| |
| |||||||
Log-Analyse und Auswertung: Admin Profil nicht mehr da - Widgi ToolbarWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.08.2013, 17:53
| #1 |
 |  Admin Profil nicht mehr da - Widgi Toolbar Hallo liebe Trojaner-Board-Fachleute, als ich kürzlich das Admin Profil öffnen wollte, war dieses nicht mehr zugänglich. Stattdessen erschien ein temporäres Profil. Ich habe ein neues Admin-profil erstellt und Malwarebytes laufen lassen. Das fand folgende Malware: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.14.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Admin neu :: SCHORSCH [Administrator] 14.08.2013 13:13:46 mbam-log-2013-08-14 (13-13-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 554914 Laufzeit: 1 Stunde(n), 26 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 46 HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\IminentWebBooster.ActiveContentHandle.1 (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\IminentWebBooster.ActiveContentHandler (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\IminentWebBooster.BrowserHelperObject.1 (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\IminentWebBooster.BrowserHelperObject (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.ClientCallback (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.ContractBase (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.GameOverCallback (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.GetCreditCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.GetVariableCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.GetVariableResult (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.InstallationContextResult (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.LoadContentCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.LoginCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.LogoutCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.MyAccountCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.PlayContentCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.PostContentCallback (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.SetVariableCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.TestContentCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.WarmUpCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.WelcomeCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.ServerCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.ServerResult (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.LightContent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.LightUri (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.MediatorServiceProxy (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 10 C:\ProgramData\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas\Cache (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter_2\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter_2\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ruth\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ruth\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 10 C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter\Downloads\agsetup183se.exe (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com\1031.11575f00-7bdc-4181-ba0a-b298aeab228c.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter_2\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter_2\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ruth\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ruth\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter --- Search result list ---
Widgi.Toolbar: [SBI $21855786] User settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Widgi.Toolbar: [SBI $21855786] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Widgi.Toolbar: [SBI $BA954ED7] User settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Widgi.Toolbar: [SBI $BA954ED7] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Kann mir jemand sagen, wie ich diese Einträge los bekomme? Die Systemscans laut Euren Anweisungen als Anlage gezippt. Schon mal vielen Dank für Eure Hilfe!  |
|
16.08.2013, 19:09
| #2 |
| /// the machine /// TB-Ausbilder    | Admin Profil nicht mehr da - Widgi Toolbar Hi,
__________________Die anderen logs bitte ebenso in den thread posten.
__________________ |
|
16.08.2013, 20:35
| #3 |
| | Admin Profil nicht mehr da - Widgi Toolbar Hallo schrauber, lt. Mitteilung waren die Log-Dateien zu groß, deshalb als ZIP-Anhang.
__________________Ich versuch die Dateien nochmal einzubinden: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-16 17:19:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000060 WDC_WD64 rev.01.0 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ADMINN~1\AppData\Local\Temp\pxlcypog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff800031eb000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591 fffff800031eb02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[1284] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[1284] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[1284] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c71465 2 bytes [C7, 74]
.text C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c714bb 2 bytes [C7, 74]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Windows\system32\svchost.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Windows\system32\svchost.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Windows\system32\svchost.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Windows\System32\spoolsv.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Windows\system32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1752] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1808] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1808] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1808] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files (x86)\Acer\Registration\GregHSRW.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\Acer\Registration\GregHSRW.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\Acer\Registration\GregHSRW.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Windows\SysWOW64\svchost.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Windows\SysWOW64\svchost.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Windows\SysWOW64\svchost.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe[1088] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe[1088] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe[1088] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c71465 2 bytes [C7, 74]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c714bb 2 bytes [C7, 74]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c71465 2 bytes [C7, 74]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c714bb 2 bytes [C7, 74]
.text ... * 2
.text C:\Windows\system32\svchost.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Windows\system32\svchost.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Windows\system32\svchost.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Windows\system32\svchost.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Windows\system32\svchost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Windows\system32\svchost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Windows\system32\svchost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2432] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2432] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2432] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c71465 2 bytes [C7, 74]
.text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe[2532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c714bb 2 bytes [C7, 74]
.text ... * 2
.text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[3232] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Windows\system32\svchost.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Windows\system32\svchost.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Windows\system32\svchost.exe[3644] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\WUDFHost.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Windows\System32\WUDFHost.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Windows\System32\WUDFHost.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Windows\System32\WUDFHost.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c71465 2 bytes [C7, 74]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c714bb 2 bytes [C7, 74]
.text ... * 2
.text C:\Windows\system32\SearchIndexer.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Windows\system32\SearchIndexer.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Windows\system32\SearchIndexer.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Windows\system32\SearchIndexer.exe[5516] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Windows\System32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Windows\System32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Windows\System32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\winlogon.exe[13164] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Windows\system32\winlogon.exe[13164] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Windows\system32\winlogon.exe[13164] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Windows\system32\winlogon.exe[13164] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\atieclxx.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Windows\system32\atieclxx.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Windows\system32\atieclxx.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Windows\system32\atieclxx.exe[6840] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\taskhost.exe[12932] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Windows\system32\taskhost.exe[12932] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Windows\system32\taskhost.exe[12932] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Windows\system32\taskhost.exe[12932] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\Dwm.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Windows\system32\Dwm.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Windows\system32\Dwm.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Windows\system32\Dwm.exe[6264] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Windows\Explorer.EXE[13628] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Windows\Explorer.EXE[13628] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Windows\Explorer.EXE[13628] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Windows\Explorer.EXE[13628] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[13444] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[13444] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[13444] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[13444] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[12228] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[12228] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[12228] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[12228] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Windows Sidebar\sidebar.exe[11616] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Program Files\Windows Sidebar\sidebar.exe[11616] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Program Files\Windows Sidebar\sidebar.exe[11616] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Program Files\Windows Sidebar\sidebar.exe[11616] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[11280] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[11280] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[11280] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[11280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c71465 2 bytes [C7, 74]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[11280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c714bb 2 bytes [C7, 74]
.text ... * 2
.text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[13064] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[13064] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[13064] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[13064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c71465 2 bytes [C7, 74]
.text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[13064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c714bb 2 bytes [C7, 74]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[14380] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[14380] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[14380] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[14380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c71465 2 bytes [C7, 74]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[14380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c714bb 2 bytes [C7, 74]
.text ... * 2
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[13988] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[13988] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[13988] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[13988] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe[7992] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe[7992] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe[7992] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe[7992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c71465 2 bytes [C7, 74]
.text C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe[7992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c714bb 2 bytes [C7, 74]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[14400] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[14400] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[14400] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[14400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c71465 2 bytes [C7, 74]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[14400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c714bb 2 bytes [C7, 74]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[11488] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[11488] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[11488] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe[14384] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe[14384] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe[14384] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe[14384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c71465 2 bytes [C7, 74]
.text C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe[14384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c714bb 2 bytes [C7, 74]
.text ... * 2
.text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[14040] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[14040] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[14040] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[14040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c71465 2 bytes [C7, 74]
.text C:\Program Files (x86)\avmwlanstick\WLanGUI.exe[14040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c714bb 2 bytes [C7, 74]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3840] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3840] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3840] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[13252] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[13252] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[13252] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Windows\splwow64.exe[12920] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Windows\splwow64.exe[12920] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Windows\splwow64.exe[12920] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Windows\splwow64.exe[12920] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[12736] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[12736] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[12736] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[12736] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\wbem\wmiprvse.exe[12984] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000076e70010
.text C:\Windows\system32\wbem\wmiprvse.exe[12984] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000076e70028
.text C:\Windows\system32\wbem\wmiprvse.exe[12984] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 1 byte JMP 0000000076e70040
.text C:\Windows\system32\wbem\wmiprvse.exe[12984] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d117b2 3 bytes {JMP 0x15e890}
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[12576] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[12576] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[12576] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[12576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c71465 2 bytes [C7, 74]
.text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[12576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c714bb 2 bytes [C7, 74]
.text ... * 2
.text C:\Users\Peter_2\Desktop\gmer_2.1.19163.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 000000017463f6f0
