| |
| |||||||
Log-Analyse und Auswertung: DirtyDecrypt über den BKA Trojaner eingefangen ransomwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.08.2013, 16:41
| #1 |
| |  DirtyDecrypt über den BKA Trojaner eingefangen ransomware Leider bin ich auch betroffen von dem Trojaner. Bilder und pdf's und txt-dateien sind nicht mehr zu öffnen. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2013
Ran by Acer (administrator) on 18-08-2013 16:16:33
Running from C:\Users\Acer\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(The Creative Engine) C:\Program Files (x86)\Intel iPOS v5\TCEidletimer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(PC Tools) C:\Program Files (x86)\ThreatFire\TFTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
( ) C:\Windows\system32\lxctcoms.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files (x86)\Intel iPOS v5\cadservice.exe
(PC Tools) C:\Program Files (x86)\ThreatFire\TFService.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(Adobe Systems, Inc.) C:\Program Files (x86)\Intel iPOS v5\TCEPlayer.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Dropbox, Inc.) C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [LXCTCATS] - C:\Windows\system32\spool\DRIVERS\x64\3\LXCTtime.dll [31744 2006-06-07] (Lexmark International Inc.)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKCU\...\Run: [] - [x]
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ThreatFire] - C:\Program Files (x86)\ThreatFire\TFTray.exe [378128 2010-01-15] (PC Tools)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Autostart Intel iPOS v5.lnk
ShortcutTarget: Autostart Intel iPOS v5.lnk -> C:\Program Files (x86)\Intel iPOS v5\TCEidletimer.exe (The Creative Engine)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intel iPOS v5.lnk
ShortcutTarget: Intel iPOS v5.lnk -> C:\Program Files (x86)\Intel iPOS v5\TCEPlayer.exe (Adobe Systems, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273610108015l0414z1h5v47522898
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=36a870f90000000000004c0f6e8a23f2
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=36a870f90000000000004c0f6e8a23f2
SearchScopes: HKCU - {5251C588-FB0C-4B59-A677-F85A83601B24} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-W1&o=100000080&src=crm&q={searchTerms}&locale=&apn_ptnrs=JM&apn_dtid=YYYYYYYYDE&apn_uid=ca619883-703a-4491-8c61-e5f4e63a5214&apn_sauid=5ABCA223-C9A4-48CC-9301-40F2D59F3D3D
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search/web?q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\e00c6g5s.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\e00c6g5s.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF Extension: No Name - C:\Users\Acer\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\e00c6g5s.default\Extensions\{71bfcce7-421d-4042-95d4-a585a821cbca}.xpi
FF Extension: No Name - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\e00c6g5s.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\staged
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [fe_9.0@nokia.com] C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF HKLM-x32\...\Thunderbird\Extensions: [te_9.0@nokia.com] C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-11] (Avira Operations GmbH & Co. KG)
S3 FirebirdServerMAGIXInstance; C:\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 lxct_device; C:\Windows\system32\lxctcoms.exe [546304 2006-07-13] ( )
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
R2 TCE CAD Service; C:\Program Files (x86)\Intel iPOS v5\cadservice.exe [25600 2010-09-02] ()
R2 ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe [70928 2010-01-15] (PC Tools)
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-05-03] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [541512 2012-05-03] (PacketVideo)
R2 TwonkyWebDav; C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [271176 2012-05-03] ()
==================== Drivers (Whitelisted) ====================
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-03-07] ()
S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178624 2013-03-07] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-02-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-19] (Avira Operations GmbH & Co. KG)
S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [236160 2011-10-25] (Conexant Systems, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-02-02] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-12-19] ()
R0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [65072 2010-01-15] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2010-01-15] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2010-01-15] (PC Tools)
R0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [59880 2010-01-15] (PC Tools)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
U3 ancr110a; C:\Windows\System32\Drivers\ancr110a.sys [0 ] (Microsoft Corporation)
S3 cpuz132; \??\C:\Users\Acer\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]
S3 cpuz134; \??\C:\Users\Acer\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-18 15:56 - 2013-08-18 15:58 - 01575580 _____ (Farbar) C:\Users\Acer\Downloads\FRST64.exe
2013-08-18 15:12 - 2013-08-18 15:12 - 00000000 ____D C:\Users\Acer\AppData\Local\DriverTuner
2013-08-18 15:09 - 2013-08-18 15:11 - 02816072 _____ (LionSea SoftWare ) C:\Users\Acer\Downloads\setup.exe
2013-08-17 17:20 - 2013-08-18 14:14 - 00000538 _____ C:\Windows\setupact.log
2013-08-17 17:20 - 2013-08-17 17:20 - 00000000 _____ C:\Windows\setuperr.log
2013-08-15 20:40 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 20:40 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 20:40 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 20:40 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 20:40 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 20:40 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 20:40 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 20:40 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 20:40 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 20:40 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 20:40 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 20:40 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 19:51 - 2013-08-18 14:15 - 00000000 ___RD C:\Users\Acer\Dropbox
2013-08-15 19:51 - 2013-08-15 19:51 - 00001041 _____ C:\Users\Acer\Desktop\Dropbox.lnk
2013-08-15 19:31 - 2013-08-15 19:34 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-15 19:17 - 2013-08-15 19:29 - 33641960 _____ (Dropbox, Inc.) C:\Users\Acer\Downloads\Dropbox_2.2.13.exe
2013-08-15 18:09 - 2013-08-17 17:41 - 00000000 ____D C:\Users\Acer\Desktop\Thailand2013T
2013-08-15 18:08 - 2013-08-15 18:08 - 00000000 ____D C:\Users\Acer\Desktop\Teneriffa2012T
2013-08-15 18:07 - 2013-08-15 18:07 - 00000000 ____D C:\Users\Acer\Desktop\Hochzeitsbilder2
2013-08-15 18:07 - 2013-08-15 18:07 - 00000000 ____D C:\Users\Acer\Desktop\Hochzeitsbilder1
2013-08-15 13:11 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 13:11 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 13:11 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 13:11 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 13:11 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 13:11 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 13:11 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 13:11 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 13:11 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 13:11 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 13:11 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 13:11 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 13:11 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 13:11 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 13:11 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 13:11 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 13:11 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 13:11 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 13:11 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 13:11 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 13:10 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 13:10 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 13:10 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 13:10 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 13:10 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 13:10 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 13:05 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-15 11:36 - 2013-08-15 11:36 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvbbt
2013-08-15 11:36 - 2013-08-15 11:36 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkv
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvbb
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvb
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifk
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuif
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftui
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftu
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbft
2013-08-15 11:02 - 2013-08-15 11:02 - 00000000 ____D C:\Users\Acer\AppData\Local\TfeTxCRk
2013-08-15 10:59 - 2013-08-15 12:36 - 00000000 ____D C:\Users\Acer\AppData\Local\Dirty
2013-08-15 10:59 - 2013-08-15 12:23 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Dirty
2013-08-15 10:59 - 2013-08-15 10:59 - 00000000 ____D C:\Users\Acer\AppData\Local\LYhNPXtf
2013-08-14 20:31 - 2013-08-15 20:35 - 00000000 ____D C:\Windows\system32\MRT
2013-08-10 16:42 - 2013-08-10 16:44 - 04429440 _____ (Piriform Ltd) C:\Users\Acer\Downloads\ccsetup404.exe
2013-07-31 14:45 - 2013-07-31 14:45 - 00000000 ____D C:\Users\Acer\Desktop\Klassenliste 4d
==================== One Month Modified Files and Folders =======
2013-08-18 16:16 - 2013-08-18 16:16 - 00000000 ____D C:\FRST
2013-08-18 15:59 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-18 15:59 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-18 15:58 - 2013-08-18 15:56 - 01575580 _____ (Farbar) C:\Users\Acer\Downloads\FRST64.exe
2013-08-18 15:18 - 2011-03-19 20:53 - 00000000 ____D C:\Users\Acer\Documents\Mein Steuer-Sparbuch Heute
2013-08-18 15:12 - 2013-08-18 15:12 - 00000000 ____D C:\Users\Acer\AppData\Local\DriverTuner
2013-08-18 15:11 - 2013-08-18 15:09 - 02816072 _____ (LionSea SoftWare ) C:\Users\Acer\Downloads\setup.exe
2013-08-18 14:29 - 2011-09-13 20:13 - 00000000 ____D C:\Program Files (x86)\ThreatFire
2013-08-18 14:19 - 2012-06-14 21:24 - 00000000 ____D C:\ProgramData\TwonkyServer
2013-08-18 14:17 - 2010-12-29 04:39 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8601232D-346E-4210-9E27-41844A6A0A23}
