost.exe [1472:1592] 000007fa1c328810
Thread C:\Windows\system32\svchost.exe [1472:1600] 000007fa1c345170
Thread C:\Windows\system32\svchost.exe [1472:1604] 000007fa1c3284a0
Thread C:\Windows\system32\svchost.exe [1472:2028] 000007fa1bb731a0
Thread C:\Windows\system32\svchost.exe [1472:2764] 000007fa1bb79c68
Thread C:\Windows\system32\svchost.exe [1472:1104] 000007fa192624e8
Thread C:\Windows\system32\svchost.exe [1472:1352] 000007fa19201544
Thread C:\Windows\system32\svchost.exe [1472:1944] 000007fa191e55dc
Thread C:\Windows\system32\svchost.exe [1472:3284] 000007fa18f84910
Thread C:\Windows\system32\dashost.exe [2016:4320] 000007fa1b585c38
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3464] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3468] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3472] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3476] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3480] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3484] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3488] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3492] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3496] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3500] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3504] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3508] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3512] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3516] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3520] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3524] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3528] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3532] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3536] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3540] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3544] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3548] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3552] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3556] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3560] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3564] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3568] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3572] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3576] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3580] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3584] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3588] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3592] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3596] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3600] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3604] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3608] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3612] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3616] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3620] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3624] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3628] 000007fa19c34ddc
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2088:3632] 000007fa19c36070
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3220:3936] 000007fa192d77b0
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3220:4680] 000007fa245ac648
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3220:5560] 000007fa217b5990
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3220:168] 000007fa192d77b0
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3220:3444] 000007fa20051b78
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3220:1972] 000007fa22161c70
Thread C:\Windows\SysWOW64\rundll32.exe [5312:5320] 0000000073f0443d
Thread C:\Windows\SYSTEM32\ntdll.dll [5752:4184] 000000000040add1
Thread C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2812:4656] 0000000077224f62
Thread C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2812:2120] 000000006e7797fe
Thread C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [3168:1652] 0000000077224f62
Thread C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [3168:5448] 000000006e7797fe
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
15.08.2013, 10:29
| #4 |
| | Virus - DKB Konto ausgespäht - Entrusted ToolbarCode:
ATTFilter ComboFix 13-08-14.02 - Dogan 15.08.2013 10:48:52.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.49.1031.18.3911.2037 [GMT 2:00]
ausgeführt von:: c:\users\Dogan\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dogan\AppData\Local\assembly\tmp
c:\users\Dogan\AppData\Local\TopArcadeHits
c:\users\Dogan\AppData\Local\TopArcadeHits\tah.config
c:\users\Dogan\AppData\Local\TopArcadeHits\Toparcadehits.dll
c:\users\Dogan\AppData\Local\TopArcadeHits\uninstaller.exe
c:\users\Dogan\AppData\Local\TopArcadeHits\updater.exe
c:\windows\Tasks\TopArcadeHits.job
c:\windows\Temp\log.txt
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BrowserDefendert
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-15 bis 2013-08-15 ))))))))))))))))))))))))))))))
.
.
2013-08-15 00:58 . 2013-08-15 00:58 -------- d-----w- c:\users\Dogan\AppData\Roaming\Avira
2013-08-15 00:54 . 2013-08-15 00:54 -------- d-----w- c:\programdata\AskPartnerNetwork
2013-08-15 00:54 . 2013-08-15 00:54 -------- d-----w- c:\program files (x86)\AskPartnerNetwork
2013-08-15 00:53 . 2013-08-15 00:53 -------- d-----w- c:\programdata\APN
2013-08-15 00:53 . 2013-08-15 00:52 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-08-15 00:53 . 2013-08-15 00:52 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-08-15 00:53 . 2013-08-15 00:52 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-08-15 00:53 . 2013-08-15 00:52 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-15 00:53 . 2013-08-15 00:53 -------- d-----w- c:\programdata\Avira
2013-08-15 00:53 . 2013-08-15 00:53 -------- d-----w- c:\program files (x86)\Avira
2013-08-14 20:50 . 2013-08-14 20:50 -------- d-----w- C:\FRST
2013-08-14 18:16 . 2013-08-14 18:16 -------- d-----w- c:\users\Dogan\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-14 18:16 . 2013-08-14 18:16 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-08-14 18:16 . 2013-08-14 18:16 -------- d-----w- c:\windows\SysWow64\Extensions
2013-08-14 18:16 . 2013-08-14 18:16 -------- d-----w- c:\programdata\Yahoo!
2013-08-14 18:16 . 2013-08-14 18:16 -------- d-----w- c:\programdata\Yahoo! Companion
2013-08-14 18:16 . 2013-08-14 18:16 -------- d-----w- c:\users\Dogan\AppData\Roaming\Yahoo!
2013-08-14 18:16 . 2013-08-14 18:16 -------- d-----w- c:\program files (x86)\Yahoo!
2013-08-14 18:16 . 2013-08-14 18:16 -------- d-----w- c:\programdata\BrowserDefender
2013-08-14 18:16 . 2013-08-14 18:16 -------- d-----w- c:\users\Dogan\AppData\Roaming\BabSolution
2013-08-14 18:15 . 2013-08-14 18:15 -------- d-----w- c:\users\Dogan\AppData\Roaming\DSite
2013-08-14 18:15 . 2013-08-14 18:15 -------- d-----w- c:\users\Dogan\AppData\Roaming\Babylon
2013-08-14 18:15 . 2013-08-14 18:15 -------- d-----w- c:\programdata\Babylon
2013-08-14 18:15 . 2013-08-14 18:15 -------- d-----w- c:\program files (x86)\OpenIt
2013-08-14 18:15 . 2013-08-14 18:15 -------- d-----w- c:\program files (x86)\LyriXeeker
2013-08-13 05:16 . 2013-08-13 05:20 -------- d-----w- c:\programdata\SecTaskMan
2013-08-13 05:14 . 2013-08-13 05:14 -------- d-----w- c:\program files (x86)\Security Task Manager
2013-08-11 19:52 . 2013-08-11 19:52 261808 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10213.bin
2013-08-05 19:42 . 2013-08-05 19:42 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2013-08-05 19:42 . 2013-08-05 19:42 -------- d-----w- c:\windows\PCHEALTH
2013-08-05 19:42 . 2013-08-05 19:42 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2013-08-05 19:42 . 2013-08-05 19:42 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-08-05 19:39 . 2013-08-05 19:39 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2013-08-05 19:38 . 2013-08-05 19:38 -------- d-----w- c:\program files\Microsoft Office
2013-08-05 19:38 . 2013-08-05 19:38 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-08-05 19:38 . 2013-08-05 19:38 -------- d-----w- c:\users\Dogan\AppData\Local\Microsoft Help
2013-08-05 19:38 . 2013-08-14 18:01 -------- d-----w- c:\programdata\Microsoft Help
2013-08-05 19:37 . 2013-08-05 19:37 -------- d-----r- C:\MSOCache
2013-08-05 19:36 . 2013-08-05 19:36 -------- d-----w- c:\users\Dogan\AppData\Local\CRE
2013-08-05 19:36 . 2013-08-05 19:36 -------- d-----w- c:\program files (x86)\Conduit
2013-08-05 19:36 . 2013-08-05 19:36 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-08-05 19:36 . 2013-08-05 19:37 -------- d-----w- c:\users\Dogan\AppData\Roaming\DAEMON Tools Lite
2013-08-05 19:36 . 2013-08-05 19:36 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2013-08-05 19:36 . 2013-08-05 19:36 -------- d-----w- c:\users\Dogan\AppData\Roaming\OpenCandy
2013-08-05 19:35 . 2013-08-05 19:37 -------- d-----w- c:\programdata\DAEMON Tools Lite
2013-08-05 18:02 . 2013-08-05 19:49 -------- d-----w- c:\windows\AutoKMS
2013-08-04 19:09 . 2013-08-04 19:09 -------- d-----w- c:\users\Dogan\Neuer Ordner
2013-08-04 19:09 . 2013-08-04 19:09 -------- d-----w- c:\users\Dogan\Neuer Ordner (2)
2013-08-04 14:41 . 2013-06-16 22:41 997632 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-08-04 14:38 . 2013-06-21 05:04 19187712 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-08-04 14:38 . 2013-06-21 04:46 18523648 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 17:55 . 2013-05-28 13:31 564432 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-07-28 21:56 . 2013-05-29 08:03 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-15 08:43 . 2013-07-15 08:43 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-15 08:43 . 2013-07-15 08:43 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-15 08:43 . 2013-07-15 08:43 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-27 22:04 . 2012-07-26 08:14 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04 . 2012-07-26 08:14 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43 . 2013-07-15 08:56 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-11 23:43 . 2013-07-15 08:56 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-11 23:26 . 2013-07-15 08:56 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-11 23:26 . 2013-07-15 08:56 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:26 . 2013-07-15 08:56 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-11 23:25 . 2013-07-15 08:56 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:25 . 2013-07-15 08:56 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-06-11 23:25 . 2013-07-15 08:56 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:25 . 2013-07-15 08:56 855552 ----a-w- c:\windows\system32\jscript.dll