.text C:\Users\Peter_2\Desktop\gmer_2.1.19163.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 000000017463f830
.text C:\Users\Peter_2\Desktop\gmer_2.1.19163.exe[5176] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 000000017463f750
.text C:\Users\Peter_2\Desktop\gmer_2.1.19163.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c71465 2 bytes [C7, 74]
.text C:\Users\Peter_2\Desktop\gmer_2.1.19163.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c714bb 2 bytes [C7, 74]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [1056:1820] 000007fef8f893d0
Thread C:\Windows\System32\svchost.exe [1056:1876] 000007fefe2ea808
Thread C:\Windows\system32\svchost.exe [2376:4196] 000007fef7b244e0
Thread C:\Windows\system32\Dwm.exe [6264:13808] 000007fef8f893d0
Thread C:\Windows\system32\Dwm.exe [6264:11000] 000007fef30df0d8
Thread C:\Windows\system32\Dwm.exe [6264:5804] 000007fef93fabf0
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2013 01
Ran by Peter_2 (ATTENTION: The logged in user is not administrator) on 16-08-2013 17:01:57
Running from C:\Users\Peter_2\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKCU\...\Run: [Google Update] - C:\Users\Peter_2\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-03-15] (Google Inc.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-15] (SUPERAntiSpyware)
MountPoints2: {901e873c-614b-11e0-963e-001f16fb9380} - J:\pushinst.exe
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: C:\Users\Peter_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Peter_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute:
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog9 01 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 02 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 03 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 04 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 05 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 06 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 17 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 18 %SYSTEMROOT%\system32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 05 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 06 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 17 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 18 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Peter_2\AppData\Roaming\Mozilla\Firefox\Profiles\nbsb8qcq.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "autoconfig_url", "file:///C:/Users/Peter_2/AppData/Local/RapidSolution/Videoraptor/WebRip/profile/rrproxy_ffox_4d654c90.pac"
FF NetworkProxy: "no_proxies_on", ""
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\Peter_2\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Peter_2\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Peter_2\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\Peter_2\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\Peter_2\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] C:\Program Files (x86)\AVG\AVG2012\Thunderbird\
Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR RestoreOnStartup: "hxxp://www.google.de/"]},"sync_promo":{"startup_count":1,"user_skipped":true,"view_count":1},"tabs":{"use_compact_navigation_bar":false,"use_vertical_tabs"
CHR Extension: (Iminent) - C:\Users\Peter_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\5.14.1.0_0
CHR Extension: (AVG Security Toolbar) - C:\Users\Peter_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.1.0.10_0
==================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-11-24] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1830768 2013-08-15] (SurfRight B.V.)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-08-02] (AVG Secure Search)
R2 WDFME; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [485376 2010-09-08] ()
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-02] (AVG Technologies)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-22] (AVM GmbH)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [17416 2013-08-15] ()
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [17416 2013-08-15] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 SMR210; C:\Windows\System32\drivers\SMR210.SYS [96376 2012-01-22] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-16 17:00 - 2013-08-16 17:00 - 01575798 _____ (Farbar) C:\Users\Peter_2\Desktop\FRST64.exe
2013-08-16 16:58 - 2013-08-16 16:59 - 00000480 _____ C:\Users\Peter_2\Desktop\defogger_disable.log
2013-08-16 16:58 - 2013-08-16 16:58 - 00000000 _____ C:\Users\Admin neu\defogger_reenable
2013-08-16 16:56 - 2013-08-16 16:56 - 00050477 _____ C:\Users\Peter_2\Desktop\Defogger.exe
2013-08-16 14:40 - 2013-08-16 14:40 - 00001999 _____ C:\Users\Peter_2\Desktop\Avira DE-Cleaner.lnk
2013-08-16 14:13 - 2013-08-16 14:13 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-16 14:13 - 2013-08-16 14:13 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-16 14:13 - 2013-08-16 14:13 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-16 14:13 - 2013-08-16 14:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-08-15 15:50 - 2013-08-15 15:50 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-15 15:50 - 2013-08-15 15:50 - 00000000 ____D C:\Program Files\Java
2013-08-15 15:49 - 2013-08-15 15:50 - 00028839 _____ C:\AdwCleaner[S1].txt
2013-08-15 15:48 - 2013-08-15 15:48 - 00028558 _____ C:\AdwCleaner[R1].txt
2013-08-15 15:47 - 2013-08-15 15:47 - 00618912 _____ (www.download-sponsor.de) C:\Users\Peter\Downloads\adwcleaner_2.306.exe
2013-08-15 15:40 - 2013-08-15 15:40 - 03272136 _____ (Secunia) C:\Users\Peter\Downloads\PSISetup.exe
2013-08-15 15:40 - 2013-08-15 15:40 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-15 15:39 - 2013-08-15 15:52 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2013-08-15 15:39 - 2013-08-15 15:42 - 00564312 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2013-08-15 15:39 - 2013-08-15 15:42 - 00518480 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-08-15 15:39 - 2013-08-15 15:42 - 00017416 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert.exe
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert(1).exe
2013-08-15 15:39 - 2013-08-15 15:39 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-08-15 14:17 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 14:17 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 14:17 - 2013-07-24 15:40 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 09065472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 06036480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 14:17 - 2013-07-24 13:43 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 14:17 - 2013-07-24 13:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 14:17 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 14:17 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 14:17 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 14:17 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 14:17 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 14:17 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 14:17 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 14:17 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 14:17 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 14:17 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 14:17 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 14:17 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 14:15 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 14:15 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 14:15 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 14:15 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 14:15 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 14:15 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 14:15 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 14:15 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 14:15 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 14:15 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 14:15 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 14:15 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 14:15 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 19:02 - 2013-08-14 19:02 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Nero
2013-08-14 18:22 - 2013-08-14 19:24 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Adobe
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Mozilla
2013-08-14 15:13 - 2013-08-16 14:40 - 00002070 _____ C:\Users\Peter_2\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-08-14 15:13 - 2013-08-14 15:13 - 00883840 _____ C:\Users\Peter\Downloads\Avira-DE-Cleaner.exe
2013-08-14 14:58 - 2013-08-16 16:07 - 00000896 _____ C:\Windows\setupact.log
2013-08-14 14:58 - 2013-08-14 14:58 - 00005250 _____ C:\Windows\PFRO.log
2013-08-14 14:58 - 2013-08-14 14:58 - 00000000 _____ C:\Windows\setuperr.log
2013-08-14 13:12 - 2013-08-14 13:12 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Malwarebytes
2013-08-14 13:09 - 2013-08-14 13:10 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\IrfanView
2013-08-12 18:35 - 2013-08-12 18:35 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\SUPERAntiSpyware.com
2013-08-12 18:31 - 2013-08-16 16:58 - 00000000 ____D C:\Users\Admin neu
2013-08-12 18:31 - 2013-08-12 18:31 - 00000020 ___SH C:\Users\Admin neu\ntuser.ini
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Vorlagen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Startmenü
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Netzwerkumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Lokale Einstellungen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Eigene Dateien
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Druckumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Anwendungsdaten
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Macromedia
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Canon
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\AVG2013
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\ATI
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Apple Computer
2013-08-12 18:31 - 2012-10-13 10:07 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\TuneUp Software
2013-08-11 09:28 - 2013-08-11 09:29 - 38171414 _____ C:\Users\Peter\Downloads\yacy_v1.62_20130801_9025(1).exe
2013-08-03 20:11 - 2013-08-12 11:19 - 00000000 ____D C:\Users\Ruth\Rauhenzell
2013-07-31 11:26 - 2013-07-31 11:26 - 00002419 _____ C:\Users\Peter_2\Desktop\Google Earth.lnk
2013-07-31 11:26 - 2013-07-31 11:26 - 00000000 ____D C:\Users\Peter_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Earth
2013-07-27 12:28 - 2013-08-15 16:28 - 00000000 ____D C:\Windows\system32\MRT
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
==================== One Month Modified Files and Folders =======
2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\FRST
2013-08-16 17:00 - 2013-08-16 17:00 - 01575798 _____ (Farbar) C:\Users\Peter_2\Desktop\FRST64.exe
2013-08-16 16:59 - 2013-08-16 16:58 - 00000480 _____ C:\Users\Peter_2\Desktop\defogger_disable.log
2013-08-16 16:58 - 2013-08-16 16:58 - 00000000 _____ C:\Users\Admin neu\defogger_reenable
2013-08-16 16:58 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu
2013-08-16 16:56 - 2013-08-16 16:56 - 00050477 _____ C:\Users\Peter_2\Desktop\Defogger.exe
2013-08-16 16:17 - 2012-03-31 17:49 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-16 16:07 - 2013-08-14 14:58 - 00000896 _____ C:\Windows\setupact.log
2013-08-16 16:06 - 2013-06-04 19:46 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-08-16 16:06 - 2009-12-10 21:15 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-16 16:04 - 2012-03-15 22:36 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1347085348-892770594-766104875-1004UA.job
2013-08-16 16:04 - 2009-12-10 21:15 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-16 14:40 - 2013-08-16 14:40 - 00001999 _____ C:\Users\Peter_2\Desktop\Avira DE-Cleaner.lnk
2013-08-16 14:40 - 2013-08-14 15:13 - 00002070 _____ C:\Users\Peter_2\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-08-16 14:13 - 2013-08-16 14:13 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-16 14:13 - 2013-08-16 14:13 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-16 14:13 - 2013-08-16 14:13 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-16 14:13 - 2013-08-16 14:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-16 14:13 - 2012-09-05 19:03 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-16 14:13 - 2010-05-26 18:19 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-16 13:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-16 12:39 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-16 12:39 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-16 12:33 - 2006-10-10 01:06 - 01912910 _____ C:\Windows\WindowsUpdate.log
2013-08-16 12:29 - 2010-11-16 18:30 - 00000000 ____D C:\ProgramData\MFAData
2013-08-16 12:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-15 16:31 - 2009-07-14 07:13 - 01519798 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-15 16:31 - 2006-10-10 10:57 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-08-15 16:31 - 2006-10-10 10:57 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-08-15 16:28 - 2013-07-27 12:28 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 16:26 - 2009-11-29 10:58 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-08-15 15:59 - 2009-08-14 20:24 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-15 15:57 - 2013-07-04 20:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 15:57 - 2009-11-25 00:12 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-15 15:52 - 2013-08-15 15:39 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2013-08-15 15:51 - 2012-03-31 17:49 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-15 15:51 - 2011-06-02 11:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-15 15:50 - 2013-08-15 15:50 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-15 15:50 - 2013-08-15 15:50 - 00000000 ____D C:\Program Files\Java
2013-08-15 15:50 - 2013-08-15 15:49 - 00028839 _____ C:\AdwCleaner[S1].txt
2013-08-15 15:50 - 2012-09-05 19:02 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-15 15:50 - 2012-07-05 22:05 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-08-15 15:50 - 2012-03-12 17:59 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-15 15:50 - 2011-02-06 19:30 - 00000000 ____D C:\Users\Peter_2
2013-08-15 15:48 - 2013-08-15 15:48 - 00028558 _____ C:\AdwCleaner[R1].txt
2013-08-15 15:47 - 2013-08-15 15:47 - 00618912 _____ (www.download-sponsor.de) C:\Users\Peter\Downloads\adwcleaner_2.306.exe
2013-08-15 15:47 - 2012-03-09 23:20 - 00000000 ____D C:\Users\Peter_2\AppData\Local\CrashDumps
2013-08-15 15:42 - 2013-08-15 15:39 - 00564312 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2013-08-15 15:42 - 2013-08-15 15:39 - 00518480 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-08-15 15:42 - 2013-08-15 15:39 - 00017416 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-08-15 15:40 - 2013-08-15 15:40 - 03272136 _____ (Secunia) C:\Users\Peter\Downloads\PSISetup.exe
2013-08-15 15:40 - 2013-08-15 15:40 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert.exe
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert(1).exe
2013-08-15 15:39 - 2013-08-15 15:39 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-08-15 14:23 - 2009-11-21 14:10 - 00000000 ____D C:\Users\Peter
2013-08-15 14:19 - 2009-11-29 11:23 - 00000000 ____D C:\Users\Peter\Documents\Dokumente Peter
2013-08-15 09:22 - 2012-11-04 22:38 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-14 19:37 - 2012-03-15 23:05 - 00000000 ____D C:\Users\Peter_2\AppData\Roaming\vlc
2013-08-14 19:24 - 2013-08-14 18:22 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Adobe
2013-08-14 19:02 - 2013-08-14 19:02 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Nero
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Mozilla
2013-08-14 15:13 - 2013-08-14 15:13 - 00883840 _____ C:\Users\Peter\Downloads\Avira-DE-Cleaner.exe
2013-08-14 14:58 - 2013-08-14 14:58 - 00005250 _____ C:\Windows\PFRO.log
2013-08-14 14:58 - 2013-08-14 14:58 - 00000000 _____ C:\Windows\setuperr.log
2013-08-14 14:58 - 2012-03-31 17:49 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-14 13:13 - 2012-01-22 19:01 - 00000000 ____D C:\Program Files (x86)\ MALWAREBYTES ANTI-MALWARE
2013-08-14 13:13 - 2012-01-22 18:57 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-14 13:13 - 2010-05-12 07:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-14 13:12 - 2013-08-14 13:12 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Malwarebytes
2013-08-14 13:11 - 2009-12-26 11:59 - 00000000 ____D C:\Windows\Minidump
2013-08-14 13:10 - 2013-08-14 13:09 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\IrfanView
2013-08-12 18:35 - 2013-08-12 18:35 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\SUPERAntiSpyware.com
2013-08-12 18:34 - 2012-02-21 14:43 - 00000000 ____D C:\Users\Peter_2\Documents\Mein Steuer-Sparbuch Heute
2013-08-12 18:31 - 2013-08-12 18:31 - 00000020 ___SH C:\Users\Admin neu\ntuser.ini