2013-08-18 14:15 - 2013-08-15 19:51 - 00000000 ___RD C:\Users\Acer\Dropbox
2013-08-18 14:14 - 2013-08-17 17:20 - 00000538 _____ C:\Windows\setupact.log
2013-08-18 14:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-18 08:31 - 2011-09-11 13:51 - 01561742 _____ C:\Windows\WindowsUpdate.log
2013-08-18 08:28 - 2011-04-25 16:28 - 00000000 ____D C:\Program Files\Lx_cats
2013-08-17 22:33 - 2010-12-19 15:56 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-08-17 17:41 - 2013-08-15 18:09 - 00000000 ____D C:\Users\Acer\Desktop\Thailand2013T
2013-08-17 17:20 - 2013-08-17 17:20 - 00000000 _____ C:\Windows\setuperr.log
2013-08-17 00:17 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-08-15 20:37 - 2010-09-14 15:47 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-15 20:37 - 2010-09-14 15:47 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-15 20:37 - 2009-07-14 07:13 - 01520734 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-15 20:35 - 2013-08-14 20:31 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 20:30 - 2010-12-29 15:19 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 19:51 - 2013-08-15 19:51 - 00001041 _____ C:\Users\Acer\Desktop\Dropbox.lnk
2013-08-15 19:51 - 2010-10-30 18:12 - 00000000 ____D C:\Users\Acer
2013-08-15 19:34 - 2013-08-15 19:31 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-15 19:34 - 2012-12-31 14:45 - 00001027 _____ C:\Windows\wininit.ini
2013-08-15 19:34 - 2010-10-30 18:15 - 00000000 ___RD C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-15 19:29 - 2013-08-15 19:17 - 33641960 _____ (Dropbox, Inc.) C:\Users\Acer\Downloads\Dropbox_2.2.13.exe
2013-08-15 18:08 - 2013-08-15 18:08 - 00000000 ____D C:\Users\Acer\Desktop\Teneriffa2012T
2013-08-15 18:07 - 2013-08-15 18:07 - 00000000 ____D C:\Users\Acer\Desktop\Hochzeitsbilder2
2013-08-15 18:07 - 2013-08-15 18:07 - 00000000 ____D C:\Users\Acer\Desktop\Hochzeitsbilder1
2013-08-15 12:36 - 2013-08-15 10:59 - 00000000 ____D C:\Users\Acer\AppData\Local\Dirty
2013-08-15 12:36 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-15 12:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-08-15 12:23 - 2013-08-15 10:59 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Dirty
2013-08-15 11:36 - 2013-08-15 11:36 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvbbt
2013-08-15 11:36 - 2013-08-15 11:36 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkv
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvbb
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvb
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifk
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuif
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftui
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftu
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbft
2013-08-15 11:35 - 2010-10-30 18:15 - 00000000 ____D C:\Users\Acer\AppData\Local\EgisTec IPS
2013-08-15 11:02 - 2013-08-15 11:02 - 00000000 ____D C:\Users\Acer\AppData\Local\TfeTxCRk
2013-08-15 10:59 - 2013-08-15 10:59 - 00000000 ____D C:\Users\Acer\AppData\Local\LYhNPXtf
2013-08-10 16:57 - 2011-07-14 18:43 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-10 16:57 - 2010-12-26 13:48 - 00000000 ____D C:\Program Files\CCleaner
2013-08-10 16:44 - 2013-08-10 16:42 - 04429440 _____ (Piriform Ltd) C:\Users\Acer\Downloads\ccsetup404.exe
2013-08-10 16:31 - 2010-12-06 01:34 - 00000000 ____D C:\Users\Acer\Desktop\Programme
2013-07-31 14:45 - 2013-07-31 14:45 - 00000000 ____D C:\Users\Acer\Desktop\Klassenliste 4d
2013-07-26 07:13 - 2013-08-15 20:40 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-15 20:40 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-15 20:40 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-15 20:40 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-15 20:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-15 20:40 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-15 20:40 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 20:40 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-15 20:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-15 20:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-15 20:40 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-15 20:40 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-15 13:10 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-15 13:10 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-19 03:58 - 2013-08-15 13:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-19 03:41 - 2013-08-15 13:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
Files to move or delete:
====================
C:\ProgramData\ldsw_0paos.pad
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-14 16:44
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2013
Ran by Acer at 2013-08-18 16:17:49
Running from C:\Users\Acer\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1735.41615)
Acer Backup Manager (x32 Version: 2.0.0.68)
Acer Crystal Eye webcam (x32 Version: 1.0.4.0)
Acer ePower Management (x32 Version: 5.00.3005)
Acer eRecovery Management (x32 Version: 4.05.3013)
Acer GameZone Console (x32 Version: 6.1.0.9)
Acer Registration (x32 Version: 1.03.3003)
Acer ScreenSaver (x32 Version: 1.1.0707.2010)
Acer Updater (x32 Version: 1.02.3001)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 3.6.0.6090)
Adobe Flash Player 11 ActiveX (x32 Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Airport Mania First Flight (x32)
Amazon Kindle (HKCU)
Amazonia (x32)
Anno 1404 (x32 Version: 1.00.0000)
ANNO 1404 (x32 Version: 1.03.0000)
ATI Catalyst Install Manager (Version: 3.0.778.0)
AutoUpdate (x32 Version: 1.1)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
Babylon toolbar on IE (x32)
Backup Manager Basic (x32 Version: 2.0.0.68)
Becker Content Manager (x32 Version: 1.5.1807.0)
Broadcom Gigabit NetLink Controller (Version: 14.0.2.3)
Cake Mania (x32)
calibre (x32 Version: 0.9.6)
Camera Window DS (x32 Version: 5.1)
Camera Window DVC (x32 Version: 5.1)
Camera Window MC (x32 Version: 5.1)
Canon Camera Support Core Library (x32 Version: 7.2.0.4)
Canon Camera WIA Driver (x32 Version: 5.6)
Canon Camera Window DS for ZoomBrowser EX (x32 Version: 5.1)
Canon Camera Window DVC for ZoomBrowser EX (x32 Version: 5.1)
Canon Camera Window for ZoomBrowser EX (x32 Version: 5.1)
Canon EOS Kiss_N REBEL_XT 350D WIA-Treiber (x32 Version: 5.6)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.3.4)
Canon PhotoRecord (x32 Version: 02.02.01000)
Canon RAW Image Task for ZoomBrowser EX (x32 Version: 2.0)
Canon RemoteCapture Task for ZoomBrowser EX (x32 Version: 1.1)
Canon Utilities Digital Photo Professional 1.6.1 (x32 Version: 1.6.1)
Canon Utilities EOS Capture 1.3 (x32 Version: 1.3)
Canon Utilities PhotoStitch 3.1 (x32 Version: 3.1.14)
Canon ZoomBrowser EX (x32 Version: 5.00.0000)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0527.1242.20909)
Catalyst Control Center InstallProxy (x32 Version: 2010.0527.1242.20909)
Catalyst Control Center Localization All (x32 Version: 2010.0527.1242.20909)
CCC Help Chinese Standard (x32 Version: 2010.0527.1241.20909)
CCC Help Chinese Traditional (x32 Version: 2010.0527.1241.20909)
CCC Help Czech (x32 Version: 2010.0527.1241.20909)
CCC Help Danish (x32 Version: 2010.0527.1241.20909)
CCC Help Dutch (x32 Version: 2010.0527.1241.20909)
CCC Help English (x32 Version: 2010.0527.1241.20909)
CCC Help Finnish (x32 Version: 2010.0527.1241.20909)
CCC Help French (x32 Version: 2010.0527.1241.20909)
CCC Help German (x32 Version: 2010.0527.1241.20909)
CCC Help Greek (x32 Version: 2010.0527.1241.20909)
CCC Help Hungarian (x32 Version: 2010.0527.1241.20909)
CCC Help Italian (x32 Version: 2010.0527.1241.20909)
CCC Help Japanese (x32 Version: 2010.0527.1241.20909)
CCC Help Korean (x32 Version: 2010.0527.1241.20909)
CCC Help Norwegian (x32 Version: 2010.0527.1241.20909)
CCC Help Polish (x32 Version: 2010.0527.1241.20909)
CCC Help Portuguese (x32 Version: 2010.0527.1241.20909)
CCC Help Russian (x32 Version: 2010.0527.1241.20909)
CCC Help Spanish (x32 Version: 2010.0527.1241.20909)
CCC Help Swedish (x32 Version: 2010.0527.1241.20909)
CCC Help Thai (x32 Version: 2010.0527.1241.20909)
CCC Help Turkish (x32 Version: 2010.0527.1241.20909)
ccc-core-static (x32 Version: 2010.0527.1242.20909)
ccc-utility64 (Version: 2010.0527.1242.20909)
CDBurnerXP (Version: 4.3.8.2568)
CDBurnerXP (x32 Version: 4.4.2.3442)
Content Manager 2 (x32 Version: 2.2.1.9986)
CyberLink Power2Go (x32 Version: 7.0.0.1906)
CyberLink PowerDirector (x32 Version: 8.0.3224a)
CyberLink PowerDVD 9 (x32 Version: 9.0.2829.50)
CyberLink PowerProducer (x32 Version: 5.0.2.4230)
DAEMON Tools Toolbar (x32 Version: 1.1.2.0185)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Die Vorsorgemappe (x32)
DivX Codec (x32 Version: 6.8.2)
DivX Player (x32 Version: 6.7.0)
Drakensang - Am Fluss der Zeit (x32)
Dream Day First Home (x32)
Dropbox (HKCU Version: 2.2.13)
DVD Shrink 3.2 deutsch (DeCSS-frei) (x32)
EA Installer (x32 Version: 2.3.0.74)
eaner (Version: 4.04)
eSobi v2 (x32 Version: 2.0.4.000274)
ETDWare PS/2-x64 7.0.6.5_WHQL (Version: 7.0.6.5)
Falk Navi-Manager (x32 Version: 1.3.0.221)
Falk Navi-Manager (x32 Version: 2.8.0)
Farm Frenzy 2 (x32)
FaxRedist (x32 Version: 1.0.0)
Firebird SQL Server - MAGIX Edition (D) (x32 Version: 2.0.0.1)
FoxTab PDF Creator (HKCU)
Free YouTube to MP3 Converter version 3.10.14.1206 (x32)
FUSSBALL MANAGER 11 (x32)
Galapago (x32)
Google Earth (x32 Version: 6.2.0.5905)
Haufe Formular-Manager (x32 Version: 2.4.1.0)
Heroes of Hellas (x32)
Identity Card (x32 Version: 1.00.3003)
Intel iPOS v5 (x32 Version: 5.0.48)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.2.1001)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.02.00.1002)
Internet Library (x32 Version: 1.3.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 37 (x32 Version: 6.0.370)
Launch Manager (x32 Version: 4.0.12)
Lexmark 5400 Series
Lexmark Symbolleiste (x32)
MAGIX Screenshare (x32 Version: 4.3.6.1987)
MD86364 Driver Install x64 (x32 Version: 6.11.615.0)
MediaManager (x32 Version: 3.0.49)
Merriam Websters Spell Jam (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XML Parser (x32 Version: 8.0.7820.0)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCMergeModules (x32 Version: 1.0.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyWinLocker (x32 Version: 3.1.212.0)
MyWinLocker Suite (x32 Version: 3.1.212.0)
Naviextras Toolbox Prerequesities (x32 Version: 1.0.0)
Nokia Connectivity Cable Driver (x32 Version: 7.1.69.0)
Nokia Software Updater (x32 Version: 02.06.006.44298)
Nokia Suite (x32 Version: 3.3.89.0)
NTI Media Maker 9 (x32 Version: 9.0.2.8928)
PC Connectivity Solution (x32 Version: 11.5.29.0)
PhotoStitch (x32 Version: 3.1.14)
Poker Pop (x32)
PX Profile Update (x32 Version: 1.00.1.)