2013-06-11 23:25 . 2013-07-15 08:56 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-06-11 23:25 . 2013-07-15 08:56 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-06-01 09:25 . 2013-07-15 08:56 496640 ----a-w- c:\windows\SysWow64\qedit.dll
2013-06-01 09:21 . 2013-07-15 08:56 595968 ----a-w- c:\windows\system32\qedit.dll
2013-05-30 23:24 . 2013-06-16 22:39 1257472 ----a-w- c:\windows\system32\kernel32.dll
2013-05-30 23:14 . 2013-07-15 08:56 4036096 ----a-w- c:\windows\system32\win32k.sys
2013-05-26 14:00 . 2013-05-26 14:00 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-05-26 14:00 . 2013-05-26 14:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-05-26 13:12 . 2013-05-26 13:12 598780 ----a-w- c:\windows\system32\igvpkrng700.bin
2013-05-26 13:12 . 2013-05-26 13:12 277024 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2013-05-26 13:12 . 2013-05-26 13:12 241664 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2013-05-26 13:12 . 2013-05-26 13:12 195584 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2013-05-26 13:12 . 2013-05-26 13:12 116224 ----a-w- c:\windows\system32\igfxCoIn_v2867.dll
2013-05-26 13:12 . 2013-05-26 13:12 509984 ----a-w- c:\windows\system32\igfxsrvc.exe
2013-05-26 13:12 . 2013-05-26 13:12 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2013-05-26 13:12 . 2013-05-26 13:12 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2013-05-26 13:12 . 2013-05-26 13:12 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2013-05-26 13:12 . 2013-05-26 13:12 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2013-05-26 13:12 . 2013-05-26 13:12 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2013-05-26 13:12 . 2013-05-26 13:12 438784 ----a-w- c:\windows\system32\igfxrsky.lrc
2013-05-26 13:12 . 2013-05-26 13:12 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2013-05-26 13:12 . 2013-05-26 13:12 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2013-05-26 13:12 . 2013-05-26 13:12 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2013-05-26 13:12 . 2013-05-26 13:12 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2013-05-26 13:12 . 2013-05-26 13:12 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2013-05-26 13:12 . 2013-05-26 13:12 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2013-05-26 13:12 . 2013-05-26 13:12 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2013-05-26 13:12 . 2013-05-26 13:12 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2013-05-26 13:12 . 2013-05-26 13:12 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2013-05-26 13:12 . 2013-05-26 13:12 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2013-05-26 13:12 . 2013-05-26 13:12 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2013-05-26 13:12 . 2013-05-26 13:12 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2013-05-26 13:12 . 2013-05-26 13:12 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2013-05-26 13:12 . 2013-05-26 13:12 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2013-05-26 13:12 . 2013-05-26 13:12 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2013-05-26 13:12 . 2013-05-26 13:12 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2013-05-26 13:12 . 2013-05-26 13:12 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2013-05-26 13:12 . 2013-05-26 13:12 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2013-05-26 13:12 . 2013-05-26 13:12 431104 ----a-w- c:\windows\system32\igfxrkor.lrc
2013-05-26 13:12 . 2013-05-26 13:12 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2013-05-26 13:12 . 2013-05-26 13:12 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2013-05-26 13:12 . 2013-05-26 13:12 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2013-05-26 13:12 . 2013-05-26 13:12 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2013-05-26 13:12 . 2013-05-26 13:12 171040 ----a-w- c:\windows\system32\igfxtray.exe
2013-05-26 13:12 . 2013-05-26 13:12 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2013-05-26 13:12 . 2012-09-26 22:12 9007616 ----a-w- c:\windows\system32\igfxress.dll
2013-05-26 13:12 . 2012-09-26 22:12 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2013-05-26 13:12 . 2013-05-26 13:12 9728 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2013-05-26 13:12 . 2013-05-26 13:12 441888 ----a-w- c:\windows\system32\igfxpers.exe
2013-05-26 13:12 . 2013-05-26 13:12 330240 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2013-05-26 13:12 . 2013-05-26 13:12 252448 ----a-w- c:\windows\system32\igfxext.exe
2013-05-26 13:12 . 2013-05-26 13:12 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2013-05-26 13:12 . 2013-05-26 13:12 142336 ----a-w- c:\windows\system32\igfxdo.dll
2013-05-26 13:12 . 2013-05-26 13:12 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2013-05-26 13:12 . 2012-09-26 22:12 441856 ----a-w- c:\windows\system32\igfxdev.dll
2013-05-26 13:12 . 2012-09-26 22:12 386048 ----a-w- c:\windows\system32\igfxpph.dll
2013-05-26 13:12 . 2012-09-26 22:12 28672 ----a-w- c:\windows\system32\igfxexps.dll
2013-05-26 13:12 . 2013-05-26 13:12 27664896 ----a-w- c:\windows\system32\igdrcl64.dll
2013-05-26 13:12 . 2013-05-26 13:12 11040256 ----a-w- c:\windows\SysWow64\igdumd32.dll
2013-05-26 13:12 . 2013-05-26 13:12 27643904 ----a-w- c:\windows\SysWow64\igdrcl32.dll
2013-05-26 13:12 . 2012-09-26 22:12 12604416 ----a-w- c:\windows\system32\igdumd64.dll
2013-05-26 13:12 . 2013-05-26 13:12 5343584 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2013-05-26 13:12 . 2013-05-26 13:12 27438080 ----a-w- c:\windows\system32\igdfcl64.dll
2013-05-26 13:12 . 2013-05-26 13:12 21818368 ----a-w- c:\windows\SysWow64\igdfcl32.dll
2013-05-26 13:12 . 2013-05-26 13:12 80384 ----a-w- c:\windows\system32\igdde64.dll
2013-05-26 13:12 . 2013-05-26 13:12 64512 ----a-w- c:\windows\SysWow64\igdde32.dll
2013-05-26 13:12 . 2013-05-26 13:12 3582976 ----a-w- c:\windows\system32\igdbcl64.dll
2013-05-26 13:12 . 2013-05-26 13:12 2899968 ----a-w- c:\windows\SysWow64\igdbcl32.dll
2013-05-26 13:12 . 2013-05-26 13:12 11158528 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2013-05-26 13:12 . 2012-07-25 20:22 12836864 ----a-w- c:\windows\system32\igd10umd64.dll
2013-05-26 13:12 . 2013-05-26 13:12 8579584 ----a-w- c:\windows\SysWow64\ig7icd32.dll
2013-05-26 13:12 . 2013-05-26 13:12 755048 ----a-w- c:\windows\system32\igcodeckrng700.bin
2013-05-26 13:12 . 2013-05-26 13:12 399392 ----a-w- c:\windows\system32\hkcmd.exe
2013-05-26 13:12 . 2013-05-26 13:12 11595776 ----a-w- c:\windows\system32\ig7icd64.dll
2013-05-26 13:12 . 2012-09-26 22:12 110592 ----a-w- c:\windows\system32\hccutils.dll
2013-05-26 13:12 . 2013-05-26 13:12 5903392 ----a-w- c:\windows\system32\GfxUI.exe
2013-05-26 13:12 . 2013-05-26 13:12 185376 ----a-w- c:\windows\system32\difx64.exe
2013-05-26 13:12 . 2013-05-26 13:12 173568 ----a-w- c:\windows\system32\gfxSrvc.dll
2013-05-26 10:12 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-23 23:01 . 2013-06-16 22:37 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-05-23 22:27 . 2013-06-16 22:37 1022464 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{13335f44-0a13-4f05-ac0e-50c6fed838ea}]
2013-08-13 18:45 135168 ----a-w- c:\program files (x86)\LyriXeeker\126.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-07-26 20:30 12240 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-07-26 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-28 13:44 222712 ----a-w- c:\users\Dogan\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-28 13:44 222712 ----a-w- c:\users\Dogan\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-28 13:44 222712 ----a-w- c:\users\Dogan\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\program files (x86)\Spotify\Data\SpotifyWebHelper.exe" [2012-09-26 1193176]
"Facebook Update"="c:\users\Dogan\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-06-24 138096]
"NTRedirect"="c:\users\Dogan\AppData\Roaming\BabSolution\Shared\NTRedirect.dll" [2013-08-04 127472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2012-04-23 508256]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-12-10 527864]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-08-15 345144]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-07-26 1558480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2012-07-26 62976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Acer Backup Manager Tray.lnk - c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k [2012-8-23 533568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\261519~1.190\{C16C1~1\BrowserDefender.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 DeviceFastLaneService;Device Fast-lane Service;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 USecuAppSvc;Acer Theft Shield Service;c:\program files\Acer\Acer Theft Shield\USecuAppSvc.exe;c:\program files\Acer\Acer Theft Shield\USecuAppSvc.exe [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 CCDMonitorService;CCDMonitorService;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [x]
S2 FFSOpzSvc;Sleep memory optimizer;c:\program files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe;c:\program files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 OfficeSvc;Microsoft Office-Dienst;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 RfButtonDriverService;Dritek RF Button Command Service;c:\windows\RfBtnSvc64.exe;c:\windows\RfBtnSvc64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 ePowerSvc;ePower Service;c:\program files\Acer\Acer Power Management\ePowerSvc.exe;c:\program files\Acer\Acer Power Management\ePowerSvc.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\System32\drivers\irstrtdv.sys;c:\windows\SYSNATIVE\drivers\irstrtdv.sys [x]
S3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;c:\windows\System32\drivers\aPs2Kb2Hid.sys;c:\windows\SYSNATIVE\drivers\aPs2Kb2Hid.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-30 22:27 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-05-11 10:37 215264 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-15 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2013-08-05 18:02]
.