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Vorlagen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Startmenü
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Netzwerkumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Lokale Einstellungen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Eigene Dateien
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Druckumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Anwendungsdaten
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Macromedia
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Canon
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\AVG2013
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\ATI
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Apple Computer
2013-08-12 18:09 - 2012-01-08 10:40 - 00000000 ____D C:\Users\Public\Documents\Screensaver
2013-08-12 11:23 - 2011-02-13 21:39 - 00060416 ___SH C:\Users\Ruth\Thumbs.db
2013-08-12 11:23 - 2011-02-06 18:34 - 00000000 ____D C:\Users\Ruth
2013-08-12 11:19 - 2013-08-03 20:11 - 00000000 ____D C:\Users\Ruth\Rauhenzell
2013-08-12 11:04 - 2012-03-15 22:36 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1347085348-892770594-766104875-1004Core.job
2013-08-11 09:29 - 2013-08-11 09:28 - 38171414 _____ C:\Users\Peter\Downloads\yacy_v1.62_20130801_9025(1).exe
2013-08-10 12:04 - 2010-03-28 18:47 - 00001212 _____ C:\Windows\wiso.ini
2013-08-03 19:43 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-03 16:09 - 2011-02-06 23:05 - 00000000 ____D C:\Users\Ruth\Dokumente Ruth
2013-08-02 10:54 - 2013-06-18 20:13 - 00003715 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-08-02 10:53 - 2012-09-04 20:23 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-07-31 11:29 - 2010-03-28 18:47 - 00000000 ____D C:\Users\Peter\Documents\Mein Sparbuch Heute
2013-07-31 11:26 - 2013-07-31 11:26 - 00002419 _____ C:\Users\Peter_2\Desktop\Google Earth.lnk
2013-07-31 11:26 - 2013-07-31 11:26 - 00000000 ____D C:\Users\Peter_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Earth
2013-07-31 11:26 - 2011-02-21 23:51 - 00000000 ____D C:\Users\Peter_2\AppData\Local\Google
2013-07-30 18:30 - 2011-07-18 19:25 - 00003226 _____ C:\Users\Ruth\AppData\Roaming\wklnhst.dat
2013-07-30 18:16 - 2012-10-04 19:28 - 00000985 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-30 18:15 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-07-25 11:25 - 2013-08-15 14:17 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-15 14:17 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 15:40 - 2013-08-15 14:17 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 09065472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 06036480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-24 13:43 - 2013-08-15 14:17 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-24 13:23 - 2013-08-15 14:17 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-07-19 03:58 - 2013-08-15 14:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-19 03:41 - 2013-08-15 14:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
--- --- --- --- --- --- defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:59 on 16/08/2013 (Admin neu) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Die Log Datei Addition passt nicht mehr rein (Gesamtgröße von 120000 Zeichen überschritten) LG Mariheli |
|
17.08.2013, 23:27
| #4 | |
| /// the machine /// TB-Ausbilder | Admin Profil nicht mehr da - Widgi ToolbarCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.08.2013, 14:44
| #5 |
| | Admin Profil nicht mehr da - Widgi Toolbar Hallo Schrauber, jetzt habe ich mir irgend ein Problem eingehandelt. Habe Combofix nach Anweisung gestartet, es hat eine halbe Stunde gesucht und dann mitgeteilt, dass er einige Dateien löscht und dann angefangen, Fenster aufzupoppen mit der Meldung "ComboFix\prv.3xE und noch einer anderen Meldung, die ich aber nicht lesen kann, da die Fenster so schnell aufpoppen und verschwinden, dass ich es nicht lesen kann. Nachdem er diese mehrere Stunden gemacht hat, habe ich den Computer mehrmals neu gestartet, aber es passiert immer das selbe; die Fenster poppen rasend schnell auf und verschwinden wieder. (Schreibe jetzt vom Laptop). Ergänzung: Habe jetzt das Programm nochmal neu gestartet, er scannt jetzt, mal sehen, was passiert, poste dann das Ergebnis. Wie kriege ich das Problem wieder weg?  LG mariheli Hallo Schrauber, jetzt habe ich Combofix nochmal laufen lassen. Es hat eine Stunde gescannt und ist dann bei Verzeichnis 46 stehen geblieben und hat nichts mehr gemacht. Ich habe das Programm jetzt geschlossen, die Pop-Ups sind weg, ein Logfile hat das Programm nicht erstellt. Problem ist, das ich jetzt nicht mehr ins Internet komme, trotz aktiver Wlan/LAn Verbindung? Was mach ich jetzt am besten? LG Mariheli Geändert von mariheli (18.08.2013 um 12:52 Uhr) |
|
18.08.2013, 16:52
| #6 |
| /// the machine /// TB-Ausbilder | Admin Profil nicht mehr da - Widgi Toolbar HI, Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Admin Profil nicht mehr da - Widgi Toolbar |
|
18.08.2013, 17:41
| #7 |
| | Admin Profil nicht mehr da - Widgi Toolbar Hallo Schrauber, anliegend die Ergebnisse. Muss die Programme immer über meinen Laptop zum Rechner kopieren und zurück, da die Internetverbindung nach wie vor nicht geht. Habe mal Google gepingt, das klappt aber. Hier die Ergebnisse: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.9 (08.17.2013:3)
OS: Windows 7 Home Premium x64
Ran by Admin neu on 18.08.2013 at 18:18:13,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonicdownloader_fuer_mp3directcut_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonicdownloader_fuer_mp3directcut_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_clonedvd_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_clonedvd_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_jdownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_jdownloader_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_webradio-gadget_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_webradio-gadget_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_clonedvd_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_clonedvd_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_jdownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_jdownloader_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_webradio-gadget_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_webradio-gadget_RASMANCS
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Admin neu\AppData\Roaming\mozilla\firefox\profiles\d6gb0lhc.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.08.2013 at 18:22:35,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.306 - Datei am 18/08/2013 um 18:10:52 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Admin neu - SCHORSCH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Peter_2\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKU\S-1-5-21-1347085348-892770594-766104875-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sunhn9og.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\xhfp38qs.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Peter_2\AppData\Roaming\Mozilla\Firefox\Profiles\nbsb8qcq.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Admin neu\AppData\Roaming\Mozilla\Firefox\Profiles\d6gb0lhc.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [28558 octets] - [15/08/2013 15:48:12]
AdwCleaner[S1].txt - [28839 octets] - [15/08/2013 15:49:54]
AdwCleaner[S2].txt - [1524 octets] - [18/08/2013 18:10:52]
########## EOF - \AdwCleaner[S2].txt - [1584 octets] ##########
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2013 01
Ran by Admin neu (administrator) on 18-08-2013 18:26:15
Running from C:\Users\Peter_2\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [combofix] - C:\ComboFix\CF30478.3XE /c C:\ComboFix\Combobatch.bat [x]
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\TEMP\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: C:\Users\Peter_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Peter_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
BootExecute:
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 05 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 06 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 17 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 18 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Admin neu\AppData\Roaming\Mozilla\Firefox\Profiles\d6gb0lhc.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] C:\Program Files (x86)\AVG\AVG2012\Thunderbird\
==================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-11-24] (SUPERAntiSpyware.com)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
R2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-08-02] (AVG Secure Search)
R2 WDFME; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [485376 2010-09-08] ()
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-02] (AVG Technologies)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-22] (AVM GmbH)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 SMR210; C:\Windows\System32\drivers\SMR210.SYS [96376 2012-01-22] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-18 18:22 - 2013-08-18 18:22 - 00002852 _____ C:\Users\Admin neu\Desktop\JRT.txt
2013-08-18 18:18 - 2013-08-18 18:18 - 00000000 ____D C:\Windows\ERUNT
2013-08-18 18:10 - 2013-08-18 18:11 - 00001651 _____ C:\Users\Peter_2\Desktop\AdwCleaner[S2].txt
2013-08-18 18:10 - 2013-08-18 18:08 - 01018166 _____ (Thisisu) C:\Users\Peter_2\Desktop\JRT.exe
2013-08-18 18:10 - 2013-08-18 18:07 - 00666633 _____ C:\Users\Peter_2\Desktop\adwcleaner.exe
2013-08-18 13:41 - 2013-08-18 14:29 - 00000000 ___SD C:\ComboFix
2013-08-18 10:19 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-18 10:19 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-18 10:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-18 10:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-18 10:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-18 10:19 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-18 10:19 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-18 10:19 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-18 10:18 - 2013-08-18 11:20 - 00000000 ____D C:\Windows\erdnt
2013-08-18 10:18 - 2013-08-18 10:18 - 00000000 ____D C:\Qoobox
2013-08-18 10:13 - 2013-08-18 10:14 - 05105390 ____R (Swearware) C:\Users\Peter_2\Desktop\ComboFix.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-16 18:43 - 2013-08-16 18:43 - 00008767 _____ C:\Users\Peter_2\Desktop\FRST.zip
2013-08-16 18:43 - 2013-08-16 18:43 - 00007509 _____ C:\Users\Peter_2\Desktop\Addition.zip
2013-08-16 18:42 - 2013-08-16 18:42 - 00004026 _____ C:\Users\Peter_2\Desktop\gmer.zip
2013-08-16 18:38 - 2013-08-16 18:38 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-08-16 18:37 - 2013-08-16 18:37 - 01110476 _____ C:\Users\Peter\Downloads\7z920.exe
2013-08-16 17:38 - 2013-08-16 17:46 - 00000803 _____ C:\Users\Peter_2\Desktop\SpybotSD.Results.txt
2013-08-16 17:38 - 2013-08-16 17:38 - 00317787 _____ C:\Users\Peter\Desktop\SpybotSD.Results.txt
2013-08-16 17:19 - 2013-08-16 17:19 - 00051796 _____ C:\Users\Peter_2\Desktop\gmer.txt
2013-08-16 17:04 - 2013-08-16 17:04 - 00377856 _____ C:\Users\Peter_2\Desktop\gmer_2.1.19163.exe
2013-08-16 17:02 - 2013-08-16 21:31 - 00030507 _____ C:\Users\Peter_2\Desktop\Addition.txt
2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\FRST
2013-08-16 17:00 - 2013-08-16 17:00 - 01575798 _____ (Farbar) C:\Users\Peter_2\Desktop\FRST64.exe
2013-08-16 16:58 - 2013-08-16 16:59 - 00000480 _____ C:\Users\Peter_2\Desktop\defogger_disable.log
2013-08-16 16:58 - 2013-08-16 16:58 - 00000000 _____ C:\Users\Admin neu\defogger_reenable
2013-08-16 16:56 - 2013-08-16 16:56 - 00050477 _____ C:\Users\Peter_2\Desktop\Defogger.exe
2013-08-16 14:40 - 2013-08-16 14:40 - 00001999 _____ C:\Users\Peter_2\Desktop\Avira DE-Cleaner.lnk
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-08-15 15:50 - 2013-08-15 15:50 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-15 15:50 - 2013-08-15 15:50 - 00000000 ____D C:\Program Files\Java
2013-08-15 15:49 - 2013-08-15 15:50 - 00028839 _____ C:\AdwCleaner[S1].txt
2013-08-15 15:48 - 2013-08-15 15:48 - 00028558 _____ C:\AdwCleaner[R1].txt
2013-08-15 15:47 - 2013-08-15 15:47 - 00618912 _____ (www.download-sponsor.de) C:\Users\Peter\Downloads\adwcleaner_2.306.exe
2013-08-15 15:40 - 2013-08-15 15:40 - 03272136 _____ (Secunia) C:\Users\Peter\Downloads\PSISetup.exe
2013-08-15 15:40 - 2013-08-15 15:40 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Secunia PSI
2013-08-15 15:40 - 2013-08-15 15:40 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert.exe
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert(1).exe
2013-08-15 15:39 - 2013-08-15 15:39 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-08-15 14:17 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 14:17 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 14:17 - 2013-07-24 15:40 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 09065472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 06036480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 14:17 - 2013-07-24 13:43 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 14:17 - 2013-07-24 13:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 14:17 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 14:17 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 14:17 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 14:17 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 14:17 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 14:17 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 14:17 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 14:17 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 14:17 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 14:17 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 14:17 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 14:17 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 14:15 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 14:15 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 14:15 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 14:15 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 14:15 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 14:15 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 14:15 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 14:15 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 14:15 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 14:15 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 14:15 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 14:15 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 14:15 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 19:24 - 2013-08-14 19:24 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Adobe
2013-08-14 19:02 - 2013-08-14 19:02 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Nero
2013-08-14 18:22 - 2013-08-14 19:24 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Adobe
2013-08-14 18:22 - 2013-08-14 18:22 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Macromedia
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Mozilla
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Mozilla
2013-08-14 15:13 - 2013-08-16 14:40 - 00002070 _____ C:\Users\Peter_2\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-08-14 15:13 - 2013-08-14 15:13 - 00883840 _____ C:\Users\Peter\Downloads\Avira-DE-Cleaner.exe
2013-08-14 14:58 - 2013-08-18 18:23 - 00002072 _____ C:\Windows\setupact.log
2013-08-14 14:58 - 2013-08-18 14:55 - 00006354 _____ C:\Windows\PFRO.log
2013-08-14 14:58 - 2013-08-14 14:58 - 00000000 _____ C:\Windows\setuperr.log
2013-08-14 13:12 - 2013-08-14 13:12 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Malwarebytes
2013-08-14 13:09 - 2013-08-14 13:10 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\IrfanView
2013-08-12 18:35 - 2013-08-12 18:35 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\SUPERAntiSpyware.com
2013-08-12 18:31 - 2013-08-18 17:31 - 00000000 ____D C:\Users\Admin neu
2013-08-12 18:31 - 2013-08-18 10:15 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Avg2013
2013-08-12 18:31 - 2013-08-12 18:31 - 00085296 _____ C:\Users\ADMINN~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-12 18:31 - 2013-08-12 18:31 - 00001443 _____ C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-12 18:31 - 2013-08-12 18:31 - 00001409 _____ C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-08-12 18:31 - 2013-08-12 18:31 - 00000020 ___SH C:\Users\Admin neu\ntuser.ini
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\ADMINN~1\AppData\Local\Verlauf
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\ADMINN~1\AppData\Local\Anwendungsdaten
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Vorlagen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Startmenü
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Netzwerkumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Lokale Einstellungen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Eigene Dateien