RAW Image Task 2.0 (x32 Version: 2.0)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6034)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6141)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30122)
RemoteCapture Task 1.1 (x32 Version: 1.1)
Shredder (Version: 2.0.8.3)
Shredder (x32 Version: 2.0.8.3)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 5.10 (x32 Version: 5.10.116)
Spin & Win (x32)
Text-To-Speech-Runtime (x32 Version: 1.0.0.0)
ThreatFire (x32)
Twonky Windows Components (x32 Version: 3.0.2)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VirtualCloneDrive (x32)
Welcome Center (x32 Version: 1.02.3002)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WISO Steuer-Sparbuch 2011 (x32 Version: 18.00.6928)
WISO Steuer-Sparbuch 2012 (x32 Version: 19.00.7303)
WISO Steuer-Sparbuch 2013 (HKCU Version: 20.00.8137)
==================== Restore Points =========================
12-07-2013 19:01:07 Windows Update
14-08-2013 14:51:51 Geplanter Prüfpunkt
14-08-2013 18:30:00 Windows Update
15-08-2013 10:23:04 Avira Free Antivirus - 15.08.2013 12:23
15-08-2013 10:29:20 Wiederherstellungsvorgang
15-08-2013 18:29:17 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {22839EE6-9392-48C2-A543-BFAD399D2753} - System32\Tasks\{516FEFF2-E394-4C12-A022-FE3C80E6D34D} => c:\program files (x86)\mozilla firefox\firefox.exe [2013-07-16] (Mozilla Corporation)
Task: {467935B5-FB44-407E-B06C-48A98B992813} - \DealPlyUpdate No Task File
Task: {71306498-1065-46BA-B594-9717EF85ABBF} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {B37CF629-5B6D-4BA8-9BC6-510654AA8D03} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-13] (Adobe Systems Incorporated)
Task: {C4F7F514-BA1E-4DD1-95BC-C54F79F43613} - System32\Tasks\{50272101-21B3-4941-9A8F-4D81AFA6C497} => c:\program files (x86)\mozilla firefox\firefox.exe [2013-07-16] (Mozilla Corporation)
Task: {C9BB258B-AF27-4AF7-B374-CA2768AAEC84} - System32\Tasks\User_Feed_Synchronization-{8601232D-346E-4210-9E27-41844A6A0A23} => C:\Windows\system32\msfeedssync.exe [2013-03-13] (Microsoft Corporation)
Task: {D753C6A6-1499-40FE-9AFE-D298D5F8F02B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {DAE6CDA8-4A0E-4EA4-AFB9-C4A9B2F8EF27} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {E08A370E-729E-45C8-8EDF-9A1AC89205CA} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {F7F64405-00DB-468E-9FE6-2328FB7C6D43} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/17/2013 11:25:38 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/17/2013 11:18:33 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (08/17/2013 11:18:33 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (08/17/2013 11:18:33 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (08/17/2013 11:18:33 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (08/17/2013 11:18:31 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (08/17/2013 11:18:30 AM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (08/17/2013 11:18:30 AM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (08/17/2013 11:18:30 AM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (08/17/2013 11:18:30 AM) (Source: Windows Search Service) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
System errors:
=============
Error: (08/18/2013 02:16:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (08/18/2013 02:16:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (08/18/2013 02:16:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (08/18/2013 08:32:06 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst TCE CAD Service konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (08/18/2013 08:31:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (08/18/2013 08:20:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (08/18/2013 08:20:21 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (08/18/2013 08:20:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (08/17/2013 10:34:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst TCE CAD Service konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (08/17/2013 09:53:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst TCE CAD Service konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Microsoft Office Sessions:
=========================
Error: (08/17/2013 11:25:38 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/17/2013 11:18:33 AM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (08/17/2013 11:18:33 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (08/17/2013 11:18:33 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (08/17/2013 11:18:33 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
Error: (08/17/2013 11:18:31 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
Error: (08/17/2013 11:18:30 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (08/17/2013 11:18:30 AM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
Error: (08/17/2013 11:18:30 AM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
4700
Error: (08/17/2013 11:18:30 AM) (Source: Windows Search Service)(User: )
Description:
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
==================== Memory info ===========================
Percentage of memory in use: 40%
Total physical RAM: 3958.71 MB
Available physical RAM: 2345.71 MB
Total Pagefile: 7915.61 MB
Available Pagefile: 5997.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:452.66 GB) (Free:292.5 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 71BEEB98)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
18.08.2013, 18:22
| #2 | |
| /// the machine /// TB-Ausbilder    | DirtyDecrypt über den BKA Trojaner eingefangen ransomware hi,
__________________deine Dateien sind futsch, leider. Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
19.08.2013, 03:02
| #3 |
| | DirtyDecrypt über den BKA Trojaner eingefangen ransomwareCode:
ATTFilter ComboFix 13-08-18.01 - Acer 18.08.2013 19:41:07.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3959.2320 [GMT 2:00]
ausgeführt von:: c:\users\Acer\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdate.log
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\programdata\ldsw_0paos.pad
C:\timerintray
c:\timerintray\config.bin
c:\users\Acer\AppData\Roaming\Dirty
c:\users\Acer\AppData\Roaming\Dirty\alertwall.jpg
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-18 bis 2013-08-18 ))))))))))))))))))))))))))))))
.
.
2013-08-18 17:53 . 2013-08-18 17:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-18 14:16 . 2013-08-18 14:16 -------- d-----w- C:\FRST
2013-08-18 13:12 . 2013-08-18 13:12 -------- d-----w- c:\users\Acer\AppData\Local\DriverTuner
2013-08-15 17:51 . 2013-08-18 12:15 -------- d-----r- c:\users\Acer\Dropbox
2013-08-15 11:10 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 11:10 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-15 11:10 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-15 11:10 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-15 11:10 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-15 11:10 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-15 11:05 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-15 09:35 . 2013-08-15 09:35 -------- d-----w- c:\users\Acer\AppData\Local\PQuqgbft
2013-08-15 09:02 . 2013-08-15 09:02 -------- d-----w- c:\users\Acer\AppData\Local\TfeTxCRk
2013-08-15 08:59 . 2013-08-15 08:59 -------- d-----w- c:\users\Acer\AppData\Local\LYhNPXtf
2013-08-15 08:59 . 2013-08-15 10:36 -------- d-----w- c:\users\Acer\AppData\Local\Dirty
2013-08-14 18:31 . 2013-08-15 18:35 -------- d-----w- c:\windows\system32\MRT
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-15 18:30 . 2010-12-29 13:19 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-13 09:06 . 2012-03-29 17:48 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-13 09:06 . 2011-05-21 11:54 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-12 04:51 . 2013-07-12 04:51 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-12 04:51 . 2012-05-27 11:52 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-07-12 04:51 . 2011-01-28 18:52 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-11 13:57 . 2013-05-07 09:46 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-07-09 04:45 . 2013-08-15 11:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-11 14:49 . 2011-07-06 18:36 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-06-11 14:49 . 2011-07-06 18:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-06-05 03:34 . 2013-07-11 16:41 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 15:20 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 15:20 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2011-12-09 08:51 . 2012-01-08 00:07 1456640 ----a-w- c:\program files (x86)\Common Files\Falk Navi-Manager.msi
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2010-01-14 378128]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-11 345144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-8-3 28057256]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe [2013-1-13 1397840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Autostart Intel iPOS v5.lnk - c:\program files (x86)\Intel iPOS v5\TCEidletimer.exe [2010-5-27 314880]
Intel iPOS v5.lnk - c:\program files (x86)\Intel iPOS v5\TCEPlayer.exe [2010-5-27 424860]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswVmm;aswVmm; [x]
R3 cpuz134;cpuz134;c:\users\Acer\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Acer\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 CXPLRCAP;Capture Device;c:\windows\system32\drivers\CxPlrCap.sys;c:\windows\SYSNATIVE\drivers\CxPlrCap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe;c:\magix\Common\Database\bin\fbserver.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys;c:\windows\SYSNATIVE\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys;c:\windows\SYSNATIVE\drivers\TfSysMon.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 TCE CAD Service;TCE CAD Service;c:\program files (x86)\Intel iPOS v5\cadservice.exe;c:\program files (x86)\Intel iPOS v5\cadservice.exe [x]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service;c:\program files (x86)\ThreatFire\TFService.exe service [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TwonkyProxy;TwonkyProxy;c:\program files (x86)\Twonky\TwonkyServer\twonkyproxy.exe;c:\program files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [x]
S2 TwonkyServer;TwonkyServer;c:\program files (x86)\Twonky\TwonkyServer\twonkystarter.exe;c:\program files (x86)\Twonky\TwonkyServer\twonkystarter.exe [x]
S2 TwonkyWebDav;TwonkyWebDav;c:\program files (x86)\Twonky\TwonkyServer\twonkywebdav.exe;c:\program files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys;c:\windows\SYSNATIVE\drivers\TfNetMon.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 09:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCTtime.dll" [2006-06-07 31744]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\e00c6g5s.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
Toolbar-InprocServer32 - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-EH_Vorso - c:\windows\IsUn0407.exe
AddRemove-FoxTab PDF Creator - c:\program files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\ThreatFire\TFService.exe
c:\program files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-18 20:06:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-08-18 18:06
.