2013-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4039273427-3422687684-3539813997-1001Core.job
- c:\users\Dogan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-24 17:53]
.
2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 14:11]
.
2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 14:11]
.
2013-08-14 c:\windows\Tasks\LyricXeeker Update.job
- c:\program files (x86)\LyriXeeker\LyriXupdate.exe [2013-08-13 18:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-28 13:44 261624 ----a-w- c:\users\Dogan\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-28 13:44 261624 ----a-w- c:\users\Dogan\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-28 13:44 261624 ----a-w- c:\users\Dogan\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-08-14 17:57 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-08-14 17:57 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-08-14 17:57 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-31 12936848]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-07-31 1214608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-26 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-26 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-26 441888]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=928A689423302C16&affID=119351&tt=110813_YTB&tsp=4974
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - c:\users\Dogan\AppData\Local\TopArcadeHits\Toparcadehits.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-LManager - (no file)
Toolbar-Locked - (no file)
HKLM-Run-BtPreLoad - c:\program files (x86)\Bluetooth Suite\BtPreLoad.exe
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-{C1C3E833-420E-4D78-9BA7-86AEBB272384} - c:\users\Dogan\AppData\Local\TopArcadeHits\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Launch Manager\LManager.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
c:\program files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-15 11:18:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-08-15 09:18
.
Vor Suchlauf: 8 Verzeichnis(se), 403.645.149.184 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 402.769.977.344 Bytes frei
.
- - End Of File - - 6C0822AFF86778DF540F935E449CCB7C
D41D8CD98F00B204E9800998ECF8427E
|
|
15.08.2013, 14:33
| #5 |
| /// the machine /// TB-Ausbilder | Virus - DKB Konto ausgespäht - Entrusted Toolbar Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.08.2013, 20:25
| #6 |
| | Virus - DKB Konto ausgespäht - Entrusted ToolbarCode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.15.05 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16635 Dogan :: DOGAN [Administrator] Schutz: Aktiviert 15.08.2013 20:40:14 mbam-log-2013-08-15 (20-40-14).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 221008 Laufzeit: 6 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Users\Dogan\AppData\Roaming\BabSolution\Shared\NTRedirect.dll (PUP.Optional.Babylon.A) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 7 HKCR\CLSID\{13335f44-0a13-4f05-ac0e-50c6fed838ea} (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{a440b88c-707b-4559-96e0-a9e9e389c50b} (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{28A5F5A8-A4E2-4D3E-96E5-2D05582AA4E8} (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13335F44-0A13-4F05-AC0E-50C6FED838EA} (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lyrix@lyrixeeker.co (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NTRedirect (PUP.Optional.Babylon.A) -> Daten: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Dogan\AppData\Roaming\BabSolution\Shared\NTRedirect.dll",Run -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BrowserDefender.A) -> Bösartig: (c:\PROGRA~3\BROWSE~1\261519~1.190\{C16C1~1\BrowserDefender.dll) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=928A689423302C16&affID=119351&tt=110813_YTB&tsp=4974) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 10 C:\Users\Dogan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits (Adware.GameVance) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dogan\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dogan\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Löschen bei Neustart. C:\Users\Dogan\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dogan\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Löschen bei Neustart. Infizierte Dateien: 45 C:\Users\Dogan\AppData\Roaming\BabSolution\Shared\NTRedirect.dll (PUP.Optional.Babylon.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dogan\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dogan\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dogan\AppData\Roaming\OpenCandy\C8E6D7E303804BD9A1D345B9A340D81A\mconduitinstaller.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dogan\Downloads\DTLite4471-0333.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dogan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\Play Toparcadehits Online.url (Adware.GameVance) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dogan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\Uninstall Toparcadehits.lnk (Adware.GameVance) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dogan\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\chrome.manifest (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\01.crx (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\01.xpi (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\126.crx (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\126.dat (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\126.dll (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\126.xpi (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\crx.dat (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\LyriXupdate.exe (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\sqlite3.dll (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\Uninstall.exe (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\LyriXeeker\xpi.dat (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\LyricXeeker Update.job (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dogan\AppData\Roaming\BabSolution\CR\Delta.crx (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dogan\AppData\Roaming\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dogan\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dogan\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dogan\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v2.306 - Datei am 15/08/2013 um 21:03:01 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzer : Dogan - DOGAN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dogan\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : APNMCP
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Dogan\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\Dogan\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Gelöscht mit Neustart : C:\Users\Dogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk
Ordner Gelöscht : C:\Program Files (x86)\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\Users\Dogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk
Ordner Gelöscht : C:\Users\Dogan\AppData\Local\Temp\APN
Ordner Gelöscht : C:\Users\Dogan\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Dogan\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\Dogan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Ordner Gelöscht : C:\Users\Dogan\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\524d688b268ef10
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\524d688b268ef10
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v28.0.1500.95
Datei : C:\Users\Dogan\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.32] : icon_url = "hxxp://www.delta-search.com/favicon.ico",
Gelöscht [l.35] : keyword = "delta-search.com",
Gelöscht [l.39] : search_url = "hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=928A689423302[...]
Gelöscht [l.2204] : homepage = "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=928A689423302C16&affID=119351&tt=1[...]
Gelöscht [l.2708] : urls_to_restore_on_startup = [ "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=928A6894233[...]
*************************
AdwCleaner[S1].txt - [4538 octets] - [15/08/2013 21:03:01]
########## EOF - C:\AdwCleaner[S1].txt - [4598 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.6 (08.15.2013:1)
OS: Windows 8 x64
Ran by Dogan on 15.08.2013 at 21:14:59,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyrixeeker
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Dogan\appdata\local\cre"
~~~ Chrome
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\epojlgbehpaeekopencdagbdamnkppci
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\epojlgbehpaeekopencdagbdamnkppci
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.08.2013 at 21:18:24,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013 01
Ran by Dogan (administrator) on 15-08-2013 21:20:00
Running from C:\Users\Dogan\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Facebook Inc.) C:\Users\Dogan\AppData\Local\Facebook\Update\FacebookUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-31] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] - "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe" [x]
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2864528 2012-08-20] (ELAN Microelectronics Corp.)