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Druckumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Documents\Eigene Musik
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Documents\Eigene Bilder
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Anwendungsdaten
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Western Digital
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\VirtualStore
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\EgisTec
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\ATI
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Macromedia
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Canon
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\AVG2013
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\ATI
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Apple Computer
2013-08-12 18:31 - 2012-10-13 10:07 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\TuneUp Software
2013-08-12 18:31 - 2009-11-22 22:55 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Microsoft Help
2013-08-12 18:31 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-08-12 18:31 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-08-11 09:28 - 2013-08-11 09:29 - 38171414 _____ C:\Users\Peter\Downloads\yacy_v1.62_20130801_9025(1).exe
2013-08-03 20:11 - 2013-08-12 11:19 - 00000000 ____D C:\Users\Ruth\Rauhenzell
2013-07-31 11:26 - 2013-07-31 11:26 - 00002419 _____ C:\Users\Peter_2\Desktop\Google Earth.lnk
2013-07-27 12:28 - 2013-08-15 16:28 - 00000000 ____D C:\Windows\system32\MRT
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
==================== One Month Modified Files and Folders =======
2013-08-18 18:23 - 2013-08-18 18:23 - 00002852 _____ C:\Users\Peter_2\Desktop\JRT.txt
2013-08-18 18:23 - 2013-08-14 14:58 - 00002072 _____ C:\Windows\setupact.log
2013-08-18 18:23 - 2013-06-04 19:46 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-08-18 18:23 - 2012-02-21 14:43 - 00000000 ____D C:\Users\Peter_2\Documents\Mein Steuer-Sparbuch Heute
2013-08-18 18:23 - 2009-12-10 21:15 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-18 18:22 - 2013-08-18 18:22 - 00002852 _____ C:\Users\Admin neu\Desktop\JRT.txt
2013-08-18 18:20 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-18 18:20 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-18 18:18 - 2013-08-18 18:18 - 00000000 ____D C:\Windows\ERUNT
2013-08-18 18:17 - 2012-03-31 17:49 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-18 18:12 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-18 18:11 - 2013-08-18 18:10 - 00001651 _____ C:\Users\Peter_2\Desktop\AdwCleaner[S2].txt
2013-08-18 18:11 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-18 18:11 - 2006-10-10 10:57 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-08-18 18:11 - 2006-10-10 10:57 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-08-18 18:11 - 2006-10-10 01:06 - 02009609 _____ C:\Windows\WindowsUpdate.log
2013-08-18 18:08 - 2013-08-18 18:10 - 01018166 _____ (Thisisu) C:\Users\Peter_2\Desktop\JRT.exe
2013-08-18 18:07 - 2013-08-18 18:10 - 00666633 _____ C:\Users\Peter_2\Desktop\adwcleaner.exe
2013-08-18 18:06 - 2010-11-16 18:30 - 00000000 ____D C:\ProgramData\MFAData
2013-08-18 18:04 - 2012-03-15 22:36 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1347085348-892770594-766104875-1004UA.job
2013-08-18 18:04 - 2009-12-10 21:15 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-18 17:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu
2013-08-18 17:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-18 14:55 - 2013-08-14 14:58 - 00006354 _____ C:\Windows\PFRO.log
2013-08-18 14:29 - 2013-08-18 13:41 - 00000000 ___SD C:\ComboFix
2013-08-18 11:20 - 2013-08-18 10:18 - 00000000 ____D C:\Windows\erdnt
2013-08-18 11:17 - 2011-02-15 13:38 - 00000000 ____D C:\Users\Peter_2\AppData\Roaming\Adobe
2013-08-18 11:04 - 2012-03-15 22:36 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1347085348-892770594-766104875-1004Core.job
2013-08-18 10:18 - 2013-08-18 10:18 - 00000000 ____D C:\Qoobox
2013-08-18 10:15 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Avg2013
2013-08-18 10:14 - 2013-08-18 10:13 - 05105390 ____R (Swearware) C:\Users\Peter_2\Desktop\ComboFix.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-17 19:35 - 2012-09-05 19:03 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-17 19:35 - 2010-05-26 18:19 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-16 21:31 - 2013-08-16 17:02 - 00030507 _____ C:\Users\Peter_2\Desktop\Addition.txt
2013-08-16 18:43 - 2013-08-16 18:43 - 00008767 _____ C:\Users\Peter_2\Desktop\FRST.zip
2013-08-16 18:43 - 2013-08-16 18:43 - 00007509 _____ C:\Users\Peter_2\Desktop\Addition.zip
2013-08-16 18:42 - 2013-08-16 18:42 - 00004026 _____ C:\Users\Peter_2\Desktop\gmer.zip
2013-08-16 18:38 - 2013-08-16 18:38 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-08-16 18:37 - 2013-08-16 18:37 - 01110476 _____ C:\Users\Peter\Downloads\7z920.exe
2013-08-16 17:46 - 2013-08-16 17:38 - 00000803 _____ C:\Users\Peter_2\Desktop\SpybotSD.Results.txt
2013-08-16 17:38 - 2013-08-16 17:38 - 00317787 _____ C:\Users\Peter\Desktop\SpybotSD.Results.txt
2013-08-16 17:35 - 2009-11-21 14:10 - 00000000 ____D C:\Users\Peter
2013-08-16 17:19 - 2013-08-16 17:19 - 00051796 _____ C:\Users\Peter_2\Desktop\gmer.txt
2013-08-16 17:04 - 2013-08-16 17:04 - 00377856 _____ C:\Users\Peter_2\Desktop\gmer_2.1.19163.exe
2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\FRST
2013-08-16 17:00 - 2013-08-16 17:00 - 01575798 _____ (Farbar) C:\Users\Peter_2\Desktop\FRST64.exe
2013-08-16 16:59 - 2013-08-16 16:58 - 00000480 _____ C:\Users\Peter_2\Desktop\defogger_disable.log
2013-08-16 16:58 - 2013-08-16 16:58 - 00000000 _____ C:\Users\Admin neu\defogger_reenable
2013-08-16 16:56 - 2013-08-16 16:56 - 00050477 _____ C:\Users\Peter_2\Desktop\Defogger.exe
2013-08-16 14:40 - 2013-08-16 14:40 - 00001999 _____ C:\Users\Peter_2\Desktop\Avira DE-Cleaner.lnk
2013-08-16 14:40 - 2013-08-14 15:13 - 00002070 _____ C:\Users\Peter_2\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-08-16 13:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 16:28 - 2013-07-27 12:28 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 16:26 - 2009-11-29 10:58 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-08-15 15:59 - 2009-08-14 20:24 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-15 15:57 - 2013-07-04 20:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 15:57 - 2009-11-25 00:12 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-15 15:51 - 2012-03-31 17:49 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-15 15:51 - 2012-03-31 17:49 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-15 15:51 - 2011-06-02 11:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-15 15:50 - 2013-08-15 15:50 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-15 15:50 - 2013-08-15 15:50 - 00000000 ____D C:\Program Files\Java
2013-08-15 15:50 - 2013-08-15 15:49 - 00028839 _____ C:\AdwCleaner[S1].txt
2013-08-15 15:50 - 2012-09-05 19:02 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-15 15:50 - 2012-03-12 17:59 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-15 15:50 - 2011-02-06 19:30 - 00000000 ____D C:\Users\Peter_2
2013-08-15 15:48 - 2013-08-15 15:48 - 00028558 _____ C:\AdwCleaner[R1].txt
2013-08-15 15:47 - 2013-08-15 15:47 - 00618912 _____ (www.download-sponsor.de) C:\Users\Peter\Downloads\adwcleaner_2.306.exe
2013-08-15 15:47 - 2012-03-09 23:20 - 00000000 ____D C:\Users\Peter_2\AppData\Local\CrashDumps
2013-08-15 15:40 - 2013-08-15 15:40 - 03272136 _____ (Secunia) C:\Users\Peter\Downloads\PSISetup.exe
2013-08-15 15:40 - 2013-08-15 15:40 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Secunia PSI
2013-08-15 15:40 - 2013-08-15 15:40 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert.exe
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert(1).exe
2013-08-15 15:39 - 2013-08-15 15:39 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-08-15 14:19 - 2009-11-29 11:23 - 00000000 ____D C:\Users\Peter\Documents\Dokumente Peter
2013-08-15 09:22 - 2012-11-04 22:38 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-14 19:37 - 2012-03-15 23:05 - 00000000 ____D C:\Users\Peter_2\AppData\Roaming\vlc
2013-08-14 19:24 - 2013-08-14 19:24 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Adobe
2013-08-14 19:24 - 2013-08-14 18:22 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Adobe
2013-08-14 19:02 - 2013-08-14 19:02 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Nero
2013-08-14 18:22 - 2013-08-14 18:22 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Macromedia
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Mozilla
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Mozilla
2013-08-14 15:13 - 2013-08-14 15:13 - 00883840 _____ C:\Users\Peter\Downloads\Avira-DE-Cleaner.exe
2013-08-14 14:58 - 2013-08-14 14:58 - 00000000 _____ C:\Windows\setuperr.log
2013-08-14 14:58 - 2012-03-31 17:49 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-14 13:13 - 2012-01-22 19:01 - 00000000 ____D C:\Program Files (x86)\ MALWAREBYTES ANTI-MALWARE
2013-08-14 13:13 - 2012-01-22 18:57 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-14 13:13 - 2010-05-12 07:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-14 13:12 - 2013-08-14 13:12 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Malwarebytes
2013-08-14 13:11 - 2009-12-26 11:59 - 00000000 ____D C:\Windows\Minidump
2013-08-14 13:10 - 2013-08-14 13:09 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\IrfanView
2013-08-12 18:35 - 2013-08-12 18:35 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\SUPERAntiSpyware.com
2013-08-12 18:31 - 2013-08-12 18:31 - 00085296 _____ C:\Users\ADMINN~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-12 18:31 - 2013-08-12 18:31 - 00001443 _____ C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-12 18:31 - 2013-08-12 18:31 - 00001409 _____ C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-08-12 18:31 - 2013-08-12 18:31 - 00000020 ___SH C:\Users\Admin neu\ntuser.ini
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\ADMINN~1\AppData\Local\Verlauf
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\ADMINN~1\AppData\Local\Anwendungsdaten
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Vorlagen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Startmenü
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Netzwerkumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Lokale Einstellungen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Eigene Dateien
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Druckumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Documents\Eigene Musik
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Documents\Eigene Bilder
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Anwendungsdaten
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Western Digital
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\VirtualStore
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\EgisTec
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\ATI
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Macromedia
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Canon
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\AVG2013
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\ATI
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Apple Computer
2013-08-12 18:09 - 2012-01-08 10:40 - 00000000 ____D C:\Users\Public\Documents\Screensaver
2013-08-12 11:23 - 2011-02-13 21:39 - 00060416 ___SH C:\Users\Ruth\Thumbs.db
2013-08-12 11:23 - 2011-02-06 18:34 - 00000000 ____D C:\Users\Ruth
2013-08-12 11:19 - 2013-08-03 20:11 - 00000000 ____D C:\Users\Ruth\Rauhenzell
2013-08-11 09:29 - 2013-08-11 09:28 - 38171414 _____ C:\Users\Peter\Downloads\yacy_v1.62_20130801_9025(1).exe
2013-08-10 12:04 - 2010-03-28 18:47 - 00001212 _____ C:\Windows\wiso.ini
2013-08-03 19:43 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-03 16:09 - 2011-02-06 23:05 - 00000000 ____D C:\Users\Ruth\Dokumente Ruth
2013-08-02 10:54 - 2013-06-18 20:13 - 00003715 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-08-02 10:53 - 2012-09-04 20:23 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-07-31 11:29 - 2010-03-28 18:47 - 00000000 ____D C:\Users\Peter\Documents\Mein Sparbuch Heute
2013-07-31 11:26 - 2013-07-31 11:26 - 00002419 _____ C:\Users\Peter_2\Desktop\Google Earth.lnk
2013-07-31 11:26 - 2011-02-21 23:51 - 00000000 ____D C:\Users\Peter_2\AppData\Local\Google
2013-07-30 18:30 - 2011-07-18 19:25 - 00003226 _____ C:\Users\Ruth\AppData\Roaming\wklnhst.dat
2013-07-30 18:16 - 2012-10-04 19:28 - 00000985 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-30 18:15 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-07-25 11:25 - 2013-08-15 14:17 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-15 14:17 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 15:40 - 2013-08-15 14:17 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 09065472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 06036480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-24 13:43 - 2013-08-15 14:17 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-24 13:23 - 2013-08-15 14:17 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-07-19 03:58 - 2013-08-15 14:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-19 03:41 - 2013-08-15 14:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-12 17:01
==================== End Of Log ============================
--- --- --- LG Mariheli |
|
19.08.2013, 07:26
| #8 |
| /// the machine /// TB-Ausbilder | Admin Profil nicht mehr da - Widgi Toolbar Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool Setze einen Haken bei folgenden Einträgen
Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.08.2013, 11:49
| #9 |
| | Admin Profil nicht mehr da - Widgi Toolbar Hallo Schrauber, anliegend die Logs Code:
ATTFilter Farbar Service Scanner Version: 18-08-2013
Ran by Peter_2 (ATTENTION: The logged in user is not administrator) on 19-08-2013 at 12:40:55
Running from "C:\Users\Peter_2\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
Code:
ATTFilter MiniToolBox by Farbar Version: 13-07-2013
Ran by Peter_2 (ATTENTION: The logged in user is not administrator) on 19-08-2013 at 12:37:13
Running from "C:\Users\Peter_2\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"network.proxy.autoconfig_url", "file:///C:/Users/Peter_2/AppData/Local/RapidSolution/Videoraptor/WebRip/profile/rrproxy_ffox_4d654c90.pac"
"network.proxy.no_proxies_on", ""
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
NVIDIA nForce 10/100/1000 Mbps Ethernet = LAN-Verbindung (Disconnected)
FRITZ!WLAN USB Stick v2 = Drahtlosnetzwerkverbindung 2 (Connected)
Die Initialisierungsfunktion InitHelperDll in NSHHTTP.DLL konnte nicht gestartet werden. Fehlercode 10107
# ----------------------------------
# IPv4-Konfiguration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
popd
# Ende der IPv4-Konfiguration
Windows-IP-Konfiguration
Hostname . . . . . . . . . . . . : Schorsch
Prim„res DNS-Suffix . . . . . . . :
Knotentyp . . . . . . . . . . . . : Hybrid
IP-Routing aktiviert . . . . . . : Nein
WINS-Proxy aktiviert . . . . . . : Nein
Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung 2:
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : FRITZ!WLAN USB Stick v2
Physikalische Adresse . . . . . . : BC-05-43-04-4E-FE
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Verbindungslokale IPv6-Adresse . : fe80::4c5:6c63:e75a:a895%14(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 192.168.0.101(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 0.0.0.0
Lease erhalten. . . . . . . . . . : Montag, 19. August 2013 12:25:10
Lease l„uft ab. . . . . . . . . . : Montag, 26. August 2013 12:25:10
Standardgateway . . . . . . . . . : 192.168.0.1
DHCP-Server . . . . . . . . . . . : 192.168.0.1
DHCPv6-IAID . . . . . . . . . . . : 381420867
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-0C-BC-8D-55-00-1F-16-FB-93-80
DNS-Server . . . . . . . . . . . : 192.168.0.1
NetBIOS ber TCP/IP . . . . . . . : Aktiviert
Ethernet-Adapter LAN-Verbindung:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet
Physikalische Adresse . . . . . . : 00-1F-16-FB-93-80
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Tunneladapter isatap.{1F803466-C1F1-4933-A73A-2C5D3C38EDE8}:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
Tunneladapter Teredo Tunneling Pseudo-Interface:
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv6-Adresse. . . . . . . . . . . : 2001:0:5ef5:79fb:3056:23c0:433f:360e(Bevorzugt)
Verbindungslokale IPv6-Adresse . : fe80::3056:23c0:433f:360e%11(Bevorzugt)
Standardgateway . . . . . . . . . : ::
NetBIOS ber TCP/IP . . . . . . . : Deaktiviert
Server: UnKnown
Address: NULL
Fehler bei der Initialisierung der Windows Sockets-Schnittstelle. Allgemeiner Fehler.
Server: UnKnown
Address: NULL
Fehler bei der Initialisierung der Windows Sockets-Schnittstelle. Allgemeiner Fehler.
Fehler bei der Initialisierung der Windows Sockets-Schnittstelle. Allgemeiner Fehler.