Vor Suchlauf: 13 Verzeichnis(se), 316.834.885.632 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 316.313.976.832 Bytes frei
.
- - End Of File - - 9BD29A9BE402BF8F37CD0F26B4240A1A
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.18.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Acer :: ACER-PC [Administrator] 18.08.2013 20:45:18 mbam-log-2013-08-18 (20-45-18).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 226081 Laufzeit: 7 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Users\Acer\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly (PUP.OPtional.Dealply) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 5 C:\Users\Acer\Downloads\SoftonicDownloader_fuer_cdburnerxp-pro.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Acer\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk (PUP.OPtional.Dealply) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.lnk (PUP.OPtional.Dealply) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.lnk (PUP.OPtional.Dealply) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v2.306 - Datei am 18/08/2013 um 21:12:16 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Acer - ACER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Acer\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\e00c6g5s.default\searchplugins\Askcom.xml
Ordner Gelöscht : C:\Program Files (x86)\BabylonToolbar
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Acer\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Acer\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Acer\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\vm9u4xz9.default\extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16660
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\e00c6g5s.default\prefs.js
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 21);
Gelöscht : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Gelöscht : user_pref("extensions.BabylonToolbar.hmpg", false);
Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 21);
Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Gelöscht : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "9.0");
Gelöscht : user_pref("extensions.BabylonToolbar.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.propectorlck", 65739357);
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "free");
Gelöscht : user_pref("extensions.greasemonkey.scriptvals.antikiller/AntiGame.UNI110_DETimeZoneDelta", "0");
*************************
AdwCleaner[S1].txt - [13461 octets] - [18/08/2013 21:12:16]
########## EOF - C:\AdwCleaner[S1].txt - [13522 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.9 (08.17.2013:3)
OS: Windows 7 Home Premium x64
Ran by Acer on 18.08.2013 at 21:30:14,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_cdburnerxp-pro_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_cdburnerxp-pro_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-download_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-download_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_cdburnerxp-pro_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_cdburnerxp-pro_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-download_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-download_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5251C588-FB0C-4B59-A677-F85A83601B24}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\staged"
Emptied folder: C:\Users\Acer\AppData\Roaming\mozilla\firefox\profiles\e00c6g5s.default\minidumps [128 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.08.2013 at 22:12:04,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-08-2013
Ran by Acer (administrator) on 19-08-2013 03:59:46
Running from C:\Users\Acer\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(The Creative Engine) C:\Program Files (x86)\Intel iPOS v5\TCEidletimer.exe
(Adobe Systems, Inc.) C:\Program Files (x86)\Intel iPOS v5\TCEPlayer.exe
(Dropbox, Inc.) C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
( ) C:\Windows\system32\lxctcoms.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(PC Tools) C:\Program Files (x86)\ThreatFire\TFTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files (x86)\Intel iPOS v5\cadservice.exe
(PC Tools) C:\Program Files (x86)\ThreatFire\TFService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Farbar) C:\Users\Acer\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [LXCTCATS] - C:\Windows\system32\spool\DRIVERS\x64\3\LXCTtime.dll [31744 2006-06-07] (Lexmark International Inc.)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ThreatFire] - C:\Program Files (x86)\ThreatFire\TFTray.exe [378128 2010-01-15] (PC Tools)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Autostart Intel iPOS v5.lnk
ShortcutTarget: Autostart Intel iPOS v5.lnk -> C:\Program Files (x86)\Intel iPOS v5\TCEidletimer.exe (The Creative Engine)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intel iPOS v5.lnk
ShortcutTarget: Intel iPOS v5.lnk -> C:\Program Files (x86)\Intel iPOS v5\TCEPlayer.exe (Adobe Systems, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\e00c6g5s.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Acer\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\e00c6g5s.default\Extensions\{71bfcce7-421d-4042-95d4-a585a821cbca}.xpi
FF Extension: No Name - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\e00c6g5s.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [fe_9.0@nokia.com] C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF HKLM-x32\...\Thunderbird\Extensions: [te_9.0@nokia.com] C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-11] (Avira Operations GmbH & Co. KG)
S3 FirebirdServerMAGIXInstance; C:\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 lxct_device; C:\Windows\system32\lxctcoms.exe [546304 2006-07-13] ( )
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
R2 TCE CAD Service; C:\Program Files (x86)\Intel iPOS v5\cadservice.exe [25600 2010-09-02] ()
R2 ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe [70928 2010-01-15] (PC Tools)
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-05-03] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [541512 2012-05-03] (PacketVideo)
R2 TwonkyWebDav; C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [271176 2012-05-03] ()
==================== Drivers (Whitelisted) ====================
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-03-07] ()
S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178624 2013-03-07] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-02-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-19] (Avira Operations GmbH & Co. KG)
S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [236160 2011-10-25] (Conexant Systems, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-02-02] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-12-19] ()
R0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [65072 2010-01-15] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2010-01-15] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2010-01-15] (PC Tools)
R0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [59880 2010-01-15] (PC Tools)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
U3 aj7desa9; C:\Windows\System32\Drivers\aj7desa9.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz132; \??\C:\Users\Acer\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]
S3 cpuz134; \??\C:\Users\Acer\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-19 03:38 - 2013-08-19 03:39 - 00560835 _____ C:\Users\Acer\Downloads\FRST64(1).exe.part
2013-08-18 22:12 - 2013-08-18 22:12 - 00003444 _____ C:\Users\Acer\Desktop\JRT.txt
2013-08-18 21:26 - 2013-08-18 21:26 - 00000000 ____D C:\Windows\ERUNT
2013-08-18 21:24 - 2013-08-18 21:25 - 01018166 _____ (Thisisu) C:\Users\Acer\Desktop\JRT.exe
2013-08-18 21:12 - 2013-08-18 21:12 - 00013544 _____ C:\AdwCleaner[S1].txt
2013-08-18 21:10 - 2013-08-18 21:10 - 00666633 _____ C:\Users\Acer\Desktop\adwcleaner.exe
2013-08-18 20:18 - 2013-08-18 20:18 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Malwarebytes
2013-08-18 20:17 - 2013-08-18 20:17 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-18 20:17 - 2013-08-18 20:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-18 20:17 - 2013-08-18 20:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-18 20:17 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-18 20:12 - 2013-08-18 20:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Acer\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-18 20:06 - 2013-08-18 20:06 - 00023802 _____ C:\ComboFix.txt
2013-08-18 19:54 - 2013-08-18 20:54 - 00002772 _____ C:\Windows\PFRO.log
2013-08-18 19:37 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-18 19:37 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-18 19:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-18 19:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-18 19:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-18 19:37 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-18 19:37 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-18 19:37 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-18 19:36 - 2013-08-18 20:06 - 00000000 ____D C:\Qoobox
2013-08-18 19:35 - 2013-08-18 20:01 - 00000000 ____D C:\Windows\erdnt
2013-08-18 19:29 - 2013-08-18 19:35 - 05105231 ____R (Swearware) C:\Users\Acer\Desktop\ComboFix.exe
2013-08-18 16:17 - 2013-08-18 16:18 - 00023476 _____ C:\Users\Acer\Downloads\Addition.txt
2013-08-18 16:16 - 2013-08-18 16:16 - 00000000 ____D C:\FRST
2013-08-18 15:56 - 2013-08-18 15:58 - 01575580 _____ (Farbar) C:\Users\Acer\Downloads\FRST64.exe
2013-08-18 15:12 - 2013-08-18 15:12 - 00000000 ____D C:\Users\Acer\AppData\Local\DriverTuner
2013-08-18 15:09 - 2013-08-18 15:11 - 02816072 _____ (LionSea SoftWare ) C:\Users\Acer\Downloads\setup.exe
2013-08-17 17:20 - 2013-08-18 21:14 - 00000706 _____ C:\Windows\setupact.log
2013-08-17 17:20 - 2013-08-17 17:20 - 00000000 _____ C:\Windows\setuperr.log
2013-08-15 20:40 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 20:40 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 20:40 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 20:40 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 20:40 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 20:40 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 20:40 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 20:40 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 20:40 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 20:40 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 20:40 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 20:40 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 19:51 - 2013-08-18 21:16 - 00000000 ___RD C:\Users\Acer\Dropbox
2013-08-15 19:51 - 2013-08-15 19:51 - 00001041 _____ C:\Users\Acer\Desktop\Dropbox.lnk
2013-08-15 19:31 - 2013-08-15 19:34 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-15 19:17 - 2013-08-15 19:29 - 33641960 _____ (Dropbox, Inc.) C:\Users\Acer\Downloads\Dropbox_2.2.13.exe
2013-08-15 18:09 - 2013-08-17 17:41 - 00000000 ____D C:\Users\Acer\Desktop\Thailand2013T
2013-08-15 18:08 - 2013-08-15 18:08 - 00000000 ____D C:\Users\Acer\Desktop\Teneriffa2012T
2013-08-15 18:07 - 2013-08-15 18:07 - 00000000 ____D C:\Users\Acer\Desktop\Hochzeitsbilder2
2013-08-15 18:07 - 2013-08-15 18:07 - 00000000 ____D C:\Users\Acer\Desktop\Hochzeitsbilder1