HKCU\...\Run: [Spotify Web Helper] - C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2012-09-26] ()
HKCU\...\Run: [Facebook Update] - C:\Users\Dogan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-24] (Facebook Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [527864 2012-12-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-15] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-08-21] (Acer Incorporated)
HKU\Default User\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-08-21] (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {4C6FA4B0-59D7-444A-A008-F5C32E0E4335} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {4C6FA4B0-59D7-444A-A008-F5C32E0E4335} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {4C6FA4B0-59D7-444A-A008-F5C32E0E4335} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TopArcadeHits Games - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\Dogan\AppData\Local\TopArcadeHits\Toparcadehits.dll No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Dogan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: No Name - C:\Users\Dogan\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\126.xpi
Chrome:
=======
CHR DefaultSearchURL: (Delta Search) - hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=928A689423302C16&affID=119351&tt=110813_YTB&tsp=4974
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Dogan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [epojlgbehpaeekopencdagbdamnkppci] - C:\Program Files (x86)\LyriXeeker\126.crx
==================== Services (Whitelisted) =================
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [811064 2013-08-15] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated)
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-26] (Dritek System INC.)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130016 2013-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-08-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [83672 2013-08-15] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [104960 2012-07-07] (ASIX Electronics Corp.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-08-05] (DT Soft Ltd)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-21] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-26] (Dritek System Inc.)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [50128 2012-12-10] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-15 21:14 - 2013-08-15 21:14 - 00000000 ____D C:\Windows\ERUNT
2013-08-15 21:11 - 2013-08-15 21:11 - 01159319 _____ (Thisisu) C:\Users\Dogan\Downloads\JRT.exe
2013-08-15 21:03 - 2013-08-15 21:03 - 00004663 _____ C:\AdwCleaner[S1].txt
2013-08-15 21:03 - 2013-08-15 21:03 - 00000172 _____ C:\Windows\DeleteOnReboot.bat
2013-08-15 21:01 - 2013-08-15 21:01 - 00666633 _____ C:\Users\Dogan\Downloads\adwcleaner.exe
2013-08-15 20:52 - 2013-08-15 21:06 - 00001096 _____ C:\Windows\SysWOW64\bufferpool.txt
2013-08-15 20:34 - 2013-08-15 20:34 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Malwarebytes
2013-08-15 20:33 - 2013-08-15 20:33 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-15 20:33 - 2013-08-15 20:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-15 20:33 - 2013-08-15 20:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-15 20:33 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-15 20:32 - 2013-08-15 20:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Dogan\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-15 11:18 - 2013-08-15 11:18 - 00034007 _____ C:\ComboFix.txt
2013-08-15 11:04 - 2013-08-15 11:04 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-08-15 10:45 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-15 10:45 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-15 10:45 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-15 10:45 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-15 10:45 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-15 10:45 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-08-15 10:45 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-15 10:45 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-15 10:45 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-15 10:28 - 2013-08-15 11:19 - 00000000 ____D C:\Qoobox
2013-08-15 10:27 - 2013-08-15 11:15 - 00000000 ____D C:\Windows\erdnt
2013-08-15 10:27 - 2013-08-15 10:27 - 05104931 _____ (Swearware) C:\Users\Dogan\Downloads\ComboFix (2).exe
2013-08-15 10:25 - 2013-08-15 10:26 - 05104931 _____ (Swearware) C:\Users\Dogan\Downloads\ComboFix (1).exe
2013-08-15 10:25 - 2013-08-15 10:25 - 05104931 ____R (Swearware) C:\Users\Dogan\Downloads\ComboFix.exe
2013-08-15 03:15 - 2013-08-15 03:15 - 00000053 _____ C:\Users\Dogan\AppData\Roaming\WB.CFG
2013-08-15 02:58 - 2013-08-15 02:58 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Avira
2013-08-15 02:53 - 2013-08-15 02:53 - 00002074 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-15 02:53 - 2013-08-15 02:53 - 00000000 ____D C:\ProgramData\Avira
2013-08-15 02:53 - 2013-08-15 02:53 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-15 02:53 - 2013-08-15 02:52 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-15 02:53 - 2013-08-15 02:52 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-15 02:53 - 2013-08-15 02:52 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-15 02:53 - 2013-08-15 02:52 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-14 23:01 - 2013-08-14 23:01 - 00016848 _____ C:\Users\Dogan\Downloads\Gmer..log
2013-08-14 22:58 - 2013-08-14 22:58 - 00377856 _____ C:\Users\Dogan\Downloads\gmer_2.1.19163.exe
2013-08-14 22:51 - 2013-08-14 22:51 - 00027884 _____ C:\Users\Dogan\Downloads\Addition.txt
2013-08-14 22:50 - 2013-08-15 21:19 - 00000000 ____D C:\Users\Dogan\Desktop\Virus
2013-08-14 22:50 - 2013-08-14 22:50 - 00000000 ____D C:\FRST
2013-08-14 22:49 - 2013-08-14 22:49 - 01575570 _____ (Farbar) C:\Users\Dogan\Downloads\FRST64.exe
2013-08-14 22:49 - 2013-08-14 22:49 - 00000542 _____ C:\Users\Dogan\Downloads\defogger_disable.log
2013-08-14 22:49 - 2013-08-14 22:49 - 00000168 _____ C:\Users\Dogan\defogger_reenable
2013-08-14 22:48 - 2013-08-14 22:48 - 00050477 _____ C:\Users\Dogan\Downloads\Defogger.exe
2013-08-14 20:16 - 2013-08-15 11:34 - 00000000 ____D C:\ProgramData\Yahoo!
2013-08-14 20:16 - 2013-08-15 11:34 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-08-14 20:16 - 2013-08-15 02:54 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Mozilla
2013-08-14 20:16 - 2013-08-14 20:16 - 00003382 _____ C:\Windows\System32\Tasks\EPUpdater
2013-08-14 20:16 - 2013-08-14 20:16 - 00003112 _____ C:\Windows\System32\Tasks\TopArcadeHits
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Yahoo!
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-08-14 20:15 - 2013-08-14 20:15 - 00714352 _____ C:\Users\Dogan\Downloads\ZipOpenerSetup.exe
2013-08-14 19:40 - 2013-08-14 19:41 - 02092792 _____ C:\Users\Dogan\Downloads\avira_free_antivirus.exe
2013-08-13 07:16 - 2013-08-13 07:20 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-08-13 07:14 - 2013-08-13 07:14 - 02365840 _____ C:\Users\Dogan\Downloads\SecurityTaskManager_Setup.exe
2013-08-13 07:14 - 2013-08-13 07:14 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2013-08-13 07:07 - 2013-08-13 07:07 - 00000000 ____D C:\Users\Dogan\Downloads\backups
2013-08-13 07:01 - 2013-08-13 07:07 - 00015833 _____ C:\Users\Dogan\Downloads\hijackthis.log
2013-08-13 07:01 - 2013-08-13 07:01 - 00015922 _____ C:\Users\Dogan\Desktop\hijackthis.log
2013-08-13 06:59 - 2013-08-13 06:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dogan\Downloads\HiJackThis204 (1).exe
2013-08-13 06:57 - 2013-08-13 06:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dogan\Downloads\HiJackThis204.exe
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Windows\PCHEALTH
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-08-05 21:40 - 2013-08-05 21:40 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-08-05 21:39 - 2013-08-05 21:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-08-05 21:38 - 2013-08-14 20:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-05 21:38 - 2013-08-05 21:38 - 00000000 ____D C:\Users\Dogan\AppData\Local\Microsoft Help
2013-08-05 21:38 - 2013-08-05 21:38 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-05 21:38 - 2013-08-05 21:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-08-05 21:37 - 2013-08-05 21:37 - 00000000 ___RD C:\MSOCache
2013-08-05 21:36 - 2013-08-05 21:37 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\DAEMON Tools Lite
2013-08-05 21:36 - 2013-08-05 21:36 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-08-05 21:36 - 2013-08-05 21:36 - 00001958 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-08-05 21:36 - 2013-08-05 21:36 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-08-05 21:35 - 2013-08-05 21:37 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-08-05 20:09 - 2013-08-05 20:25 - 820998144 _____ C:\Users\Dogan\Downloads\OfficeProfessionalPlus_x64_de-de.img
2013-08-05 20:02 - 2013-08-15 21:08 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2013-08-05 20:02 - 2013-08-15 21:08 - 00000286 _____ C:\Windows\Tasks\AutoKMS.job
2013-08-05 20:02 - 2013-08-05 21:49 - 00000000 ____D C:\Windows\AutoKMS
2013-08-04 21:09 - 2013-08-04 21:09 - 00000000 ____D C:\Users\Dogan\Neuer Ordner (2)
2013-08-04 21:09 - 2013-08-04 21:09 - 00000000 ____D C:\Users\Dogan\Neuer Ordner
2013-08-04 16:42 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-08-04 16:42 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-08-04 16:42 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-08-04 16:42 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-04 16:42 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-08-04 16:42 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-08-04 16:42 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-04 16:42 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-08-04 16:42 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-08-04 16:42 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-08-04 16:42 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-08-04 16:42 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2013-08-04 16:42 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-08-04 16:42 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-08-04 16:42 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-08-04 16:42 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-08-04 16:42 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-04 16:42 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-04 16:42 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2013-08-04 16:42 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2013-08-04 16:42 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-08-04 16:42 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2013-08-04 16:42 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2013-08-04 16:42 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2013-08-04 16:42 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2013-08-04 16:42 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2013-08-04 16:42 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-08-04 16:42 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2013-08-04 16:42 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2013-08-04 16:42 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-08-04 16:42 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-08-04 16:42 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-08-04 16:42 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-08-04 16:42 - 2013-05-20 02:08 - 00386642 _____ C:\Windows\system32\ApnDatabase.xml
2013-08-04 16:41 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-08-03 02:00 - 2013-08-05 21:48 - 00454064 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-24 23:22 - 2013-07-24 23:22 - 00955256 _____ C:\Users\Dogan\Downloads\[ Kein Betreff ].eml
==================== One Month Modified Files and Folders =======
2013-08-15 21:19 - 2013-08-14 22:50 - 00000000 ____D C:\Users\Dogan\Desktop\Virus
2013-08-15 21:18 - 2013-08-15 21:18 - 00001795 _____ C:\Users\Dogan\Desktop\JRT.txt
2013-08-15 21:14 - 2013-08-15 21:14 - 00000000 ____D C:\Windows\ERUNT
2013-08-15 21:13 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-08-15 21:11 - 2013-08-15 21:11 - 01159319 _____ (Thisisu) C:\Users\Dogan\Downloads\JRT.exe
2013-08-15 21:10 - 2013-05-26 12:12 - 01992073 _____ C:\Windows\WindowsUpdate.log
2013-08-15 21:08 - 2013-08-05 20:02 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2013-08-15 21:08 - 2013-08-05 20:02 - 00000286 _____ C:\Windows\Tasks\AutoKMS.job
2013-08-15 21:08 - 2013-05-29 16:11 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-15 21:07 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-15 21:06 - 2013-08-15 20:52 - 00001096 _____ C:\Windows\SysWOW64\bufferpool.txt
2013-08-15 21:03 - 2013-08-15 21:03 - 00004663 _____ C:\AdwCleaner[S1].txt
2013-08-15 21:03 - 2013-08-15 21:03 - 00000172 _____ C:\Windows\DeleteOnReboot.bat
2013-08-15 21:01 - 2013-08-15 21:01 - 00666633 _____ C:\Users\Dogan\Downloads\adwcleaner.exe
2013-08-15 20:59 - 2012-09-27 00:28 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-08-15 20:59 - 2012-09-27 00:28 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-08-15 20:59 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-15 20:52 - 2012-08-03 19:14 - 00043436 _____ C:\Windows\PFRO.log
2013-08-15 20:52 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-08-15 20:34 - 2013-08-15 20:34 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Malwarebytes
2013-08-15 20:33 - 2013-08-15 20:33 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-15 20:33 - 2013-08-15 20:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-15 20:33 - 2013-08-15 20:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-15 20:32 - 2013-08-15 20:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Dogan\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-15 20:32 - 2013-06-10 16:24 - 00435200 ___SH C:\Users\Dogan\Downloads\Thumbs.db
2013-08-15 20:27 - 2013-05-29 16:11 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-15 11:34 - 2013-08-14 20:16 - 00000000 ____D C:\ProgramData\Yahoo!