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\nvLsp64.dll [434208] (NVIDIA)
x64-Catalog9 02 C:\Windows\System32\nvLsp64.dll [434208] (NVIDIA)
x64-Catalog9 03 C:\Windows\System32\nvLsp64.dll [434208] (NVIDIA)
x64-Catalog9 04 C:\Windows\System32\nvLsp64.dll [434208] (NVIDIA)
x64-Catalog9 05 C:\Windows\System32\nvLsp64.dll [434208] (NVIDIA)
x64-Catalog9 06 C:\Windows\System32\nvLsp64.dll [434208] (NVIDIA)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 16 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 17 C:\Windows\System32\nvLsp64.dll [434208] (NVIDIA)
x64-Catalog9 18 C:\Windows\System32\nvLsp64.dll [434208] (NVIDIA)
========================= Event log errors: ===============================
Application errors:
==================
Error: (08/19/2013 00:27:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avgidsagent.exe, Version: 13.0.0.3383, Zeitstempel: 0x51d571a8
Name des fehlerhaften Moduls: avgidsagent.exe, Version: 13.0.0.3383, Zeitstempel: 0x51d571a8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00015810
ID des fehlerhaften Prozesses: 0x17c0
Startzeit der fehlerhaften Anwendung: 0xavgidsagent.exe0
Pfad der fehlerhaften Anwendung: avgidsagent.exe1
Pfad des fehlerhaften Moduls: avgidsagent.exe2
Berichtskennung: avgidsagent.exe3
Error: (08/19/2013 00:25:08 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avgidsagent.exe, Version: 13.0.0.3383, Zeitstempel: 0x51d571a8
Name des fehlerhaften Moduls: avgidsagent.exe, Version: 13.0.0.3383, Zeitstempel: 0x51d571a8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00015810
ID des fehlerhaften Prozesses: 0x6b0
Startzeit der fehlerhaften Anwendung: 0xavgidsagent.exe0
Pfad der fehlerhaften Anwendung: avgidsagent.exe1
Pfad des fehlerhaften Moduls: avgidsagent.exe2
Berichtskennung: avgidsagent.exe3
Error: (08/19/2013 00:24:25 PM) (Source: Greg_Service) (User: )
Description: Service failed on start: Cannot allocate socket.
Error: (08/18/2013 09:18:32 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avgidsagent.exe, Version: 13.0.0.3383, Zeitstempel: 0x51d571a8
Name des fehlerhaften Moduls: avgidsagent.exe, Version: 13.0.0.3383, Zeitstempel: 0x51d571a8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00015810
ID des fehlerhaften Prozesses: 0x6a8
Startzeit der fehlerhaften Anwendung: 0xavgidsagent.exe0
Pfad der fehlerhaften Anwendung: avgidsagent.exe1
Pfad des fehlerhaften Moduls: avgidsagent.exe2
Berichtskennung: avgidsagent.exe3
Error: (08/18/2013 09:17:54 PM) (Source: Greg_Service) (User: )
Description: Service failed on start: Cannot allocate socket.
System errors:
=============
Error: (08/19/2013 00:35:14 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
Error: (08/19/2013 00:35:13 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
Error: (08/19/2013 00:27:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536753639.
Error: (08/19/2013 00:24:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NTI IScheduleSvc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/19/2013 00:24:55 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NTI IScheduleSvc erreicht.
Error: (08/19/2013 00:24:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536753639.
Error: (08/18/2013 09:18:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NTI IScheduleSvc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/18/2013 09:18:24 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NTI IScheduleSvc erreicht.
Error: (08/18/2013 09:17:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536753639.
Microsoft Office Sessions:
=========================
Error: (08/19/2013 00:27:36 PM) (Source: Application Error)(User: )
Description: avgidsagent.exe13.0.0.338351d571a8avgidsagent.exe13.0.0.338351d571a8c00000050001581017c001ce9cc6b78a58f0C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2013\avgidsagent.exef6e084c0-08b9-11e3-a10c-bc0543044efe
Error: (08/19/2013 00:25:08 PM) (Source: Application Error)(User: )
Description: avgidsagent.exe13.0.0.338351d571a8avgidsagent.exe13.0.0.338351d571a8c0000005000158106b001ce9cc6473caee0C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe9eed1b70-08b9-11e3-a10c-bc0543044efe
Error: (08/19/2013 00:24:25 PM) (Source: Greg_Service)(User: )
Description: Service failed on start: Cannot allocate socket.
Error: (08/18/2013 09:18:32 PM) (Source: Application Error)(User: )
Description: avgidsagent.exe13.0.0.338351d571a8avgidsagent.exe13.0.0.338351d571a8c0000005000158106a801ce9c47a3418be0C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2013\avgidsagent.exef8214c40-083a-11e3-8637-bc0543044efe
Error: (08/18/2013 09:17:54 PM) (Source: Greg_Service)(User: )
Description: Service failed on start: Cannot allocate socket.
CodeIntegrity Errors:
===================================
Date: 2013-08-18 17:58:41.020
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-18 17:11:24.296
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-18 16:36:15.534
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-18 15:44:54.446
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-18 15:07:03.345
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-18 14:51:05.195
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-18 13:03:18.860
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-18 12:52:48.362
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-18 11:45:05.154
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-18 11:16:15.681
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.20
Acer Backup Manager (Version: 2.0.2.19)
Acer eRecovery Management (Version: 4.05.3002)
Acer Registration (Version: 1.02.3004)
Acer ScreenSaver (Version: 1.2.0812)
Acer Updater (Version: 1.01.3014)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 3.8.0.870)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Advertising Center (Version: 0.0.0.2)
AIO_Scan (Version: 130.0.365.000)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.732.0)
Audiograbber 1.83 SE (Version: 1.83 SE )
Audiograbber MP3-Plugin (64 bit) (Version: 1.0)
AVG 2013 (Version: 13.0.3211)
AVG 2013 (Version: 13.0.3392)
AVG 2013 (Version: 2013.0.3392)
AVG PC Tuneup 2011 (Version: 10.0.0.23)
AVM FRITZ!WLAN
Backup Manager Advance (Version: 2.0.2.19)
BufferChm (Version: 130.0.331.000)
C5200 (Version: 130.0.365.000)
C5200_Help (Version: 100.0.206.000)
Canon Easy-PhotoPrint EX
Canon MG5300 series Benutzerregistrierung
Canon MG5300 series MP Drivers
Canon MG5300 series On-screen Manual
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Full Existing (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Full New (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Light (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0702.1239.20840)
Catalyst Control Center InstallProxy (Version: 2009.0702.1239.20840)
Catalyst Control Center Localization All (Version: 2009.0702.1239.20840)
CCC Help Chinese Standard (Version: 2009.0702.1238.20840)
CCC Help Chinese Traditional (Version: 2009.0702.1238.20840)
CCC Help Czech (Version: 2009.0702.1238.20840)
CCC Help Danish (Version: 2009.0702.1238.20840)
CCC Help Dutch (Version: 2009.0702.1238.20840)
CCC Help English (Version: 2009.0702.1238.20840)
CCC Help Finnish (Version: 2009.0702.1238.20840)
CCC Help French (Version: 2009.0702.1238.20840)
CCC Help German (Version: 2009.0702.1238.20840)
CCC Help Greek (Version: 2009.0702.1238.20840)
CCC Help Hungarian (Version: 2009.0702.1238.20840)
CCC Help Italian (Version: 2009.0702.1238.20840)
CCC Help Japanese (Version: 2009.0702.1238.20840)
CCC Help Korean (Version: 2009.0702.1238.20840)
CCC Help Norwegian (Version: 2009.0702.1238.20840)
CCC Help Polish (Version: 2009.0702.1238.20840)
CCC Help Portuguese (Version: 2009.0702.1238.20840)
CCC Help Russian (Version: 2009.0702.1238.20840)
CCC Help Spanish (Version: 2009.0702.1238.20840)
CCC Help Swedish (Version: 2009.0702.1238.20840)
CCC Help Thai (Version: 2009.0702.1238.20840)
CCC Help Turkish (Version: 2009.0702.1238.20840)
ccc-core-static (Version: 2009.0702.1239.20840)
ccc-utility64 (Version: 2009.0702.1239.20840)
CCleaner (Version: 3.16)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Copy (Version: 130.0.428.000)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
dm-Fotowelt
DocProc (Version: 13.0.0.0)
ElsterFormular (Version: 13.1.0.8394p)
ESET Online Scanner v3
eSobi v2 (Version: 2.0.4.000274)
Fax (Version: 130.0.418.000)
File Uploader (Version: 1.2.1)
Foto Paradies
FoxTab Music Converter
Free M4a to MP3 Converter 7.0
Free PDF to Word Doc Converter v1.1 (Version: 1.1)
Free YouTube to MP3 Converter version 3.12.2.430 (Version: 3.12.2.430)
FreeStar Free MP3 Splitter 1.0.2 (Version: 1.0.2)
GIMP 2.8.2 (Version: 2.8.2)
Google Chrome (Version: 28.0.1500.95)
Google Earth (Version: 6.2.1.6014)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.153)
GPBaseService2 (Version: 130.0.371.000)
Hotkey Utility (Version: 1.00.3003)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000)
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
hpphotosmartdisclabelplugin (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
Identity Card (Version: 1.00.3001)
ImagXpress (Version: 7.0.74.0)
IrfanView (remove only) (Version: 4.36)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 25 (Version: 7.0.250)
JDownloader 0.9 (Version: 0.9)
Junk Mail filter update (Version: 14.0.8117.416)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 130.0.374.000)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Language Pack 2007 - German/Deutsch (Version: 12.0.6612.1000)
Microsoft Office O MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office X MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
Mozilla Thunderbird 11.0 (x86 de) (Version: 11.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyWinLocker (Version: 3.1.72.0)
Nero 9 Essentials
Nero ControlCenter (Version: 9.0.0.1)
Nero DiscSpeed (Version: 5.4.7.201)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.7.201)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.4.9.100)
Nero InfoTool (Version: 6.4.7.201)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.8.1)
Nero Online Upgrade (Version: 1.3.0.0)
Nero StartSmart (Version: 9.4.11.209)
Nero StartSmart Help (Version: 9.4.1.100)
Nero StartSmart OEM (Version: 9.16.0.100)
NeroExpress (Version: 9.4.10.505)
neroxml (Version: 1.0.0)
Network64 (Version: 130.0.572.000)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.5.0)
NVIDIA Drivers (Version: 1.7)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7305)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
PDFCreator (Version: 1.0.1)
Photo Frames & Effects Free 1.12 (Version: 1.12)
Picasa 3 (Version: 3.9)
Picture Control Utility (Version: 1.1.6)
PixiePack Codec Pack (Version: 0.10.6.0)
PS_AIO_02_ProductContext (Version: 130.0.365.000)
PS_AIO_02_Software (Version: 130.0.365.000)
PS_AIO_02_Software_Min (Version: 130.0.365.000)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.5898)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
SmartPCFixer 4.2 (Version: 4.2)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
Spybot - Search & Destroy (Version: 1.6.2)
Status (Version: 130.0.469.000)
SUPERAntiSpyware (Version: 5.0.1146)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
Uncompressor
UnloadSupport (Version: 11.0.0)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
ViewNX (Version: 1.4.0)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.0 (Version: 2.0.0)
WD SmartWare (Version: 1.4.1.1)
WebReg (Version: 130.0.132.017)
Welcome Center (Version: 1.00.3004)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Fotogalerie (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
WISO Sparbuch 2010 (Version: 17.03.6583)
WISO Steuer-Sparbuch 2011 (Version: 18.00.6928)
WISO Steuer-Sparbuch 2012 (Version: 19.00.7303)
WISO Steuer-Sparbuch 2013 (Version: 20.00.8137)
========================= Memory info: ===================================
Percentage of memory in use: 37%
Total physical RAM: 3070.55 MB
Available physical RAM: 1919.12 MB
Total Pagefile: 6139.29 MB
Available Pagefile: 4180.25 MB
Total Virtual: 4095.88 MB
Available Virtual: 3946.29 MB
========================= Partitions: =====================================
1 Drive c: (Acer) (Fixed) (Total:290.22 GB) (Free:182.37 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:290.22 GB) (Free:289.98 GB) NTFS
4 Drive f: (CRUZER) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
5 Drive g: (My Book) (Fixed) (Total:931.48 GB) (Free:759.85 GB) NTFS
========================= Users: ========================================
Benutzerkonten fr \\SCHORSCH
Admin neu Administrator Gast
Peter_2 Ruth
Der Befehl wurde erfolgreich ausgefhrt.