2013-08-15 13:11 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 13:11 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 13:11 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 13:11 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 13:11 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 13:11 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 13:11 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 13:11 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 13:11 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 13:11 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 13:11 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 13:11 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 13:11 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 13:11 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 13:11 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 13:11 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 13:11 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 13:11 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 13:11 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 13:11 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 13:10 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 13:10 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 13:10 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 13:10 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 13:10 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 13:10 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 13:05 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-15 11:36 - 2013-08-15 11:36 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvbbt
2013-08-15 11:36 - 2013-08-15 11:36 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkv
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvbb
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvb
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifk
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuif
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftui
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftu
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbft
2013-08-15 11:02 - 2013-08-15 11:02 - 00000000 ____D C:\Users\Acer\AppData\Local\TfeTxCRk
2013-08-15 10:59 - 2013-08-15 12:36 - 00000000 ____D C:\Users\Acer\AppData\Local\Dirty
2013-08-15 10:59 - 2013-08-15 10:59 - 00000000 ____D C:\Users\Acer\AppData\Local\LYhNPXtf
2013-08-14 20:31 - 2013-08-15 20:35 - 00000000 ____D C:\Windows\system32\MRT
2013-08-10 16:42 - 2013-08-10 16:44 - 04429440 _____ (Piriform Ltd) C:\Users\Acer\Downloads\ccsetup404.exe
2013-07-31 14:45 - 2013-07-31 14:45 - 00000000 ____D C:\Users\Acer\Desktop\Klassenliste 4d
==================== One Month Modified Files and Folders =======
2013-08-19 03:53 - 2013-08-19 03:51 - 01575812 _____ (Farbar) C:\Users\Acer\Downloads\FRST64(1).exe
2013-08-19 03:49 - 2012-06-25 22:36 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Dropbox
2013-08-19 03:39 - 2013-08-19 03:38 - 00560835 _____ C:\Users\Acer\Downloads\FRST64(1).exe.part
2013-08-19 01:42 - 2011-09-11 13:51 - 01715127 _____ C:\Windows\WindowsUpdate.log
2013-08-18 23:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-18 22:12 - 2013-08-18 22:12 - 00003444 _____ C:\Users\Acer\Desktop\JRT.txt
2013-08-18 22:04 - 2012-06-14 21:24 - 00000000 ____D C:\ProgramData\TwonkyServer
2013-08-18 21:29 - 2011-09-13 20:13 - 00000000 ____D C:\Program Files (x86)\ThreatFire
2013-08-18 21:26 - 2013-08-18 21:26 - 00000000 ____D C:\Windows\ERUNT
2013-08-18 21:25 - 2013-08-18 21:24 - 01018166 _____ (Thisisu) C:\Users\Acer\Desktop\JRT.exe
2013-08-18 21:23 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-18 21:23 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-18 21:22 - 2011-03-19 20:53 - 00000000 ____D C:\Users\Acer\Documents\Mein Steuer-Sparbuch Heute
2013-08-18 21:16 - 2013-08-15 19:51 - 00000000 ___RD C:\Users\Acer\Dropbox
2013-08-18 21:15 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-18 21:14 - 2013-08-17 17:20 - 00000706 _____ C:\Windows\setupact.log
2013-08-18 21:12 - 2013-08-18 21:12 - 00013544 _____ C:\AdwCleaner[S1].txt
2013-08-18 21:10 - 2013-08-18 21:10 - 00666633 _____ C:\Users\Acer\Desktop\adwcleaner.exe
2013-08-18 20:54 - 2013-08-18 19:54 - 00002772 _____ C:\Windows\PFRO.log
2013-08-18 20:30 - 2013-07-16 18:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-18 20:18 - 2013-08-18 20:18 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Malwarebytes
2013-08-18 20:17 - 2013-08-18 20:17 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-18 20:17 - 2013-08-18 20:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-18 20:17 - 2013-08-18 20:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-18 20:16 - 2013-08-18 20:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Acer\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-18 20:06 - 2013-08-18 20:06 - 00023802 _____ C:\ComboFix.txt
2013-08-18 20:06 - 2013-08-18 19:36 - 00000000 ____D C:\Qoobox
2013-08-18 20:06 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-18 20:01 - 2013-08-18 19:35 - 00000000 ____D C:\Windows\erdnt
2013-08-18 19:55 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-18 19:35 - 2013-08-18 19:29 - 05105231 ____R (Swearware) C:\Users\Acer\Desktop\ComboFix.exe
2013-08-18 16:18 - 2013-08-18 16:17 - 00023476 _____ C:\Users\Acer\Downloads\Addition.txt
2013-08-18 16:16 - 2013-08-18 16:16 - 00000000 ____D C:\FRST
2013-08-18 15:58 - 2013-08-18 15:56 - 01575580 _____ (Farbar) C:\Users\Acer\Downloads\FRST64.exe
2013-08-18 15:12 - 2013-08-18 15:12 - 00000000 ____D C:\Users\Acer\AppData\Local\DriverTuner
2013-08-18 15:11 - 2013-08-18 15:09 - 02816072 _____ (LionSea SoftWare ) C:\Users\Acer\Downloads\setup.exe
2013-08-18 14:17 - 2010-12-29 04:39 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8601232D-346E-4210-9E27-41844A6A0A23}
2013-08-18 08:28 - 2011-04-25 16:28 - 00000000 ____D C:\Program Files\Lx_cats
2013-08-17 17:41 - 2013-08-15 18:09 - 00000000 ____D C:\Users\Acer\Desktop\Thailand2013T
2013-08-17 17:20 - 2013-08-17 17:20 - 00000000 _____ C:\Windows\setuperr.log
2013-08-17 00:17 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-08-15 20:37 - 2010-09-14 15:47 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-15 20:37 - 2010-09-14 15:47 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-15 20:37 - 2009-07-14 07:13 - 01520734 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-15 20:35 - 2013-08-14 20:31 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 20:30 - 2010-12-29 15:19 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 19:51 - 2013-08-15 19:51 - 00001041 _____ C:\Users\Acer\Desktop\Dropbox.lnk
2013-08-15 19:51 - 2010-10-30 18:12 - 00000000 ____D C:\Users\Acer
2013-08-15 19:34 - 2013-08-15 19:31 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-15 19:34 - 2010-10-30 18:15 - 00000000 ___RD C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-15 19:29 - 2013-08-15 19:17 - 33641960 _____ (Dropbox, Inc.) C:\Users\Acer\Downloads\Dropbox_2.2.13.exe
2013-08-15 18:08 - 2013-08-15 18:08 - 00000000 ____D C:\Users\Acer\Desktop\Teneriffa2012T
2013-08-15 18:07 - 2013-08-15 18:07 - 00000000 ____D C:\Users\Acer\Desktop\Hochzeitsbilder2
2013-08-15 18:07 - 2013-08-15 18:07 - 00000000 ____D C:\Users\Acer\Desktop\Hochzeitsbilder1
2013-08-15 12:36 - 2013-08-15 10:59 - 00000000 ____D C:\Users\Acer\AppData\Local\Dirty
2013-08-15 12:36 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-15 12:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-08-15 11:36 - 2013-08-15 11:36 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvbbt
2013-08-15 11:36 - 2013-08-15 11:36 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkv
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvbb
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvb
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifk
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuif
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftui
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftu
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbft
2013-08-15 11:35 - 2010-10-30 18:15 - 00000000 ____D C:\Users\Acer\AppData\Local\EgisTec IPS
2013-08-15 11:02 - 2013-08-15 11:02 - 00000000 ____D C:\Users\Acer\AppData\Local\TfeTxCRk
2013-08-15 10:59 - 2013-08-15 10:59 - 00000000 ____D C:\Users\Acer\AppData\Local\LYhNPXtf
2013-08-10 16:57 - 2011-07-14 18:43 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-10 16:57 - 2010-12-26 13:48 - 00000000 ____D C:\Program Files\CCleaner
2013-08-10 16:44 - 2013-08-10 16:42 - 04429440 _____ (Piriform Ltd) C:\Users\Acer\Downloads\ccsetup404.exe
2013-08-10 16:31 - 2010-12-06 01:34 - 00000000 ____D C:\Users\Acer\Desktop\Programme
2013-07-31 14:45 - 2013-07-31 14:45 - 00000000 ____D C:\Users\Acer\Desktop\Klassenliste 4d
2013-07-26 07:13 - 2013-08-15 20:40 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-15 20:40 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-15 20:40 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-15 20:40 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-15 20:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-15 20:40 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-15 20:40 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 20:40 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-15 20:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-15 20:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-15 20:40 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-15 20:40 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-15 13:10 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-15 13:10 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-14 16:44
==================== End Of Log ============================
--- --- --- |
|
19.08.2013, 11:50
| #4 |
| /// the machine /// TB-Ausbilder | DirtyDecrypt über den BKA Trojaner eingefangen ransomware Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter U3 aj7desa9; C:\Windows\System32\Drivers\aj7desa9.sys [0 ] (Microsoft Corporation)
2013-08-15 11:36 - 2013-08-15 11:36 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvbbt
2013-08-15 11:36 - 2013-08-15 11:36 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkv
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvbb
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvb
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifk
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuif
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftui
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftu
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbft
2013-08-15 11:02 - 2013-08-15 11:02 - 00000000 ____D C:\Users\Acer\AppData\Local\TfeTxCRk
2013-08-15 10:59 - 2013-08-15 12:36 - 00000000 ____D C:\Users\Acer\AppData\Local\Dirty
2013-08-15 10:59 - 2013-08-15 10:59 - 00000000 ____D C:\Users\Acer\AppData\Local\LYhNPXtf
C:\Windows\System32\Drivers\aj7desa9.sys
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.08.2013, 18:15
| #5 |
| | DirtyDecrypt über den BKA Trojaner eingefangen ransomwareCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-08-2013
Ran by Acer at 2013-08-19 18:43:39 Run:1
Running from C:\Users\Acer\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
U3 aj7desa9; C:\Windows\System32\Drivers\aj7desa9.sys [0 ] (Microsoft Corporation)
2013-08-15 11:36 - 2013-08-15 11:36 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvbbt
2013-08-15 11:36 - 2013-08-15 11:36 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkv
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvbb
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvb
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifk
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuif
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftui
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftu
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbft
2013-08-15 11:02 - 2013-08-15 11:02 - 00000000 ____D C:\Users\Acer\AppData\Local\TfeTxCRk
2013-08-15 10:59 - 2013-08-15 12:36 - 00000000 ____D C:\Users\Acer\AppData\Local\Dirty
2013-08-15 10:59 - 2013-08-15 10:59 - 00000000 ____D C:\Users\Acer\AppData\Local\LYhNPXtf
C:\Windows\System32\Drivers\aj7desa9.sys
*****************
aj7desa9 => Service not found.