2013-08-15 11:34 - 2013-08-14 20:16 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-08-15 11:19 - 2013-08-15 10:28 - 00000000 ____D C:\Qoobox
2013-08-15 11:19 - 2012-07-26 07:37 - 00000000 __RHD C:\Users\Default
2013-08-15 11:18 - 2013-08-15 11:18 - 00034007 _____ C:\ComboFix.txt
2013-08-15 11:15 - 2013-08-15 10:27 - 00000000 ____D C:\Windows\erdnt
2013-08-15 11:07 - 2012-07-26 07:26 - 00000215 _____ C:\Windows\system.ini
2013-08-15 11:05 - 2012-07-26 07:26 - 81264640 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-08-15 11:05 - 2012-07-26 07:26 - 14155776 _____ C:\Windows\system32\config\SYSTEM.bak
2013-08-15 11:05 - 2012-07-26 07:26 - 00786432 _____ C:\Windows\system32\config\DEFAULT.bak
2013-08-15 11:05 - 2012-07-26 07:26 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-08-15 11:05 - 2012-07-26 07:26 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-08-15 11:04 - 2013-08-15 11:04 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-08-15 10:58 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-15 10:27 - 2013-08-15 10:27 - 05104931 _____ (Swearware) C:\Users\Dogan\Downloads\ComboFix (2).exe
2013-08-15 10:26 - 2013-08-15 10:25 - 05104931 _____ (Swearware) C:\Users\Dogan\Downloads\ComboFix (1).exe
2013-08-15 10:25 - 2013-08-15 10:25 - 05104931 ____R (Swearware) C:\Users\Dogan\Downloads\ComboFix.exe
2013-08-15 03:15 - 2013-08-15 03:15 - 00000053 _____ C:\Users\Dogan\AppData\Roaming\WB.CFG
2013-08-15 02:58 - 2013-08-15 02:58 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Avira
2013-08-15 02:54 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Mozilla
2013-08-15 02:54 - 2013-05-29 14:53 - 00000000 ____D C:\Users\Dogan\AppData\Local\CrashDumps
2013-08-15 02:53 - 2013-08-15 02:53 - 00002074 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-15 02:53 - 2013-08-15 02:53 - 00000000 ____D C:\ProgramData\Avira
2013-08-15 02:53 - 2013-08-15 02:53 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-15 02:52 - 2013-08-15 02:53 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-15 02:52 - 2013-08-15 02:53 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-15 02:52 - 2013-08-15 02:53 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-15 02:52 - 2013-08-15 02:53 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-15 02:51 - 2013-05-26 12:21 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4039273427-3422687684-3539813997-1001
2013-08-15 02:42 - 2013-05-26 15:18 - 00000000 ____D C:\Users\Dogan\Documents\Bluetooth Folder
2013-08-14 23:02 - 2013-06-10 16:26 - 00000000 ___HD C:\Users\Dogan\Desktop\.picasaoriginals
2013-08-14 23:01 - 2013-08-14 23:01 - 00016848 _____ C:\Users\Dogan\Downloads\Gmer..log
2013-08-14 22:58 - 2013-08-14 22:58 - 00377856 _____ C:\Users\Dogan\Downloads\gmer_2.1.19163.exe
2013-08-14 22:55 - 2013-05-29 16:11 - 00000000 ____D C:\Program Files\Google
2013-08-14 22:55 - 2013-05-29 16:11 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-14 22:55 - 2012-09-01 22:32 - 00000000 ____D C:\ProgramData\McAfee
2013-08-14 22:54 - 2013-05-29 09:33 - 00167936 ___SH C:\Users\Dogan\Desktop\Thumbs.db
2013-08-14 22:51 - 2013-08-14 22:51 - 00027884 _____ C:\Users\Dogan\Downloads\Addition.txt
2013-08-14 22:50 - 2013-08-14 22:50 - 00000000 ____D C:\FRST
2013-08-14 22:49 - 2013-08-14 22:49 - 01575570 _____ (Farbar) C:\Users\Dogan\Downloads\FRST64.exe
2013-08-14 22:49 - 2013-08-14 22:49 - 00000542 _____ C:\Users\Dogan\Downloads\defogger_disable.log
2013-08-14 22:49 - 2013-08-14 22:49 - 00000168 _____ C:\Users\Dogan\defogger_reenable
2013-08-14 22:49 - 2013-05-26 12:12 - 00000000 ____D C:\Users\Dogan
2013-08-14 22:48 - 2013-08-14 22:48 - 00050477 _____ C:\Users\Dogan\Downloads\Defogger.exe
2013-08-14 20:16 - 2013-08-14 20:16 - 00003382 _____ C:\Windows\System32\Tasks\EPUpdater
2013-08-14 20:16 - 2013-08-14 20:16 - 00003112 _____ C:\Windows\System32\Tasks\TopArcadeHits
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Yahoo!
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-08-14 20:15 - 2013-08-14 20:15 - 00714352 _____ C:\Users\Dogan\Downloads\ZipOpenerSetup.exe
2013-08-14 20:09 - 2012-07-26 10:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-08-14 20:06 - 2013-05-29 16:11 - 00000000 ____D C:\Users\Dogan\AppData\Local\Google
2013-08-14 20:01 - 2013-08-05 21:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 19:58 - 2013-05-28 15:19 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-08-14 19:41 - 2013-08-14 19:40 - 02092792 _____ C:\Users\Dogan\Downloads\avira_free_antivirus.exe
2013-08-13 07:20 - 2013-08-13 07:16 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-08-13 07:14 - 2013-08-13 07:14 - 02365840 _____ C:\Users\Dogan\Downloads\SecurityTaskManager_Setup.exe
2013-08-13 07:14 - 2013-08-13 07:14 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2013-08-13 07:07 - 2013-08-13 07:07 - 00000000 ____D C:\Users\Dogan\Downloads\backups
2013-08-13 07:07 - 2013-08-13 07:01 - 00015833 _____ C:\Users\Dogan\Downloads\hijackthis.log
2013-08-13 07:01 - 2013-08-13 07:01 - 00015922 _____ C:\Users\Dogan\Desktop\hijackthis.log
2013-08-13 06:59 - 2013-08-13 06:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dogan\Downloads\HiJackThis204 (1).exe
2013-08-13 06:59 - 2013-05-26 12:13 - 00000000 ____D C:\Users\Dogan\AppData\Local\VirtualStore
2013-08-13 06:57 - 2013-08-13 06:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dogan\Downloads\HiJackThis204.exe
2013-08-13 06:53 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-08-11 06:10 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-08-05 22:03 - 2013-05-28 15:22 - 00000000 ____D C:\Users\Dogan\AppData\Local\Deployment
2013-08-05 21:49 - 2013-08-05 20:02 - 00000000 ____D C:\Windows\AutoKMS
2013-08-05 21:48 - 2013-08-03 02:00 - 00454064 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-05 21:43 - 2012-09-01 22:34 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Windows\PCHEALTH
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-08-05 21:42 - 2012-09-26 15:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-08-05 21:40 - 2013-08-05 21:40 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-08-05 21:40 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-05 21:39 - 2013-08-05 21:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-08-05 21:38 - 2013-08-05 21:38 - 00000000 ____D C:\Users\Dogan\AppData\Local\Microsoft Help
2013-08-05 21:38 - 2013-08-05 21:38 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-05 21:38 - 2013-08-05 21:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-08-05 21:38 - 2012-07-26 09:52 - 00000000 ____D C:\Windows\ShellNew
2013-08-05 21:38 - 2012-07-26 07:26 - 00000199 _____ C:\Windows\win.ini
2013-08-05 21:37 - 2013-08-05 21:37 - 00000000 ___RD C:\MSOCache
2013-08-05 21:37 - 2013-08-05 21:36 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\DAEMON Tools Lite
2013-08-05 21:37 - 2013-08-05 21:35 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-08-05 21:36 - 2013-08-05 21:36 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-08-05 21:36 - 2013-08-05 21:36 - 00001958 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-08-05 21:36 - 2013-08-05 21:36 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-08-05 20:30 - 2013-06-10 16:04 - 00000000 ___HD C:\Users\Dogan\Downloads\.picasaoriginals
2013-08-05 20:25 - 2013-08-05 20:09 - 820998144 _____ C:\Users\Dogan\Downloads\OfficeProfessionalPlus_x64_de-de.img
2013-08-05 20:02 - 2012-07-26 09:21 - 00032484 _____ C:\Windows\setupact.log
2013-08-04 21:09 - 2013-08-04 21:09 - 00000000 ____D C:\Users\Dogan\Neuer Ordner (2)
2013-08-04 21:09 - 2013-08-04 21:09 - 00000000 ____D C:\Users\Dogan\Neuer Ordner
2013-08-03 02:06 - 2013-05-26 12:12 - 00000000 ____D C:\Users\Dogan\AppData\Local\Packages
2013-08-03 01:58 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing
2013-07-31 00:28 - 2013-05-29 16:12 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-28 23:56 - 2013-05-29 10:03 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-24 23:22 - 2013-07-24 23:22 - 00955256 _____ C:\Users\Dogan\Downloads\[ Kein Betreff ].eml
2013-07-20 01:36 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-20 01:35 - 2013-05-26 12:18 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Spotify
2013-07-16 00:22 - 2013-05-29 16:11 - 00004092 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 00:22 - 2013-05-29 16:11 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-11 22:01
==================== End Of Log ============================
--- --- --- |
|
15.08.2013, 21:55
| #7 |
| /// the machine /// TB-Ausbilder | Virus - DKB Konto ausgespäht - Entrusted ToolbarESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.08.2013, 08:41
| #8 |
| | Virus - DKB Konto ausgespäht - Entrusted ToolbarCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e0c5d923c522b646afc06ef2b7875e98
# engine=14788
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-16 07:23:39
# local_time=2013-08-16 09:23:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=1799 16775166 100 94 0 44737 37518 0
# compatibility_mode=5893 16776574 100 94 6962681 36143930 0 0
# scanned=295253
# found=0
# cleaned=0
# scan_time=11989
Code:
ATTFilter Results of screen317's Security Check version 0.99.72 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Adobe Reader XI Google Chrome 28.0.1500.72 Google Chrome 28.0.1500.95 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013 01
Ran by Dogan (administrator) on 16-08-2013 09:34:29
Running from C:\Users\Dogan\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Facebook Inc.) C:\Users\Dogan\AppData\Local\Facebook\Update\FacebookUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-31] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] - "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe" [x]
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2864528 2012-08-20] (ELAN Microelectronics Corp.)