========================= Minidump Files ==================================
No minidump file found
**** End of log ****
Mariheli |
|
19.08.2013, 16:41
| #10 |
| /// the machine /// TB-Ausbilder | Admin Profil nicht mehr da - Widgi Toolbar Unsere Tools müssen immer mit Adminrechten laufen. Downloade dir bitte Windows Repair (All In One) von hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.08.2013, 17:17
| #11 |
| | Admin Profil nicht mehr da - Widgi Toolbar Hallo Schrauber, nach "Check disk - do it" kommt folgende Fehlermeldung: "Execute processes remotely funktioniert nicht mehr und folgende Problemsignatur: Code:
ATTFilter Problemsignatur:
Problemereignisname: APPCRASH
Anwendungsname: psexec.exe
Anwendungsversion: 1.98.0.0
Anwendungszeitstempel: 4bd62e9f
Fehlermodulname: psexec.exe
Fehlermodulversion: 1.98.0.0
Fehlermodulzeitstempel: 4bd62e9f
Ausnahmecode: c0000005
Ausnahmeoffset: 00002b46
Betriebsystemversion: 6.1.7601.2.1.0.768.3
Gebietsschema-ID: 1031
Zusatzinformation 1: 0a9e
Zusatzinformation 2: 0a9e372d3b4ad19135b953a78882e789
Zusatzinformation 3: 0a9e
Zusatzinformation 4: 0a9e372d3b4ad19135b953a78882e789
Lesen Sie unsere Datenschutzbestimmungen online:
hxxp://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0407
Wenn die Onlinedatenschutzbestimmungen nicht verfügbar sind, lesen Sie unsere Datenschutzbestimmungen offline:
C:\Windows\system32\de-DE\erofflps.txt
|
|
20.08.2013, 11:26
| #12 |
| /// the machine /// TB-Ausbilder | Admin Profil nicht mehr da - Widgi Toolbar Überspring das, am wichtigsten ist der letzte Schritt mit den Haken setzen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.08.2013, 12:31
| #13 |
| | Admin Profil nicht mehr da - Widgi Toolbar Hallo Schrauber, nach "Start repairs musste ich die Fehlermeldung "Execute processes remotely funktioniert nicht mehr" noch ungefähr 50 x wegklicken, aber das Programm hat durchgearbeitet. die LOGS nachstehend. Internet geht auf jeden Fall schon mal wieder, juhu! Muss ich jetzt noch was machen? Erst mal schon vielen Dank für Deinen kompetente und Schnelle Hilfe! Code:
ATTFilter Running Repair Under System Account
Running Repair Under System Account
Running Repair Under System Account
Running Repair Under System Account
Starting Repairs...
Start (20.08.2013 13:13:49)
Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (20.08.2013 13:13:49)
Running Repair Under Current User Account
Done (20.08.2013 13:13:51)
Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (20.08.2013 13:13:51)
Running Repair Under System Account
Done (20.08.2013 13:14:29)
Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (20.08.2013 13:14:29)
Running Repair Under System Account
Done (20.08.2013 13:14:34)
Reset File Permissions 01/20
C:\$AVG & Sub Folders
Start (20.08.2013 13:14:34)
Running Repair Under System Account
Done (20.08.2013 13:14:36)
Reset File Permissions 02/20
C:\book & Sub Folders
Start (20.08.2013 13:14:36)
Running Repair Under System Account
Done (20.08.2013 13:14:38)
Reset File Permissions 03/20
C:\ComboFix & Sub Folders
Start (20.08.2013 13:14:38)
Running Repair Under System Account
Done (20.08.2013 13:14:41)
Reset File Permissions 04/20
C:\Config.Msi & Sub Folders
Start (20.08.2013 13:14:41)
Running Repair Under System Account
Done (20.08.2013 13:14:43)
Reset File Permissions 05/20
C:\Dokumente und Einstellungen & Sub Folders
Start (20.08.2013 13:14:43)
Running Repair Under System Account
Done (20.08.2013 13:14:46)
Reset File Permissions 06/20
C:\FRST & Sub Folders
Start (20.08.2013 13:14:46)
Running Repair Under System Account
Done (20.08.2013 13:14:48)
Reset File Permissions 07/20
C:\Medion & Sub Folders
Start (20.08.2013 13:14:48)
Running Repair Under System Account
Done (20.08.2013 13:14:55)
Reset File Permissions 08/20
C:\MSOCache & Sub Folders
Start (20.08.2013 13:14:55)
Running Repair Under System Account
Done (20.08.2013 13:14:57)
Reset File Permissions 09/20
C:\OEM & Sub Folders
Start (20.08.2013 13:14:57)
Running Repair Under System Account
Done (20.08.2013 13:15:00)
Reset File Permissions 10/20
C:\PerfLogs & Sub Folders
Start (20.08.2013 13:15:00)
Running Repair Under System Account
Done (20.08.2013 13:15:02)
Reset File Permissions 11/20
C:\Program Files & Sub Folders
Start (20.08.2013 13:15:02)
Running Repair Under System Account
Done (20.08.2013 13:15:05)
Reset File Permissions 12/20
C:\Program Files (x86) & Sub Folders
Start (20.08.2013 13:15:05)
Running Repair Under System Account
Done (20.08.2013 13:15:07)
Reset File Permissions 13/20
C:\ProgramData & Sub Folders
Start (20.08.2013 13:15:07)
Running Repair Under System Account
Done (20.08.2013 13:15:12)
Reset File Permissions 14/20
C:\Programme & Sub Folders
Start (20.08.2013 13:15:12)
Running Repair Under System Account
Done (20.08.2013 13:15:14)
Reset File Permissions 15/20
C:\Qoobox & Sub Folders
Start (20.08.2013 13:15:14)
Running Repair Under System Account
Done (20.08.2013 13:15:17)
Reset File Permissions 16/20
C:\Recovery & Sub Folders
Start (20.08.2013 13:15:17)
Running Repair Under System Account
Done (20.08.2013 13:15:19)
Reset File Permissions 17/20
C:\RegBackup & Sub Folders
Start (20.08.2013 13:15:19)
Running Repair Under System Account
Done (20.08.2013 13:15:22)
Reset File Permissions 18/20
C:\TEMP & Sub Folders
Start (20.08.2013 13:15:22)
Running Repair Under System Account
Done (20.08.2013 13:15:24)
Reset File Permissions 19/20
C:\Wiederherstellung & Sub Folders
Start (20.08.2013 13:15:24)
Running Repair Under System Account
Done (20.08.2013 13:15:27)
Reset File Permissions 20/20
C:\Windows & Sub Folders
Start (20.08.2013 13:15:27)
Running Repair Under System Account
Done (20.08.2013 13:15:29)
Reset File Permissions 01/04
D:\$AVG & Sub Folders
Start (20.08.2013 13:15:29)
Running Repair Under System Account
Done (20.08.2013 13:15:32)
Reset File Permissions 02/04
D:\640abde048c27a067ffcdea44b & Sub Folders
Start (20.08.2013 13:15:32)
Running Repair Under System Account
Done (20.08.2013 13:15:34)
Reset File Permissions 03/04
D:\6f06ab122222a4551a68d6be59cfc62d & Sub Folders
Start (20.08.2013 13:15:34)
Running Repair Under System Account
Done (20.08.2013 13:15:36)
Reset File Permissions 04/04
D:\af861f6f6c33c040c220c54112dd1e96 & Sub Folders
Start (20.08.2013 13:15:37)
Running Repair Under System Account
Done (20.08.2013 13:15:41)
Reset File Permissions 01/10
G:\$AVG & Sub Folders
Start (20.08.2013 13:15:41)
Running Repair Under System Account
Done (20.08.2013 13:15:44)
Reset File Permissions 02/10
G:\Datensicherung manuell & Sub Folders
Start (20.08.2013 13:15:44)
Running Repair Under System Account
Done (20.08.2013 13:15:46)
Reset File Permissions 03/10
G:\Extras & Sub Folders
Start (20.08.2013 13:15:46)
Running Repair Under System Account
Done (20.08.2013 13:15:48)
Reset File Permissions 04/10
G:\kl.files & Sub Folders
Start (20.08.2013 13:15:48)
Running Repair Under System Account
Done (20.08.2013 13:15:51)
Reset File Permissions 05/10
G:\SCHORSCH & Sub Folders
Start (20.08.2013 13:15:51)
Running Repair Under System Account
Done (20.08.2013 13:15:53)
Reset File Permissions 06/10
G:\User Manuals & Sub Folders
Start (20.08.2013 13:15:53)
Running Repair Under System Account
Done (20.08.2013 13:15:56)
Reset File Permissions 07/10
G:\WD SmartWare & Sub Folders
Start (20.08.2013 13:15:56)
Running Repair Under System Account
Done (20.08.2013 13:15:58)
Reset File Permissions 08/10
G:\WD SmartWare for Mac & Sub Folders
Start (20.08.2013 13:15:58)
Running Repair Under System Account
Done (20.08.2013 13:16:01)
Reset File Permissions 09/10
G:\WD SmartWare.swstor & Sub Folders
Start (20.08.2013 13:16:01)
Running Repair Under System Account
Done (20.08.2013 13:16:26)
Reset File Permissions 10/10
G:\WindowsImageBackup & Sub Folders
Start (20.08.2013 13:16:26)
Running Repair Under System Account
Done (20.08.2013 13:16:29)
Reset File Permissions: Cleanup
& Sub Folders
Start (20.08.2013 13:16:29)
Running Repair Under System Account
Done (20.08.2013 13:16:31)
Repair WMI
Start (20.08.2013 13:16:31)
Running Repair Under Current User Account
Ungltiger globaler Parameter.
Ungltiger globaler Parameter.
Running Repair Under System Account
Done (20.08.2013 13:17:58)
Repair Windows Firewall
Start (20.08.2013 13:17:58)
Running Repair Under Current User Account
Gemeinsame Nutzung der Internetverbindung ist nicht gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3521 eingeben.
Gemeinsame Nutzung der Internetverbindung konnte nicht gestartet werden.
Der Dienst hat keinen Fehler gemeldet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3534 eingeben.
Running Repair Under System Account
Done (20.08.2013 13:18:20)
Repair Internet Explorer
Start (20.08.2013 13:18:20)
Running Repair Under Current User Account
Running Repair Under System Account
Done (20.08.2013 13:18:37)
Remove Policies Set By Infections
Start (20.08.2013 13:18:37)
Running Repair Under Current User Account
Running Repair Under System Account
Done (20.08.2013 13:18:42)
Repair Winsock & DNS Cache
Start (20.08.2013 13:18:42)
Running Repair Under Current User Account
Running Repair Under System Account
Done (20.08.2013 13:18:55)
Repair Proxy Settings
Start (20.08.2013 13:18:55)
Running Repair Under Current User Account
Running Repair Under System Account
Done (20.08.2013 13:19:00)
Repair Windows Updates
Start (20.08.2013 13:19:00)
Running Repair Under Current User Account
Das System kann die angegebene Datei nicht finden.
Running Repair Under System Account
Kryptografiedienste ist nicht gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3521 eingeben.
Intelligenter Hintergrundbertragungsdienst ist nicht gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3521 eingeben.
Windows Update ist nicht gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3521 eingeben.
Das System kann die angegebene Datei nicht finden.
Done (20.08.2013 13:19:29)
Set Windows Services To Default Startup
Start (20.08.2013 13:19:29)
Running Repair Under Current User Account
Running Repair Under System Account
Done (20.08.2013 13:19:38)
Cleaning up empty logs...
All Selected Repairs Done.