C:\Users\Acer\AppData\Local\PQuqgbftuifkvbbt => Moved successfully.
C:\Users\Acer\AppData\Local\PQuqgbftuifkv => Moved successfully.
C:\Users\Acer\AppData\Local\PQuqgbftuifkvbb => Moved successfully.
C:\Users\Acer\AppData\Local\PQuqgbftuifkvb => Moved successfully.
C:\Users\Acer\AppData\Local\PQuqgbftuifk => Moved successfully.
C:\Users\Acer\AppData\Local\PQuqgbftuif => Moved successfully.
C:\Users\Acer\AppData\Local\PQuqgbftui => Moved successfully.
C:\Users\Acer\AppData\Local\PQuqgbftu => Moved successfully.
C:\Users\Acer\AppData\Local\PQuqgbft => Moved successfully.
C:\Users\Acer\AppData\Local\TfeTxCRk => Moved successfully.
C:\Users\Acer\AppData\Local\Dirty => Moved successfully.
C:\Users\Acer\AppData\Local\LYhNPXtf => Moved successfully.
"C:\Windows\System32\Drivers\aj7desa9.sys" => File/Directory not found.
==== End of Fixlog ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5fe015c2872c6741854927441ad65fa4
# engine=14824
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-19 02:52:32
# local_time=2013-08-19 04:52:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=771 16777214 16 1 10567975 10567975 0 0
# compatibility_mode=1799 16775165 100 96 22115 10567527 14897 0
# compatibility_mode=5893 16776574 100 94 3323203 128553802 0 0
# scanned=188815
# found=111
# cleaned=0
# scan_time=18380
sh=F3BD4FEF250BD7AFBEED895DCF81AA37BE46713F ft=0 fh=0000000000000000 vn="Win32/Spy.SpyEye.CFG.A trojan" ac=I fn="C:\Qoobox\Quarantine\C\timerintray\config.bin.vir"
sh=1A9D81426DC25A780BB172E0DFC0E9EEA453E202 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\DOWNLOADBOX\oose_1_0_82_german.zip"
sh=FBE7D6ABA3AA6E07E337B0912D008DBE0343BAFC ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\DOWNLOADBOX\rld-nsmw.rar"
sh=5A88BE06530C8DD845CD48F42262FDC5FF2A3703 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\DOWNLOADBOX\rld-pes5.rar"
sh=F92AF14208F66B72B3B7E75686AD4A9E6A45A730 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\DOWNLOADBOX\rld-torc.rar"
sh=65319468C5CD84ABC05FB51D96DB9C3F95303114 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\DOWNLOADBOX\xp-AntiSpy_deutsch.zip"
sh=3F42643FBF4527329BF57BEA32D5290E1CD463FA ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\DOWNLOADBOX\Neuer Ordner\rld-torc.rar"
sh=5CDCA93B66669B500803C02E05BB934F44A73E9D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\DOWNLOADBOX\Neuer Ordner (2)\rld-nsmw.rar"
sh=22BC0ED6B7DB83B5F452F950358AB48D2F338A0D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\DOWNLOADBOX\Neuer Ordner (3)\rld-pes5.rar"
sh=B092BCE2312266A3F30C93DC3766D63FE1FED2E1 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\DOWNLOADBOX\O&O\oose_1_0_82_german.zip"
sh=F1B1FF1608FEBC66D1EFCEA096F2DE97FF92C58E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\Trickshot (Pool - Billard - Snooker) PC Game.rar"
sh=BC90293CF60211391AF7524FEBA20967078F663B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part01.rar"
sh=75E5DA8936FB937903FFDF1017E0186E5771194D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part02.rar"
sh=C41FDF9EB64860BF5BC724EE4336A2F3132E0E8B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part03.rar"
sh=6EFDC518BD7C12F3A3E1ABA2EEAF4372D4B6FCA1 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part04.rar"
sh=86998B29546028748E160FD5751E6C7C360F280C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part05.rar"
sh=BBF4BC10E311FDCDADE2170445122D76D79F6CF6 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part06.rar"
sh=7D4A53C3EECCB04ECCEA210A69C97E2902523ADC ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part07.rar"
sh=C25CA63BC39DD3D6E1BCBFEEEE5D4D2384E9EA01 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part08.rar"
sh=4E655A0140A1A11E88A0BB8FBBF0FA8723D05E02 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part09.rar"
sh=564EFF125B29381B35C3CFC1206BECEE5B7D7036 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part10.rar"
sh=64458410B526A53F51571869D0A8018077537703 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part11.rar"
sh=ABD974550313ACC4BEF5BFC3E99DB3C8924797EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part12.rar"
sh=D1D73FF0C07231E65CD26CFFCB0588A822983E19 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part13.rar"
sh=40C67071FAE6A1EF8F12A4058812975DAFE1FE9A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part14.rar"
sh=0CB73351A46C4D9FC0ED44AFBF038923A78AE670 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part15.rar"
sh=0290EBF41D72A6651A9D9F463B981177CE841F96 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part16.rar"
sh=BD1D0052E5CD0FB818BD3FCE4C329C1CEE9448FC ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part17.rar"
sh=16C282ED4BCE99A8C4C6FBFD8E710605BBCC53C8 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part18.rar"
sh=5C4C6E7ED84753D4EAD6DDF6B93E89CB513FB485 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part19.rar"
sh=FFCCD0C7DE0DDEB384EA2483DBA3906E418B7A33 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part20.rar"
sh=124DC2B64D27E09744102D8078943EE199ED25E1 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part21.rar"
sh=A446F9DCC8E4BB821969CED1CE81F8ADAF900129 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part22.rar"
sh=93034DFDC8370AD0DC407CC9452E5D331E6F565D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part23.rar"
sh=01242A525E37F0FCC488D24E71896DA34A96C8D2 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part24.rar"
sh=0B219EC60926ABE7577936DC34A5A23A6601B653 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part25.rar"
sh=7A71F95E23262D4ACCB5BAF61833CC8D4DCFAA7C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part26.rar"
sh=FD95D602EF251E6C1720F82AC1EE7A5B4924AFA3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part27.rar"
sh=FB1D42B7624CC2BD30C0708FD7FD020608C1811A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part28.rar"
sh=A816B0E09E8D083877165228082C805AB496FC97 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part29.rar"
sh=5806D2A28EC8B79165C7C4E74B062E55643F754E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part30.rar"
sh=332669FC02FA528343A2FDA2DC7319353C24AC9C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part31.rar"
sh=02AA5CBA45EAEBB3FA078FF2C2D1399D67EEBF57 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part32.rar"
sh=48A9AA34FEC6A304BD65424B824F283FC76D3707 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part33.rar"
sh=F0745AAD5298CEC4DAC8DFDE45129BA84F7FAEB7 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part34.rar"
sh=9DB3752F815C83DD3D16EC14CF72A7E90C586FF2 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part35.rar"
sh=F53FF488142B1AFF7942E3A3060F250344CD2BF1 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part36.rar"
sh=03CB009DD22B35BBB28EC451920EDA155F0C1CB6 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part37.rar"
sh=A35392F1961730CCE3C0B9FCB76B791CCC828785 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part38.rar"
sh=3A0E638F2467C0FC6B640BA368ABCD63FAE9FA7E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part39.rar"
sh=A484447AD0CAD97722CE5E731BFC726417FE4B29 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part40.rar"
sh=CB7382C21A5E85BA211C609CFC50AC7D8EDE4B94 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part41.rar"
sh=B5D831891B1311E6251590640E6E8C83BDC0947E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part42.rar"
sh=5835587DF8595306172B95BB778883AAD2C6270F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part43.rar"
sh=78F3CBA2C80BC2CC4975E3AF43901A4D3F7023A3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part44.rar"
sh=295F2CA206A14BCF409DFAFF74C49F5D21EE33F2 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part45.rar"
sh=CCCF1C1D6A44A0BECAC350B7F300DF97B284FCA9 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part46.rar"
sh=269E219AD444B9BE5BC47CF77A65168EDB8FA297 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part47.rar"
sh=7CF65EE954DDAB61EE498C601F7DC4035AB0E02C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\Meine Spiele\PES_5 - Pro Evolution Soccer 5\PES_5.part48.rar"
sh=1A701937064DDD1419188652C02DC53888CB4079 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part01.rar"
sh=3FF26CB200FE30722E9231E28A159A4EFCFCA9B5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part02.rar"
sh=9ED09CC3CD7D2E2546075E598E23B957EA27CD2F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part03.rar"
sh=6CC73165A4590446206DC52640FD0396576B1D34 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part04.rar"
sh=8BFB0F2A5FEFA69DCA15C3BC18FF0CC257549E95 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part05.rar"
sh=BA3BF367DBEB04CE7548572C967C71E3751BA332 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part06.rar"
sh=501F26890AAB0216D7BC73AB2A9D5D5BCB8000D1 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part07.rar"
sh=AF602F4083F0EC9EA4607134FC699556B7283E9E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part08.rar"
sh=9FA47F83C331532A14A3BA1AAA195267640A006A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part09.rar"
sh=6D030DE22469827D3BC282E9E001D4AEB94C521D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part10.rar"
sh=74F84666AF506BFF0A8902B70EF6CBFED3B92689 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part11.rar"