HKCU\...\Run: [Spotify Web Helper] - C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2012-09-26] ()
HKCU\...\Run: [Facebook Update] - C:\Users\Dogan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-24] (Facebook Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [527864 2012-12-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-15] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-08-21] (Acer Incorporated)
HKU\Default User\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-08-21] (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {4C6FA4B0-59D7-444A-A008-F5C32E0E4335} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {4C6FA4B0-59D7-444A-A008-F5C32E0E4335} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {4C6FA4B0-59D7-444A-A008-F5C32E0E4335} URL =
SearchScopes: HKCU - {4C6FA4B0-59D7-444A-A008-F5C32E0E4335} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TopArcadeHits Games - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\Dogan\AppData\Local\TopArcadeHits\Toparcadehits.dll No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Dogan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: No Name - C:\Users\Dogan\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\126.xpi
Chrome:
=======
CHR DefaultSearchURL: (Delta Search) - hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=928A689423302C16&affID=119351&tt=110813_YTB&tsp=4974
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Dogan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [epojlgbehpaeekopencdagbdamnkppci] - C:\Program Files (x86)\LyriXeeker\126.crx
==================== Services (Whitelisted) =================
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [811064 2013-08-15] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated)
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-26] (Dritek System INC.)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130016 2013-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-08-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [83672 2013-08-15] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [104960 2012-07-07] (ASIX Electronics Corp.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-08-05] (DT Soft Ltd)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-21] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-26] (Dritek System Inc.)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [50128 2012-12-10] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-16 05:53 - 2013-08-16 05:54 - 02347384 _____ (ESET) C:\Users\Dogan\Downloads\esetsmartinstaller_enu.exe
2013-08-15 21:21 - 2013-08-15 21:21 - 00043989 _____ C:\Users\Dogan\Downloads\FRST2.txt
2013-08-15 21:18 - 2013-08-15 21:18 - 00001795 _____ C:\Users\Dogan\Desktop\JRT.txt
2013-08-15 21:14 - 2013-08-15 21:14 - 00000000 ____D C:\Windows\ERUNT
2013-08-15 21:11 - 2013-08-15 21:11 - 01159319 _____ (Thisisu) C:\Users\Dogan\Downloads\JRT.exe
2013-08-15 21:03 - 2013-08-15 21:03 - 00004663 _____ C:\AdwCleaner[S1].txt
2013-08-15 21:03 - 2013-08-15 21:03 - 00000172 _____ C:\Windows\DeleteOnReboot.bat
2013-08-15 21:01 - 2013-08-15 21:01 - 00666633 _____ C:\Users\Dogan\Downloads\adwcleaner.exe
2013-08-15 20:52 - 2013-08-15 21:06 - 00001096 _____ C:\Windows\SysWOW64\bufferpool.txt
2013-08-15 20:34 - 2013-08-15 20:34 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Malwarebytes
2013-08-15 20:33 - 2013-08-15 20:33 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-15 20:33 - 2013-08-15 20:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-15 20:33 - 2013-08-15 20:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-15 20:33 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-15 20:32 - 2013-08-15 20:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Dogan\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-15 11:18 - 2013-08-15 11:18 - 00034007 _____ C:\ComboFix.txt
2013-08-15 11:04 - 2013-08-15 11:04 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-08-15 10:45 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-15 10:45 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-15 10:45 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-15 10:45 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-15 10:45 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-15 10:45 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-08-15 10:45 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-15 10:45 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-15 10:45 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-15 10:28 - 2013-08-15 11:19 - 00000000 ____D C:\Qoobox
2013-08-15 10:27 - 2013-08-15 11:15 - 00000000 ____D C:\Windows\erdnt
2013-08-15 10:27 - 2013-08-15 10:27 - 05104931 _____ (Swearware) C:\Users\Dogan\Downloads\ComboFix (2).exe
2013-08-15 10:25 - 2013-08-15 10:26 - 05104931 _____ (Swearware) C:\Users\Dogan\Downloads\ComboFix (1).exe
2013-08-15 10:25 - 2013-08-15 10:25 - 05104931 ____R (Swearware) C:\Users\Dogan\Downloads\ComboFix.exe
2013-08-15 03:15 - 2013-08-15 03:15 - 00000053 _____ C:\Users\Dogan\AppData\Roaming\WB.CFG
2013-08-15 02:58 - 2013-08-15 02:58 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Avira
2013-08-15 02:53 - 2013-08-15 02:53 - 00002074 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-15 02:53 - 2013-08-15 02:53 - 00000000 ____D C:\ProgramData\Avira
2013-08-15 02:53 - 2013-08-15 02:53 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-15 02:53 - 2013-08-15 02:52 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-15 02:53 - 2013-08-15 02:52 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-15 02:53 - 2013-08-15 02:52 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-15 02:53 - 2013-08-15 02:52 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-14 23:01 - 2013-08-14 23:01 - 00016848 _____ C:\Users\Dogan\Downloads\Gmer..log
2013-08-14 22:58 - 2013-08-14 22:58 - 00377856 _____ C:\Users\Dogan\Downloads\gmer_2.1.19163.exe
2013-08-14 22:51 - 2013-08-14 22:51 - 00027884 _____ C:\Users\Dogan\Downloads\Addition.txt
2013-08-14 22:50 - 2013-08-16 09:31 - 00000000 ____D C:\Users\Dogan\Desktop\Virus
2013-08-14 22:50 - 2013-08-14 22:50 - 00000000 ____D C:\FRST
2013-08-14 22:49 - 2013-08-14 22:49 - 01575570 _____ (Farbar) C:\Users\Dogan\Downloads\FRST64.exe
2013-08-14 22:49 - 2013-08-14 22:49 - 00000542 _____ C:\Users\Dogan\Downloads\defogger_disable.log
2013-08-14 22:49 - 2013-08-14 22:49 - 00000168 _____ C:\Users\Dogan\defogger_reenable
2013-08-14 22:48 - 2013-08-14 22:48 - 00050477 _____ C:\Users\Dogan\Downloads\Defogger.exe
2013-08-14 20:16 - 2013-08-15 11:34 - 00000000 ____D C:\ProgramData\Yahoo!
2013-08-14 20:16 - 2013-08-15 11:34 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-08-14 20:16 - 2013-08-15 02:54 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Mozilla
2013-08-14 20:16 - 2013-08-14 20:16 - 00003382 _____ C:\Windows\System32\Tasks\EPUpdater
2013-08-14 20:16 - 2013-08-14 20:16 - 00003112 _____ C:\Windows\System32\Tasks\TopArcadeHits
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Yahoo!