Done (20.08.2013 13:19:38)
Total Repair Time: 00:05:49
...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account
Code:
ATTFilter WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\* : registry key is skipped (contains wildcard)
WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\microsoft.com\* : registry key is skipped (contains wildcard)
Code:
ATTFilter WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\* : registry key is skipped (contains wildcard)
WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\microsoft.com\* : registry key is skipped (contains wildcard)
|
|
20.08.2013, 13:01
| #14 |
| /// the machine /// TB-Ausbilder | Admin Profil nicht mehr da - Widgi ToolbarESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.08.2013, 19:03
| #15 |
| | Admin Profil nicht mehr da - Widgi Toolbar Hallo Schrauber, anliegend die Logs. Probleme hab ich keine mehr  FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2013 01
Ran by Admin neu (administrator) on 20-08-2013 19:57:17
Running from C:\Users\Peter_2\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [combofix] - C:\ComboFix\CF30478.3XE /c C:\ComboFix\Combobatch.bat [x]
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\TEMP\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: C:\Users\Peter_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Peter_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
BootExecute:
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17361109sn07973280t95bh781ly15
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Admin neu\AppData\Roaming\Mozilla\Firefox\Profiles\d6gb0lhc.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] C:\Program Files (x86)\AVG\AVG2012\Thunderbird\
==================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-11-24] (SUPERAntiSpyware.com)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
R2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-08-02] (AVG Secure Search)
R2 WDFME; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [485376 2010-09-08] ()
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-02] (AVG Technologies)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-22] (AVM GmbH)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 SMR210; C:\Windows\System32\drivers\SMR210.SYS [96376 2012-01-22] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-20 14:42 - 2013-08-20 14:42 - 00000768 _____ C:\Users\Peter_2\Desktop\checkup.lnk
2013-08-20 14:36 - 2013-08-20 14:36 - 00891115 _____ C:\Users\Peter_2\Desktop\SecurityCheck.exe
2013-08-20 14:35 - 2013-08-20 14:35 - 02347384 _____ (ESET) C:\Users\Peter_2\Desktop\esetsmartinstaller_enu.exe
2013-08-20 13:43 - 2013-08-20 13:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 13:18 - 2013-08-20 13:19 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-08-20 13:10 - 2013-08-20 13:10 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SCHORSCH-Microsoft-Windows-7-Home-Premium-(64-Bit).dat
2013-08-20 13:09 - 2013-08-20 13:09 - 00000000 ____D C:\RegBackup
2013-08-19 18:30 - 2013-08-19 18:30 - 00000000 ____D C:\Users\Peter_2\Desktop\tweaking.com_windows_repair_aio
2013-08-19 18:13 - 2013-08-19 18:13 - 00013192 _____ C:\Users\Peter\Documents\LOG.odt
2013-08-19 18:06 - 2013-08-20 13:18 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\CrashDumps
2013-08-19 17:56 - 2013-08-19 18:04 - 00000000 ____D C:\Users\Peter_2\Desktop\Tweaking.com - Windows Repair
2013-08-19 17:55 - 2013-08-19 17:48 - 03268369 _____ C:\Users\Peter_2\Desktop\tweaking.com_windows_repair_aio.zip
2013-08-19 12:44 - 2013-08-19 12:44 - 00003037 _____ C:\Users\Peter_2\FSS.txt
2013-08-19 12:40 - 2013-08-19 12:42 - 00003037 _____ C:\Users\Peter_2\Desktop\FSS.txt
2013-08-19 12:37 - 2013-08-19 12:37 - 00028706 _____ C:\Users\Peter_2\Desktop\Result.txt
2013-08-19 12:36 - 2013-08-19 12:31 - 00760937 _____ (Farbar) C:\Users\Peter_2\Desktop\MiniToolBox.exe
2013-08-19 12:36 - 2013-08-19 12:31 - 00358507 _____ (Farbar) C:\Users\Peter_2\Desktop\FSS.exe
2013-08-18 18:23 - 2013-08-18 18:23 - 00002852 _____ C:\Users\Peter_2\Desktop\JRT.txt
2013-08-18 18:22 - 2013-08-18 18:22 - 00002852 _____ C:\Users\Admin neu\Desktop\JRT.txt
2013-08-18 18:18 - 2013-08-18 18:18 - 00000000 ____D C:\Windows\ERUNT
2013-08-18 18:10 - 2013-08-18 18:11 - 00001651 _____ C:\Users\Peter_2\Desktop\AdwCleaner[S2].txt
2013-08-18 18:10 - 2013-08-18 18:08 - 01018166 _____ (Thisisu) C:\Users\Peter_2\Desktop\JRT.exe
2013-08-18 18:10 - 2013-08-18 18:07 - 00666633 _____ C:\Users\Peter_2\Desktop\adwcleaner.exe
2013-08-18 13:41 - 2013-08-18 14:29 - 00000000 ___SD C:\ComboFix
2013-08-18 10:19 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-18 10:19 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-18 10:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-18 10:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-18 10:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-18 10:19 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-18 10:19 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-18 10:19 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-18 10:18 - 2013-08-18 11:20 - 00000000 ____D C:\Windows\erdnt
2013-08-18 10:18 - 2013-08-18 10:18 - 00000000 ____D C:\Qoobox
2013-08-18 10:13 - 2013-08-18 10:14 - 05105390 ____R (Swearware) C:\Users\Peter_2\Desktop\ComboFix.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-16 18:43 - 2013-08-16 18:43 - 00008767 _____ C:\Users\Peter_2\Desktop\FRST.zip
2013-08-16 18:43 - 2013-08-16 18:43 - 00007509 _____ C:\Users\Peter_2\Desktop\Addition.zip
2013-08-16 18:42 - 2013-08-16 18:42 - 00004026 _____ C:\Users\Peter_2\Desktop\gmer.zip
2013-08-16 18:38 - 2013-08-16 18:38 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-08-16 18:37 - 2013-08-16 18:37 - 01110476 _____ C:\Users\Peter\Downloads\7z920.exe
2013-08-16 17:38 - 2013-08-16 17:46 - 00000803 _____ C:\Users\Peter_2\Desktop\SpybotSD.Results.txt
2013-08-16 17:38 - 2013-08-16 17:38 - 00317787 _____ C:\Users\Peter\Desktop\SpybotSD.Results.txt
2013-08-16 17:19 - 2013-08-16 17:19 - 00051796 _____ C:\Users\Peter_2\Desktop\gmer.txt
2013-08-16 17:04 - 2013-08-16 17:04 - 00377856 _____ C:\Users\Peter_2\Desktop\gmer_2.1.19163.exe
2013-08-16 17:02 - 2013-08-16 21:31 - 00030507 _____ C:\Users\Peter_2\Desktop\Addition.txt
2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\FRST
2013-08-16 17:00 - 2013-08-16 17:00 - 01575798 _____ (Farbar) C:\Users\Peter_2\Desktop\FRST64.exe
2013-08-16 16:58 - 2013-08-16 16:59 - 00000480 _____ C:\Users\Peter_2\Desktop\defogger_disable.log
2013-08-16 16:58 - 2013-08-16 16:58 - 00000000 _____ C:\Users\Admin neu\defogger_reenable
2013-08-16 16:56 - 2013-08-16 16:56 - 00050477 _____ C:\Users\Peter_2\Desktop\Defogger.exe
2013-08-16 14:40 - 2013-08-16 14:40 - 00001999 _____ C:\Users\Peter_2\Desktop\Avira DE-Cleaner.lnk
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-08-15 15:50 - 2013-08-15 15:50 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-15 15:50 - 2013-08-15 15:50 - 00000000 ____D C:\Program Files\Java
2013-08-15 15:49 - 2013-08-15 15:50 - 00028839 _____ C:\AdwCleaner[S1].txt
2013-08-15 15:48 - 2013-08-15 15:48 - 00028558 _____ C:\AdwCleaner[R1].txt
2013-08-15 15:47 - 2013-08-15 15:47 - 00618912 _____ (www.download-sponsor.de) C:\Users\Peter\Downloads\adwcleaner_2.306.exe
2013-08-15 15:40 - 2013-08-15 15:40 - 03272136 _____ (Secunia) C:\Users\Peter\Downloads\PSISetup.exe
2013-08-15 15:40 - 2013-08-15 15:40 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Secunia PSI
2013-08-15 15:40 - 2013-08-15 15:40 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert.exe
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert(1).exe
2013-08-15 15:39 - 2013-08-15 15:39 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-08-15 14:17 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 14:17 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 14:17 - 2013-07-24 15:40 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 09065472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-15 14:17 - 2013-07-24 15:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 06036480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-15 14:17 - 2013-07-24 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 14:17 - 2013-07-24 13:43 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 14:17 - 2013-07-24 13:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 14:17 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 14:17 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 14:17 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 14:17 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 14:17 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 14:17 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 14:17 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 14:17 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 14:17 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 14:17 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 14:17 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 14:17 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 14:15 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 14:15 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 14:15 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 14:15 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 14:15 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 14:15 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 14:15 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 14:15 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 14:15 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 14:15 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 14:15 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 14:15 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 14:15 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 19:24 - 2013-08-14 19:24 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Adobe
2013-08-14 19:02 - 2013-08-14 19:02 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Nero
2013-08-14 18:22 - 2013-08-14 19:24 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Adobe
2013-08-14 18:22 - 2013-08-14 18:22 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Macromedia
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Mozilla
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Mozilla
2013-08-14 15:13 - 2013-08-16 14:40 - 00002070 _____ C:\Users\Peter_2\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-08-14 15:13 - 2013-08-14 15:13 - 00883840 _____ C:\Users\Peter\Downloads\Avira-DE-Cleaner.exe
2013-08-14 14:58 - 2013-08-20 13:21 - 00006706 _____ C:\Windows\PFRO.log
2013-08-14 14:58 - 2013-08-20 13:21 - 00002520 _____ C:\Windows\setupact.log
2013-08-14 14:58 - 2013-08-14 14:58 - 00000000 _____ C:\Windows\setuperr.log
2013-08-14 13:12 - 2013-08-14 13:12 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Malwarebytes
2013-08-14 13:09 - 2013-08-14 13:10 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\IrfanView
2013-08-12 18:35 - 2013-08-12 18:35 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\SUPERAntiSpyware.com
2013-08-12 18:31 - 2013-08-18 17:31 - 00000000 ____D C:\Users\Admin neu
2013-08-12 18:31 - 2013-08-18 10:15 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Avg2013
2013-08-12 18:31 - 2013-08-12 18:31 - 00085296 _____ C:\Users\ADMINN~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-12 18:31 - 2013-08-12 18:31 - 00001443 _____ C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-12 18:31 - 2013-08-12 18:31 - 00001409 _____ C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-08-12 18:31 - 2013-08-12 18:31 - 00000020 ___SH C:\Users\Admin neu\ntuser.ini
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\ADMINN~1\AppData\Local\Verlauf
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\ADMINN~1\AppData\Local\Anwendungsdaten
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Vorlagen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Startmenü
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Netzwerkumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Lokale Einstellungen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Eigene Dateien
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Druckumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Documents\Eigene Musik
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Documents\Eigene Bilder
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Anwendungsdaten
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Western Digital
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\VirtualStore
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\EgisTec
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\ATI
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Macromedia
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Canon
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\AVG2013
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\ATI
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Apple Computer
2013-08-12 18:31 - 2012-10-13 10:07 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\TuneUp Software
2013-08-12 18:31 - 2009-11-22 22:55 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Microsoft Help
2013-08-12 18:31 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-08-12 18:31 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-08-11 09:28 - 2013-08-11 09:29 - 38171414 _____ C:\Users\Peter\Downloads\yacy_v1.62_20130801_9025(1).exe
2013-08-03 20:11 - 2013-08-12 11:19 - 00000000 ____D C:\Users\Ruth\Rauhenzell
2013-07-31 11:26 - 2013-07-31 11:26 - 00002419 _____ C:\Users\Peter_2\Desktop\Google Earth.lnk
2013-07-27 12:28 - 2013-08-15 16:28 - 00000000 ____D C:\Windows\system32\MRT
==================== One Month Modified Files and Folders =======
2013-08-20 19:57 - 2013-07-04 20:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-08-20 19:17 - 2012-03-31 17:49 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-20 19:04 - 2012-03-15 22:36 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1347085348-892770594-766104875-1004UA.job
2013-08-20 19:04 - 2009-12-10 21:15 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-20 14:42 - 2013-08-20 14:42 - 00001038 _____ C:\Users\Peter\checkup.txt
2013-08-20 14:42 - 2013-08-20 14:42 - 00000768 _____ C:\Users\Peter_2\Desktop\checkup.lnk
2013-08-20 14:42 - 2009-11-21 14:10 - 00000000 ____D C:\Users\Peter
2013-08-20 14:36 - 2013-08-20 14:36 - 00891115 _____ C:\Users\Peter_2\Desktop\SecurityCheck.exe
2013-08-20 14:36 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-20 14:36 - 2006-10-10 10:57 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-08-20 14:36 - 2006-10-10 10:57 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-08-20 14:35 - 2013-08-20 14:35 - 02347384 _____ (ESET) C:\Users\Peter_2\Desktop\esetsmartinstaller_enu.exe