sh=196F11D06F5DB0B83A844D2DE28E98732B0E37F5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part12.rar"
sh=4ED64A5A16BCC921F0EAAEDB1CB65A5CFEED8827 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part13.rar"
sh=67BD92B6C2926C1163D5A23D1DA2FBEC53BF50DD ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part14.rar"
sh=6C14BECF23B02EC59EAC260F5260D0877A1AC2B6 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part15.rar"
sh=3840BFA0F55EF1A4FA32B8983BD40199C31C2AD2 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part16.rar"
sh=FA3F6C00189F3B47A8D4B391EFCBF557E887BDE8 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part17.rar"
sh=78D634ACDBDEC462A12A0A5FE55A8EC59D52016C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part18.rar"
sh=2B5696CAE21A5DC4561892311C3F668469F64924 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part19.rar"
sh=5061AB853F181A7428CB7DC5BA2CA5C9AB18F4AE ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part20.rar"
sh=8FEA6B6968D79C22E129E3438E82585A95B965D7 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part21.rar"
sh=69366448A807ADED5EE7B2177813F4FDC4B42427 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part22.rar"
sh=4073D82457912FAF0B67009E459934E237BEA4DE ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part23.rar"
sh=DCC5C2CF7AA1235599CEB32DF4FA428FA223F3F6 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part24.rar"
sh=853E2C459AD6B95665E7E30998EB6BC21E2A2FC6 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part25.rar"
sh=3B49E74C6ADC1D5C49665CA30EB316327D0E6A47 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part26.rar"
sh=98B7B8648477349E944F23AD023F5D4C5ACE6461 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part27.rar"
sh=DF6A98EF1BF2F5E351FC2DC558675A630585E063 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part28.rar"
sh=AFD321907239861D27684815145A725BB6D95681 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part29.rar"
sh=E073EE650233C737081C477C03294584D3972649 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part30.rar"
sh=2A76F8203AB6689E9BA9E022A3480794D5CB9F2F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part31.rar"
sh=EFA8B56ADB19D7CD19D37278FD48ED6E7FE4E64B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part32.rar"
sh=EC0109229E2629C91D6E20F4DBCA61894150FA42 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part33.rar"
sh=CC1A4EAC9C4627F4D693F9A82B3AD42C121BB3ED ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part34.rar"
sh=5BCC50FE0A382DD25551B87FEF60DD440C01AB89 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part35.rar"
sh=0421B49C83F3A582B824CC9B43DCF2660E56D76A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part36.rar"
sh=C1F6C0FAB07E24B78F3F9D3423D2F0D77CC75B9C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part37.rar"
sh=1A8BFCBEE87B98F23CE89775A898660845DF518D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part38.rar"
sh=7E6B41017506CB5434826C663FD6A24AC24929B4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part39.rar"
sh=53D91916CE8DDF82B1B7BA6BCEC9A55E8681DEF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part40.rar"
sh=EE63E4AA5C28A23F63CC29B388CE2B6B24C0BD65 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part41.rar"
sh=A5118BC7B89FF48039514C08B451EDEFEE3EF964 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part42.rar"
sh=9DE0FE1D860571F3124A086F91C585244BE8675B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part43.rar"
sh=D362C92784F5FE245768B5B790D7B76E16959255 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part44.rar"
sh=C963FEDC34439C47E074FE98F45EEDCFE3CB183F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part45.rar"
sh=80A448748433F3DCCFE92E30C014DB4BE11A0FBB ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part46.rar"
sh=0A5B4C14EC1513C98A107C0EF84139925C21F93E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part47.rar"
sh=3017FD1E8409B71874C6739351D4EC9ACC47CE77 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Desktop\externe\WD USB 2\UseNeXT\wizard\PES_5 - Pro Evolution Soccer 5\PES_5.part48.rar"
sh=98F10F20435978C7CC50C7BE964231385E804878 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\Acer\Music\eigene Musik\Musik für René\VA_-_Bravo_Black_Hits_Vol_21-2CD-2009-YSP\Kostenloser_Usenetzugang.rar"
sh=32CD8B14CEB49E88C4398972C48821F7C62A206A ft=0 fh=0000000000000000 vn="a variant of Win32/Hoax.ArchSMS.VY application" ac=I fn="F:\ACER-PC\Backup Set 2012-09-01 001552\Backup Files 2012-09-01 001552\Backup files 14.zip"
sh=D30410CB9C33B641C188E38019354CA8886D27C0 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="F:\ACER-PC\Backup Set 2012-09-01 001552\Backup Files 2012-09-01 001552\Backup files 5.zip"
sh=69A13B1A1D2FD6C60643D0AC90B082E8119009A9 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="F:\ACER-PC\Backup Set 2013-06-15 162818\Backup Files 2013-06-15 162818\Backup files 6.zip"
ESETSmartInstaller@High as downloader log:
all ok
Code:
ATTFilter Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` ThreatFire Malwarebytes Anti-Malware Version 1.75.0.1300 Java(TM) 6 Update 37 Java 7 Update 25 Adobe Flash Player 11.8.800.94 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox 22.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe ThreatFire TFTray.exe ThreatFire TFService.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-08-2013
Ran by Acer (administrator) on 19-08-2013 19:13:02
Running from C:\Users\Acer\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
( ) C:\Windows\system32\lxctcoms.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files (x86)\Intel iPOS v5\cadservice.exe
(PC Tools) C:\Program Files (x86)\ThreatFire\TFService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(The Creative Engine) C:\Program Files (x86)\Intel iPOS v5\TCEidletimer.exe
(Adobe Systems, Inc.) C:\Program Files (x86)\Intel iPOS v5\TCEPlayer.exe
(Dropbox, Inc.) C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(PC Tools) C:\Program Files (x86)\ThreatFire\TFTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Farbar) C:\Users\Acer\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [LXCTCATS] - C:\Windows\system32\spool\DRIVERS\x64\3\LXCTtime.dll [31744 2006-06-07] (Lexmark International Inc.)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ThreatFire] - C:\Program Files (x86)\ThreatFire\TFTray.exe [378128 2010-01-15] (PC Tools)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Autostart Intel iPOS v5.lnk
ShortcutTarget: Autostart Intel iPOS v5.lnk -> C:\Program Files (x86)\Intel iPOS v5\TCEidletimer.exe (The Creative Engine)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intel iPOS v5.lnk
ShortcutTarget: Intel iPOS v5.lnk -> C:\Program Files (x86)\Intel iPOS v5\TCEPlayer.exe (Adobe Systems, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\e00c6g5s.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Acer\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\e00c6g5s.default\Extensions\{71bfcce7-421d-4042-95d4-a585a821cbca}.xpi
FF Extension: No Name - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\e00c6g5s.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [fe_9.0@nokia.com] C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF HKLM-x32\...\Thunderbird\Extensions: [te_9.0@nokia.com] C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-11] (Avira Operations GmbH & Co. KG)
S3 FirebirdServerMAGIXInstance; C:\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 lxct_device; C:\Windows\system32\lxctcoms.exe [546304 2006-07-13] ( )
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
R2 TCE CAD Service; C:\Program Files (x86)\Intel iPOS v5\cadservice.exe [25600 2010-09-02] ()
R2 ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe [70928 2010-01-15] (PC Tools)
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-05-03] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [541512 2012-05-03] (PacketVideo)
R2 TwonkyWebDav; C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [271176 2012-05-03] ()
==================== Drivers (Whitelisted) ====================
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-03-07] ()
S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178624 2013-03-07] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-02-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-19] (Avira Operations GmbH & Co. KG)
S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [236160 2011-10-25] (Conexant Systems, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-02-02] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-12-19] ()
R0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [65072 2010-01-15] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2010-01-15] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2010-01-15] (PC Tools)
R0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [59880 2010-01-15] (PC Tools)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
U3 aw7pq11e; C:\Windows\System32\Drivers\aw7pq11e.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz132; \??\C:\Users\Acer\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]
S3 cpuz134; \??\C:\Users\Acer\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-19 11:02 - 2013-08-19 11:04 - 02347384 _____ (ESET) C:\Users\Acer\Downloads\esetsmartinstaller_enu.exe
2013-08-19 03:51 - 2013-08-19 03:53 - 01575812 _____ (Farbar) C:\Users\Acer\Downloads\FRST64(1).exe