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-08-14 20:15 - 2013-08-14 20:15 - 00714352 _____ C:\Users\Dogan\Downloads\ZipOpenerSetup.exe
2013-08-14 19:40 - 2013-08-14 19:41 - 02092792 _____ C:\Users\Dogan\Downloads\avira_free_antivirus.exe
2013-08-13 07:16 - 2013-08-13 07:20 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-08-13 07:14 - 2013-08-13 07:14 - 02365840 _____ C:\Users\Dogan\Downloads\SecurityTaskManager_Setup.exe
2013-08-13 07:14 - 2013-08-13 07:14 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2013-08-13 07:07 - 2013-08-13 07:07 - 00000000 ____D C:\Users\Dogan\Downloads\backups
2013-08-13 07:01 - 2013-08-13 07:07 - 00015833 _____ C:\Users\Dogan\Downloads\hijackthis.log
2013-08-13 07:01 - 2013-08-13 07:01 - 00015922 _____ C:\Users\Dogan\Desktop\hijackthis.log
2013-08-13 06:59 - 2013-08-13 06:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dogan\Downloads\HiJackThis204 (1).exe
2013-08-13 06:57 - 2013-08-13 06:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dogan\Downloads\HiJackThis204.exe
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Windows\PCHEALTH
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-08-05 21:40 - 2013-08-05 21:40 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-08-05 21:39 - 2013-08-05 21:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-08-05 21:38 - 2013-08-14 20:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-05 21:38 - 2013-08-05 21:38 - 00000000 ____D C:\Users\Dogan\AppData\Local\Microsoft Help
2013-08-05 21:38 - 2013-08-05 21:38 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-05 21:38 - 2013-08-05 21:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-08-05 21:37 - 2013-08-05 21:37 - 00000000 ___RD C:\MSOCache
2013-08-05 21:36 - 2013-08-05 21:37 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\DAEMON Tools Lite
2013-08-05 21:36 - 2013-08-05 21:36 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-08-05 21:36 - 2013-08-05 21:36 - 00001958 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-08-05 21:36 - 2013-08-05 21:36 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-08-05 21:35 - 2013-08-05 21:37 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-08-05 20:09 - 2013-08-05 20:25 - 820998144 _____ C:\Users\Dogan\Downloads\OfficeProfessionalPlus_x64_de-de.img
2013-08-05 20:02 - 2013-08-15 21:08 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2013-08-05 20:02 - 2013-08-15 21:08 - 00000286 _____ C:\Windows\Tasks\AutoKMS.job
2013-08-05 20:02 - 2013-08-05 21:49 - 00000000 ____D C:\Windows\AutoKMS
2013-08-04 21:09 - 2013-08-04 21:09 - 00000000 ____D C:\Users\Dogan\Neuer Ordner (2)
2013-08-04 21:09 - 2013-08-04 21:09 - 00000000 ____D C:\Users\Dogan\Neuer Ordner
2013-08-04 16:42 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-08-04 16:42 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-08-04 16:42 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-08-04 16:42 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-04 16:42 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-08-04 16:42 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-08-04 16:42 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-04 16:42 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-08-04 16:42 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-08-04 16:42 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-08-04 16:42 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-08-04 16:42 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2013-08-04 16:42 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-08-04 16:42 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-08-04 16:42 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-08-04 16:42 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-08-04 16:42 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-04 16:42 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-04 16:42 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2013-08-04 16:42 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2013-08-04 16:42 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-08-04 16:42 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2013-08-04 16:42 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2013-08-04 16:42 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2013-08-04 16:42 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2013-08-04 16:42 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2013-08-04 16:42 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-08-04 16:42 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2013-08-04 16:42 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2013-08-04 16:42 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-08-04 16:42 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-08-04 16:42 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-08-04 16:42 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-08-04 16:42 - 2013-05-20 02:08 - 00386642 _____ C:\Windows\system32\ApnDatabase.xml
2013-08-04 16:41 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-08-03 02:00 - 2013-08-05 21:48 - 00454064 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-24 23:22 - 2013-07-24 23:22 - 00955256 _____ C:\Users\Dogan\Downloads\[ Kein Betreff ].eml
==================== One Month Modified Files and Folders =======
2013-08-16 09:31 - 2013-08-14 22:50 - 00000000 ____D C:\Users\Dogan\Desktop\Virus
2013-08-16 09:30 - 2013-08-16 09:30 - 00891115 _____ C:\Users\Dogan\Downloads\SecurityCheck.exe
2013-08-16 09:29 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2013-08-16 09:27 - 2013-05-29 16:11 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-16 09:24 - 2013-05-26 12:12 - 01172158 _____ C:\Windows\WindowsUpdate.log
2013-08-16 09:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-08-16 05:54 - 2013-08-16 05:53 - 02347384 _____ (ESET) C:\Users\Dogan\Downloads\esetsmartinstaller_enu.exe
2013-08-15 22:01 - 2013-05-29 09:33 - 00219648 ___SH C:\Users\Dogan\Desktop\Thumbs.db
2013-08-15 21:57 - 2013-06-10 16:24 - 00435200 ___SH C:\Users\Dogan\Downloads\Thumbs.db
2013-08-15 21:21 - 2013-08-15 21:21 - 00043989 _____ C:\Users\Dogan\Downloads\FRST2.txt
2013-08-15 21:18 - 2013-08-15 21:18 - 00001795 _____ C:\Users\Dogan\Desktop\JRT.txt
2013-08-15 21:14 - 2013-08-15 21:14 - 00000000 ____D C:\Windows\ERUNT
2013-08-15 21:11 - 2013-08-15 21:11 - 01159319 _____ (Thisisu) C:\Users\Dogan\Downloads\JRT.exe
2013-08-15 21:08 - 2013-08-05 20:02 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2013-08-15 21:08 - 2013-08-05 20:02 - 00000286 _____ C:\Windows\Tasks\AutoKMS.job
2013-08-15 21:08 - 2013-05-29 16:11 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-15 21:07 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-15 21:06 - 2013-08-15 20:52 - 00001096 _____ C:\Windows\SysWOW64\bufferpool.txt
2013-08-15 21:03 - 2013-08-15 21:03 - 00004663 _____ C:\AdwCleaner[S1].txt
2013-08-15 21:03 - 2013-08-15 21:03 - 00000172 _____ C:\Windows\DeleteOnReboot.bat
2013-08-15 21:01 - 2013-08-15 21:01 - 00666633 _____ C:\Users\Dogan\Downloads\adwcleaner.exe
2013-08-15 20:59 - 2012-09-27 00:28 - 00753134 _____ C:\Windows\system32\perfh007.dat
2013-08-15 20:59 - 2012-09-27 00:28 - 00155826 _____ C:\Windows\system32\perfc007.dat
2013-08-15 20:59 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-15 20:52 - 2012-08-03 19:14 - 00043436 _____ C:\Windows\PFRO.log
2013-08-15 20:52 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-08-15 20:34 - 2013-08-15 20:34 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Malwarebytes
2013-08-15 20:33 - 2013-08-15 20:33 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-15 20:33 - 2013-08-15 20:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-15 20:33 - 2013-08-15 20:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-15 20:32 - 2013-08-15 20:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Dogan\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-15 11:34 - 2013-08-14 20:16 - 00000000 ____D C:\ProgramData\Yahoo!
2013-08-15 11:34 - 2013-08-14 20:16 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-08-15 11:19 - 2013-08-15 10:28 - 00000000 ____D C:\Qoobox
2013-08-15 11:19 - 2012-07-26 07:37 - 00000000 __RHD C:\Users\Default
2013-08-15 11:18 - 2013-08-15 11:18 - 00034007 _____ C:\ComboFix.txt
2013-08-15 11:15 - 2013-08-15 10:27 - 00000000 ____D C:\Windows\erdnt
2013-08-15 11:07 - 2012-07-26 07:26 - 00000215 _____ C:\Windows\system.ini
2013-08-15 11:05 - 2012-07-26 07:26 - 81264640 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-08-15 11:05 - 2012-07-26 07:26 - 14155776 _____ C:\Windows\system32\config\SYSTEM.bak
2013-08-15 11:05 - 2012-07-26 07:26 - 00786432 _____ C:\Windows\system32\config\DEFAULT.bak
2013-08-15 11:05 - 2012-07-26 07:26 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-08-15 11:05 - 2012-07-26 07:26 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-08-15 11:04 - 2013-08-15 11:04 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-08-15 10:58 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-15 10:27 - 2013-08-15 10:27 - 05104931 _____ (Swearware) C:\Users\Dogan\Downloads\ComboFix (2).exe
2013-08-15 10:26 - 2013-08-15 10:25 - 05104931 _____ (Swearware) C:\Users\Dogan\Downloads\ComboFix (1).exe
2013-08-15 10:25 - 2013-08-15 10:25 - 05104931 ____R (Swearware) C:\Users\Dogan\Downloads\ComboFix.exe
2013-08-15 03:15 - 2013-08-15 03:15 - 00000053 _____ C:\Users\Dogan\AppData\Roaming\WB.CFG
2013-08-15 02:58 - 2013-08-15 02:58 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Avira
2013-08-15 02:54 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Mozilla
2013-08-15 02:54 - 2013-05-29 14:53 - 00000000 ____D C:\Users\Dogan\AppData\Local\CrashDumps
2013-08-15 02:53 - 2013-08-15 02:53 - 00002074 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-15 02:53 - 2013-08-15 02:53 - 00000000 ____D C:\ProgramData\Avira
2013-08-15 02:53 - 2013-08-15 02:53 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-15 02:52 - 2013-08-15 02:53 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-15 02:52 - 2013-08-15 02:53 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-15 02:52 - 2013-08-15 02:53 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-15 02:52 - 2013-08-15 02:53 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-15 02:51 - 2013-05-26 12:21 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4039273427-3422687684-3539813997-1001
2013-08-15 02:42 - 2013-05-26 15:18 - 00000000 ____D C:\Users\Dogan\Documents\Bluetooth Folder
2013-08-14 23:02 - 2013-06-10 16:26 - 00000000 ___HD C:\Users\Dogan\Desktop\.picasaoriginals
2013-08-14 23:01 - 2013-08-14 23:01 - 00016848 _____ C:\Users\Dogan\Downloads\Gmer..log
2013-08-14 22:58 - 2013-08-14 22:58 - 00377856 _____ C:\Users\Dogan\Downloads\gmer_2.1.19163.exe
2013-08-14 22:55 - 2013-05-29 16:11 - 00000000 ____D C:\Program Files\Google
2013-08-14 22:55 - 2013-05-29 16:11 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-14 22:55 - 2012-09-01 22:32 - 00000000 ____D C:\ProgramData\McAfee
2013-08-14 22:51 - 2013-08-14 22:51 - 00027884 _____ C:\Users\Dogan\Downloads\Addition.txt
2013-08-14 22:50 - 2013-08-14 22:50 - 00000000 ____D C:\FRST
2013-08-14 22:49 - 2013-08-14 22:49 - 01575570 _____ (Farbar) C:\Users\Dogan\Downloads\FRST64.exe
2013-08-14 22:49 - 2013-08-14 22:49 - 00000542 _____ C:\Users\Dogan\Downloads\defogger_disable.log
2013-08-14 22:49 - 2013-08-14 22:49 - 00000168 _____ C:\Users\Dogan\defogger_reenable
2013-08-14 22:49 - 2013-05-26 12:12 - 00000000 ____D C:\Users\Dogan
2013-08-14 22:48 - 2013-08-14 22:48 - 00050477 _____ C:\Users\Dogan\Downloads\Defogger.exe
2013-08-14 20:16 - 2013-08-14 20:16 - 00003382 _____ C:\Windows\System32\Tasks\EPUpdater
2013-08-14 20:16 - 2013-08-14 20:16 - 00003112 _____ C:\Windows\System32\Tasks\TopArcadeHits
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Yahoo!