2013-08-20 13:43 - 2013-08-20 13:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 13:26 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-20 13:26 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 13:26 - 2006-10-10 01:06 - 02051438 _____ C:\Windows\WindowsUpdate.log
2013-08-20 13:21 - 2013-08-14 14:58 - 00006706 _____ C:\Windows\PFRO.log
2013-08-20 13:21 - 2013-08-14 14:58 - 00002520 _____ C:\Windows\setupact.log
2013-08-20 13:21 - 2013-06-04 19:46 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-08-20 13:21 - 2009-12-10 21:15 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-20 13:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-20 13:19 - 2013-08-20 13:18 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-08-20 13:18 - 2013-08-19 18:06 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\CrashDumps
2013-08-20 13:18 - 2009-07-14 04:34 - 00000581 _____ C:\Windows\win.ini
2013-08-20 13:10 - 2013-08-20 13:10 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SCHORSCH-Microsoft-Windows-7-Home-Premium-(64-Bit).dat
2013-08-20 13:09 - 2013-08-20 13:09 - 00000000 ____D C:\RegBackup
2013-08-20 11:24 - 2010-11-16 18:30 - 00000000 ____D C:\ProgramData\MFAData
2013-08-19 18:30 - 2013-08-19 18:30 - 00000000 ____D C:\Users\Peter_2\Desktop\tweaking.com_windows_repair_aio
2013-08-19 18:13 - 2013-08-19 18:13 - 00013192 _____ C:\Users\Peter\Documents\LOG.odt
2013-08-19 18:04 - 2013-08-19 17:56 - 00000000 ____D C:\Users\Peter_2\Desktop\Tweaking.com - Windows Repair
2013-08-19 17:48 - 2013-08-19 17:55 - 03268369 _____ C:\Users\Peter_2\Desktop\tweaking.com_windows_repair_aio.zip
2013-08-19 12:44 - 2013-08-19 12:44 - 00003037 _____ C:\Users\Peter_2\FSS.txt
2013-08-19 12:44 - 2011-02-06 19:30 - 00000000 ____D C:\Users\Peter_2
2013-08-19 12:42 - 2013-08-19 12:40 - 00003037 _____ C:\Users\Peter_2\Desktop\FSS.txt
2013-08-19 12:37 - 2013-08-19 12:37 - 00028706 _____ C:\Users\Peter_2\Desktop\Result.txt
2013-08-19 12:31 - 2013-08-19 12:36 - 00760937 _____ (Farbar) C:\Users\Peter_2\Desktop\MiniToolBox.exe
2013-08-19 12:31 - 2013-08-19 12:36 - 00358507 _____ (Farbar) C:\Users\Peter_2\Desktop\FSS.exe
2013-08-18 18:23 - 2013-08-18 18:23 - 00002852 _____ C:\Users\Peter_2\Desktop\JRT.txt
2013-08-18 18:23 - 2012-02-21 14:43 - 00000000 ____D C:\Users\Peter_2\Documents\Mein Steuer-Sparbuch Heute
2013-08-18 18:22 - 2013-08-18 18:22 - 00002852 _____ C:\Users\Admin neu\Desktop\JRT.txt
2013-08-18 18:18 - 2013-08-18 18:18 - 00000000 ____D C:\Windows\ERUNT
2013-08-18 18:11 - 2013-08-18 18:10 - 00001651 _____ C:\Users\Peter_2\Desktop\AdwCleaner[S2].txt
2013-08-18 18:08 - 2013-08-18 18:10 - 01018166 _____ (Thisisu) C:\Users\Peter_2\Desktop\JRT.exe
2013-08-18 18:07 - 2013-08-18 18:10 - 00666633 _____ C:\Users\Peter_2\Desktop\adwcleaner.exe
2013-08-18 17:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu
2013-08-18 17:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-18 14:29 - 2013-08-18 13:41 - 00000000 ___SD C:\ComboFix
2013-08-18 11:20 - 2013-08-18 10:18 - 00000000 ____D C:\Windows\erdnt
2013-08-18 11:17 - 2011-02-15 13:38 - 00000000 ____D C:\Users\Peter_2\AppData\Roaming\Adobe
2013-08-18 11:04 - 2012-03-15 22:36 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1347085348-892770594-766104875-1004Core.job
2013-08-18 10:18 - 2013-08-18 10:18 - 00000000 ____D C:\Qoobox
2013-08-18 10:15 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Avg2013
2013-08-18 10:14 - 2013-08-18 10:13 - 05105390 ____R (Swearware) C:\Users\Peter_2\Desktop\ComboFix.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-17 19:35 - 2013-08-17 19:35 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-17 19:35 - 2012-09-05 19:03 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-17 19:35 - 2010-05-26 18:19 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-16 21:31 - 2013-08-16 17:02 - 00030507 _____ C:\Users\Peter_2\Desktop\Addition.txt
2013-08-16 18:43 - 2013-08-16 18:43 - 00008767 _____ C:\Users\Peter_2\Desktop\FRST.zip
2013-08-16 18:43 - 2013-08-16 18:43 - 00007509 _____ C:\Users\Peter_2\Desktop\Addition.zip
2013-08-16 18:42 - 2013-08-16 18:42 - 00004026 _____ C:\Users\Peter_2\Desktop\gmer.zip
2013-08-16 18:38 - 2013-08-16 18:38 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-08-16 18:37 - 2013-08-16 18:37 - 01110476 _____ C:\Users\Peter\Downloads\7z920.exe
2013-08-16 17:46 - 2013-08-16 17:38 - 00000803 _____ C:\Users\Peter_2\Desktop\SpybotSD.Results.txt
2013-08-16 17:38 - 2013-08-16 17:38 - 00317787 _____ C:\Users\Peter\Desktop\SpybotSD.Results.txt
2013-08-16 17:19 - 2013-08-16 17:19 - 00051796 _____ C:\Users\Peter_2\Desktop\gmer.txt
2013-08-16 17:04 - 2013-08-16 17:04 - 00377856 _____ C:\Users\Peter_2\Desktop\gmer_2.1.19163.exe
2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\FRST
2013-08-16 17:00 - 2013-08-16 17:00 - 01575798 _____ (Farbar) C:\Users\Peter_2\Desktop\FRST64.exe
2013-08-16 16:59 - 2013-08-16 16:58 - 00000480 _____ C:\Users\Peter_2\Desktop\defogger_disable.log
2013-08-16 16:58 - 2013-08-16 16:58 - 00000000 _____ C:\Users\Admin neu\defogger_reenable
2013-08-16 16:56 - 2013-08-16 16:56 - 00050477 _____ C:\Users\Peter_2\Desktop\Defogger.exe
2013-08-16 14:40 - 2013-08-16 14:40 - 00001999 _____ C:\Users\Peter_2\Desktop\Avira DE-Cleaner.lnk
2013-08-16 14:40 - 2013-08-14 15:13 - 00002070 _____ C:\Users\Peter_2\Desktop\Entfernen des Avira DE-Cleaners.lnk
2013-08-16 13:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 16:28 - 2013-07-27 12:28 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 16:26 - 2009-11-29 10:58 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-08-15 15:59 - 2013-08-15 15:59 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-08-15 15:59 - 2009-08-14 20:24 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-15 15:57 - 2009-11-25 00:12 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-15 15:51 - 2012-03-31 17:49 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-15 15:51 - 2012-03-31 17:49 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-15 15:51 - 2011-06-02 11:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-15 15:50 - 2013-08-15 15:50 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-15 15:50 - 2013-08-15 15:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-15 15:50 - 2013-08-15 15:50 - 00000000 ____D C:\Program Files\Java
2013-08-15 15:50 - 2013-08-15 15:49 - 00028839 _____ C:\AdwCleaner[S1].txt
2013-08-15 15:50 - 2012-09-05 19:02 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-15 15:50 - 2012-03-12 17:59 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-15 15:48 - 2013-08-15 15:48 - 00028558 _____ C:\AdwCleaner[R1].txt
2013-08-15 15:47 - 2013-08-15 15:47 - 00618912 _____ (www.download-sponsor.de) C:\Users\Peter\Downloads\adwcleaner_2.306.exe
2013-08-15 15:47 - 2012-03-09 23:20 - 00000000 ____D C:\Users\Peter_2\AppData\Local\CrashDumps
2013-08-15 15:40 - 2013-08-15 15:40 - 03272136 _____ (Secunia) C:\Users\Peter\Downloads\PSISetup.exe
2013-08-15 15:40 - 2013-08-15 15:40 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Secunia PSI
2013-08-15 15:40 - 2013-08-15 15:40 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert.exe
2013-08-15 15:39 - 2013-08-15 15:39 - 01752488 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\hmpalert(1).exe
2013-08-15 15:39 - 2013-08-15 15:39 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-08-15 14:19 - 2009-11-29 11:23 - 00000000 ____D C:\Users\Peter\Documents\Dokumente Peter
2013-08-15 09:22 - 2012-11-04 22:38 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-14 19:37 - 2012-03-15 23:05 - 00000000 ____D C:\Users\Peter_2\AppData\Roaming\vlc
2013-08-14 19:24 - 2013-08-14 19:24 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Adobe
2013-08-14 19:24 - 2013-08-14 18:22 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Adobe
2013-08-14 19:02 - 2013-08-14 19:02 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Nero
2013-08-14 18:22 - 2013-08-14 18:22 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Macromedia
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Mozilla
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Mozilla
2013-08-14 15:13 - 2013-08-14 15:13 - 00883840 _____ C:\Users\Peter\Downloads\Avira-DE-Cleaner.exe
2013-08-14 14:58 - 2013-08-14 14:58 - 00000000 _____ C:\Windows\setuperr.log
2013-08-14 14:58 - 2012-03-31 17:49 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-14 13:13 - 2012-01-22 19:01 - 00000000 ____D C:\Program Files (x86)\ MALWAREBYTES ANTI-MALWARE
2013-08-14 13:13 - 2012-01-22 18:57 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-14 13:13 - 2010-05-12 07:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-14 13:12 - 2013-08-14 13:12 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Malwarebytes
2013-08-14 13:11 - 2009-12-26 11:59 - 00000000 ____D C:\Windows\Minidump
2013-08-14 13:10 - 2013-08-14 13:09 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\IrfanView
2013-08-12 18:35 - 2013-08-12 18:35 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\SUPERAntiSpyware.com
2013-08-12 18:31 - 2013-08-12 18:31 - 00085296 _____ C:\Users\ADMINN~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-12 18:31 - 2013-08-12 18:31 - 00001443 _____ C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-12 18:31 - 2013-08-12 18:31 - 00001409 _____ C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-08-12 18:31 - 2013-08-12 18:31 - 00000020 ___SH C:\Users\Admin neu\ntuser.ini
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\ADMINN~1\AppData\Local\Verlauf
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\ADMINN~1\AppData\Local\Anwendungsdaten
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Vorlagen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Startmenü
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Netzwerkumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Lokale Einstellungen
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Eigene Dateien
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Druckumgebung
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Documents\Eigene Musik
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Documents\Eigene Bilder
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 _SHDL C:\Users\Admin neu\Anwendungsdaten
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ___RD C:\Users\Admin neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\Western Digital
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\VirtualStore
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\EgisTec
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\ADMINN~1\AppData\Local\ATI
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Macromedia
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Canon
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\AVG2013
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\ATI
2013-08-12 18:31 - 2013-08-12 18:31 - 00000000 ____D C:\Users\Admin neu\AppData\Roaming\Apple Computer
2013-08-12 18:09 - 2012-01-08 10:40 - 00000000 ____D C:\Users\Public\Documents\Screensaver
2013-08-12 11:23 - 2011-02-13 21:39 - 00060416 ___SH C:\Users\Ruth\Thumbs.db
2013-08-12 11:23 - 2011-02-06 18:34 - 00000000 ____D C:\Users\Ruth
2013-08-12 11:19 - 2013-08-03 20:11 - 00000000 ____D C:\Users\Ruth\Rauhenzell
2013-08-11 09:29 - 2013-08-11 09:28 - 38171414 _____ C:\Users\Peter\Downloads\yacy_v1.62_20130801_9025(1).exe
2013-08-10 12:04 - 2010-03-28 18:47 - 00001212 _____ C:\Windows\wiso.ini
2013-08-03 19:43 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-03 16:09 - 2011-02-06 23:05 - 00000000 ____D C:\Users\Ruth\Dokumente Ruth
2013-08-02 10:54 - 2013-06-18 20:13 - 00003715 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-08-02 10:53 - 2012-09-04 20:23 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-07-31 11:29 - 2010-03-28 18:47 - 00000000 ____D C:\Users\Peter\Documents\Mein Sparbuch Heute
2013-07-31 11:26 - 2013-07-31 11:26 - 00002419 _____ C:\Users\Peter_2\Desktop\Google Earth.lnk
2013-07-31 11:26 - 2011-02-21 23:51 - 00000000 ____D C:\Users\Peter_2\AppData\Local\Google
2013-07-30 18:30 - 2011-07-18 19:25 - 00003226 _____ C:\Users\Ruth\AppData\Roaming\wklnhst.dat
2013-07-30 18:16 - 2012-10-04 19:28 - 00000985 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-30 18:15 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-07-25 11:25 - 2013-08-15 14:17 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-15 14:17 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 15:40 - 2013-08-15 14:17 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 09065472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-24 15:40 - 2013-08-15 14:17 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 06036480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-24 15:14 - 2013-08-15 14:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-24 13:43 - 2013-08-15 14:17 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-24 13:23 - 2013-08-15 14:17 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-12 17:01
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x64 (UAC is enabled) ``````````````Antivirus/Firewall Check:`````````````` AVG AntiVirus Free Edition 2013 Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.75.0.1300 AVG PC Tuneup 2011 Java 7 Update 25 Adobe Flash Player 11.8.800.94 Adobe Reader XI Mozilla Firefox 22.0 Firefox out of Date! Mozilla Thunderbird 11.0. Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe ESET ESET Online Scanner OnlineScannerApp.exe ESET ESET Online Scanner OnlineCmdLineScanner.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dcf938388112bf4d8e6e413f99bc5799
# engine=14839
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-20 12:42:49
# local_time=2013-08-20 02:42:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1043 16777213 100 87 160704 64136553 0 0
# compatibility_mode=5893 16776574 100 94 3350024 128632419 0 0
# scanned=2315
# found=0
# cleaned=0
# scan_time=265
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dcf938388112bf4d8e6e413f99bc5799
# engine=14839
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-20 04:57:18
# local_time=2013-08-20 06:57:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1043 16777213 100 87 175973 64151822 0 0
# compatibility_mode=5893 16776574 100 94 3365293 128647688 0 0
# scanned=327714
# found=1
# cleaned=0
# scan_time=15239
sh=69DB0B090040ED226A7E8B6B1A1211230362FEC7 ft=0 fh=0000000000000000 vn="Win32/Adware.Gator.Trickler application" ac=I fn="G:\SCHORSCH\Backup Set 2011-02-18 184300\Backup Files 2011-02-18 184300\Backup files 2.zip"
Mariheli  |
|
| Themen zu Admin Profil nicht mehr da - Widgi Toolbar |
| administrator, anlage, anti-malware, appdata, autostart, code, dateien, explorer, firefox, folge, gelöscht, hilfe!, malwarebytes, meldung, microsoft, mozilla, nicht mehr, programm, quarantäne, registry, registry key, roaming, software, speicher, spybot, version, öffnen |
Linear-Darstellung