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-14 20:16 - 2013-08-14 20:16 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-08-14 20:15 - 2013-08-14 20:15 - 00714352 _____ C:\Users\Dogan\Downloads\ZipOpenerSetup.exe
2013-08-14 20:09 - 2012-07-26 10:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-08-14 20:06 - 2013-05-29 16:11 - 00000000 ____D C:\Users\Dogan\AppData\Local\Google
2013-08-14 20:01 - 2013-08-05 21:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 19:58 - 2013-05-28 15:19 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-08-14 19:41 - 2013-08-14 19:40 - 02092792 _____ C:\Users\Dogan\Downloads\avira_free_antivirus.exe
2013-08-13 07:20 - 2013-08-13 07:16 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-08-13 07:14 - 2013-08-13 07:14 - 02365840 _____ C:\Users\Dogan\Downloads\SecurityTaskManager_Setup.exe
2013-08-13 07:14 - 2013-08-13 07:14 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2013-08-13 07:07 - 2013-08-13 07:07 - 00000000 ____D C:\Users\Dogan\Downloads\backups
2013-08-13 07:07 - 2013-08-13 07:01 - 00015833 _____ C:\Users\Dogan\Downloads\hijackthis.log
2013-08-13 07:01 - 2013-08-13 07:01 - 00015922 _____ C:\Users\Dogan\Desktop\hijackthis.log
2013-08-13 06:59 - 2013-08-13 06:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dogan\Downloads\HiJackThis204 (1).exe
2013-08-13 06:59 - 2013-05-26 12:13 - 00000000 ____D C:\Users\Dogan\AppData\Local\VirtualStore
2013-08-13 06:57 - 2013-08-13 06:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dogan\Downloads\HiJackThis204.exe
2013-08-13 06:53 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-08-11 06:10 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-08-05 22:03 - 2013-05-28 15:22 - 00000000 ____D C:\Users\Dogan\AppData\Local\Deployment
2013-08-05 21:49 - 2013-08-05 20:02 - 00000000 ____D C:\Windows\AutoKMS
2013-08-05 21:48 - 2013-08-03 02:00 - 00454064 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-05 21:43 - 2012-09-01 22:34 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Windows\PCHEALTH
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-08-05 21:42 - 2013-08-05 21:42 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-08-05 21:42 - 2012-09-26 15:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-08-05 21:40 - 2013-08-05 21:40 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-08-05 21:40 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-05 21:39 - 2013-08-05 21:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-08-05 21:38 - 2013-08-05 21:38 - 00000000 ____D C:\Users\Dogan\AppData\Local\Microsoft Help
2013-08-05 21:38 - 2013-08-05 21:38 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-05 21:38 - 2013-08-05 21:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-08-05 21:38 - 2012-07-26 09:52 - 00000000 ____D C:\Windows\ShellNew
2013-08-05 21:38 - 2012-07-26 07:26 - 00000199 _____ C:\Windows\win.ini
2013-08-05 21:37 - 2013-08-05 21:37 - 00000000 ___RD C:\MSOCache
2013-08-05 21:37 - 2013-08-05 21:36 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\DAEMON Tools Lite
2013-08-05 21:37 - 2013-08-05 21:35 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-08-05 21:36 - 2013-08-05 21:36 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-08-05 21:36 - 2013-08-05 21:36 - 00001958 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-08-05 21:36 - 2013-08-05 21:36 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-08-05 20:30 - 2013-06-10 16:04 - 00000000 ___HD C:\Users\Dogan\Downloads\.picasaoriginals
2013-08-05 20:25 - 2013-08-05 20:09 - 820998144 _____ C:\Users\Dogan\Downloads\OfficeProfessionalPlus_x64_de-de.img
2013-08-05 20:02 - 2012-07-26 09:21 - 00032484 _____ C:\Windows\setupact.log
2013-08-04 21:09 - 2013-08-04 21:09 - 00000000 ____D C:\Users\Dogan\Neuer Ordner (2)
2013-08-04 21:09 - 2013-08-04 21:09 - 00000000 ____D C:\Users\Dogan\Neuer Ordner
2013-08-03 02:06 - 2013-05-26 12:12 - 00000000 ____D C:\Users\Dogan\AppData\Local\Packages
2013-08-03 01:58 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing
2013-07-31 00:28 - 2013-05-29 16:12 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-28 23:56 - 2013-05-29 10:03 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-24 23:22 - 2013-07-24 23:22 - 00955256 _____ C:\Users\Dogan\Downloads\[ Kein Betreff ].eml
2013-07-20 01:36 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-20 01:35 - 2013-05-26 12:18 - 00000000 ____D C:\Users\Dogan\AppData\Roaming\Spotify
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-11 22:01
==================== End Of Log ============================
--- --- --- Die Entrusted Toolbar ist weg und allgemein ist nicht mehr allzu viel zu spüren vom Virus, sonst hatten sich immer plötzlich Seiten geöffnet. Heisst das, ich darf wieder ins online banking? Und wie soll ich jetzt am besten vorgehen wenn ich das online banking nutzen will? ich habe avira antivir freeware, kein geld für eine teure virensoftware. sonst irgendwelche tipps? konntet ihr anhand der log dateien herausfinden, woran es gelegen hat? Leute auf jeden fall tausend dank, dass was ihr für mich getan habt ist mit geld gar nicht wieder gut zu machen, ihr habt mir den arsch gerettet! Danke leute!!!! |
|
16.08.2013, 09:00
| #9 |
| /// the machine /// TB-Ausbilder | Virus - DKB Konto ausgespäht - Entrusted Toolbar Nimm lieber Avast  Lesestoff:Warum wir Avira nicht mehr empfehlen Avira liefert seit einiger Zeit mit der Standardinstallation die Ask Toolbar mit aus. Diese Toolbar ist Voraussetzung dafür, dass der Webguard zuverlässig funktioniert. Die Ask Toolbar ist dafür bekannt, dass sie das Surfverhalten des Benutzers ausspioniert, um damit in letzter Konsequenz Geld zu verdienen. Daher wird von uns auf diesem Board als "schädlich" eingestuft. Mehr Informationen. Eine Sicherheitsfirma, die dem Benutzer praktisch ungefragt schädliche Software "unterjubelt", scheidet für uns daher aus. Wir empfehlen daher allen Nutzern von Avira aufgrund dieser Geschäftspraktik, der teilweise äußerst schlechten Erkennungsrate und der überaus nervtötenden Werbung Avira zu deinstallieren und auf ein alternatives Produkt auszuweichen. Solltest du dich zu einem Wechsel entscheiden, empfehlen wir dir nach der Deinstallation mit dem Avira-Cleaner alle Reste zu entfernen. alle Passwörter und Zugänge ändern, Online Banking nur mit ChipTan oder höher. Woher das kam ist nicht nachzuvollziehen. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Virus - DKB Konto ausgespäht - Entrusted Toolbar |
| adware.gamevance, asus, ausgespäht, browser, checken, dkb konto ausgespäht, dorcas peterson, formatieren, internet, kreditkarte, laptop, logfiles, problem, prozessor, pup.optional.babsolution.a, pup.optional.babylon.a, pup.optional.browserdefender.a, pup.optional.conduit.a, pup.optional.lyrixeeker, pup.optional.opencandy, pup.optional.startpage, rechner |
Linear-Darstellung