2013-08-19 03:38 - 2013-08-19 03:39 - 00560835 _____ C:\Users\Acer\Downloads\FRST64(1).exe.part
2013-08-18 22:12 - 2013-08-18 22:12 - 00003444 _____ C:\Users\Acer\Desktop\JRT.txt
2013-08-18 21:26 - 2013-08-18 21:26 - 00000000 ____D C:\Windows\ERUNT
2013-08-18 21:24 - 2013-08-18 21:25 - 01018166 _____ (Thisisu) C:\Users\Acer\Desktop\JRT.exe
2013-08-18 21:12 - 2013-08-18 21:12 - 00013544 _____ C:\AdwCleaner[S1].txt
2013-08-18 21:10 - 2013-08-18 21:10 - 00666633 _____ C:\Users\Acer\Desktop\adwcleaner.exe
2013-08-18 20:18 - 2013-08-18 20:18 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Malwarebytes
2013-08-18 20:17 - 2013-08-18 20:17 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-18 20:17 - 2013-08-18 20:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-18 20:17 - 2013-08-18 20:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-18 20:17 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-18 20:12 - 2013-08-18 20:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Acer\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-18 20:06 - 2013-08-18 20:06 - 00023802 _____ C:\ComboFix.txt
2013-08-18 19:54 - 2013-08-18 20:54 - 00002772 _____ C:\Windows\PFRO.log
2013-08-18 19:37 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-18 19:37 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-18 19:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-18 19:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-18 19:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-18 19:37 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-18 19:37 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-18 19:37 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-18 19:36 - 2013-08-18 20:06 - 00000000 ____D C:\Qoobox
2013-08-18 19:35 - 2013-08-18 20:01 - 00000000 ____D C:\Windows\erdnt
2013-08-18 19:29 - 2013-08-18 19:35 - 05105231 ____R (Swearware) C:\Users\Acer\Desktop\ComboFix.exe
2013-08-18 16:17 - 2013-08-18 16:18 - 00023476 _____ C:\Users\Acer\Downloads\Addition.txt
2013-08-18 16:16 - 2013-08-18 16:16 - 00000000 ____D C:\FRST
2013-08-18 15:56 - 2013-08-18 15:58 - 01575580 _____ (Farbar) C:\Users\Acer\Downloads\FRST64.exe
2013-08-18 15:12 - 2013-08-18 15:12 - 00000000 ____D C:\Users\Acer\AppData\Local\DriverTuner
2013-08-18 15:09 - 2013-08-18 15:11 - 02816072 _____ (LionSea SoftWare ) C:\Users\Acer\Downloads\setup.exe
2013-08-17 17:20 - 2013-08-19 10:38 - 00000762 _____ C:\Windows\setupact.log
2013-08-17 17:20 - 2013-08-17 17:20 - 00000000 _____ C:\Windows\setuperr.log
2013-08-15 20:40 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 20:40 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 20:40 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 20:40 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 20:40 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 20:40 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 20:40 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 20:40 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 20:40 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 20:40 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 20:40 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 20:40 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 19:51 - 2013-08-19 16:03 - 00000000 ___RD C:\Users\Acer\Dropbox
2013-08-15 19:51 - 2013-08-15 19:51 - 00001041 _____ C:\Users\Acer\Desktop\Dropbox.lnk
2013-08-15 19:31 - 2013-08-15 19:34 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-15 19:17 - 2013-08-15 19:29 - 33641960 _____ (Dropbox, Inc.) C:\Users\Acer\Downloads\Dropbox_2.2.13.exe
2013-08-15 18:09 - 2013-08-17 17:41 - 00000000 ____D C:\Users\Acer\Desktop\Thailand2013T
2013-08-15 18:08 - 2013-08-15 18:08 - 00000000 ____D C:\Users\Acer\Desktop\Teneriffa2012T
2013-08-15 18:07 - 2013-08-15 18:07 - 00000000 ____D C:\Users\Acer\Desktop\Hochzeitsbilder2
2013-08-15 18:07 - 2013-08-15 18:07 - 00000000 ____D C:\Users\Acer\Desktop\Hochzeitsbilder1
2013-08-15 13:11 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 13:11 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 13:11 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 13:11 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 13:11 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 13:11 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 13:11 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 13:11 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 13:11 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 13:11 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 13:11 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 13:11 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 13:11 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 13:11 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 13:11 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 13:11 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 13:11 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 13:11 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 13:11 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 13:11 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 13:10 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 13:10 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 13:10 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 13:10 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 13:10 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 13:10 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 13:05 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 20:31 - 2013-08-15 20:35 - 00000000 ____D C:\Windows\system32\MRT
2013-08-10 16:42 - 2013-08-10 16:44 - 04429440 _____ (Piriform Ltd) C:\Users\Acer\Downloads\ccsetup404.exe
2013-07-31 14:45 - 2013-07-31 14:45 - 00000000 ____D C:\Users\Acer\Desktop\Klassenliste 4d
==================== One Month Modified Files and Folders =======
2013-08-19 19:07 - 2013-08-19 19:07 - 00891115 _____ C:\Users\Acer\Desktop\SecurityCheck.exe
2013-08-19 18:24 - 2012-06-14 21:24 - 00000000 ____D C:\ProgramData\TwonkyServer
2013-08-19 17:23 - 2011-09-11 13:51 - 01777021 _____ C:\Windows\WindowsUpdate.log
2013-08-19 16:03 - 2013-08-15 19:51 - 00000000 ___RD C:\Users\Acer\Dropbox
2013-08-19 16:03 - 2012-06-25 22:36 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Dropbox
2013-08-19 14:59 - 2010-12-29 04:39 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8601232D-346E-4210-9E27-41844A6A0A23}
2013-08-19 11:04 - 2013-08-19 11:02 - 02347384 _____ (ESET) C:\Users\Acer\Downloads\esetsmartinstaller_enu.exe
2013-08-19 11:02 - 2010-09-14 15:47 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-19 11:02 - 2010-09-14 15:47 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-19 11:02 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-19 10:57 - 2010-10-30 18:15 - 00000000 ___RD C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-19 10:51 - 2011-09-13 20:13 - 00000000 ____D C:\Program Files (x86)\ThreatFire
2013-08-19 10:46 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-19 10:46 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-19 10:45 - 2011-03-19 20:53 - 00000000 ____D C:\Users\Acer\Documents\Mein Steuer-Sparbuch Heute
2013-08-19 10:38 - 2013-08-17 17:20 - 00000762 _____ C:\Windows\setupact.log
2013-08-19 10:38 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-19 03:53 - 2013-08-19 03:51 - 01575812 _____ (Farbar) C:\Users\Acer\Downloads\FRST64(1).exe
2013-08-19 03:39 - 2013-08-19 03:38 - 00560835 _____ C:\Users\Acer\Downloads\FRST64(1).exe.part
2013-08-18 23:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-18 22:12 - 2013-08-18 22:12 - 00003444 _____ C:\Users\Acer\Desktop\JRT.txt
2013-08-18 21:26 - 2013-08-18 21:26 - 00000000 ____D C:\Windows\ERUNT
2013-08-18 21:25 - 2013-08-18 21:24 - 01018166 _____ (Thisisu) C:\Users\Acer\Desktop\JRT.exe
2013-08-18 21:12 - 2013-08-18 21:12 - 00013544 _____ C:\AdwCleaner[S1].txt
2013-08-18 21:10 - 2013-08-18 21:10 - 00666633 _____ C:\Users\Acer\Desktop\adwcleaner.exe
2013-08-18 20:54 - 2013-08-18 19:54 - 00002772 _____ C:\Windows\PFRO.log
2013-08-18 20:30 - 2013-07-16 18:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-18 20:18 - 2013-08-18 20:18 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Malwarebytes
2013-08-18 20:17 - 2013-08-18 20:17 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-18 20:17 - 2013-08-18 20:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-18 20:17 - 2013-08-18 20:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-18 20:16 - 2013-08-18 20:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Acer\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-18 20:06 - 2013-08-18 20:06 - 00023802 _____ C:\ComboFix.txt
2013-08-18 20:06 - 2013-08-18 19:36 - 00000000 ____D C:\Qoobox
2013-08-18 20:06 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-18 20:01 - 2013-08-18 19:35 - 00000000 ____D C:\Windows\erdnt
2013-08-18 19:55 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-18 19:35 - 2013-08-18 19:29 - 05105231 ____R (Swearware) C:\Users\Acer\Desktop\ComboFix.exe
2013-08-18 16:18 - 2013-08-18 16:17 - 00023476 _____ C:\Users\Acer\Downloads\Addition.txt
2013-08-18 16:16 - 2013-08-18 16:16 - 00000000 ____D C:\FRST
2013-08-18 15:58 - 2013-08-18 15:56 - 01575580 _____ (Farbar) C:\Users\Acer\Downloads\FRST64.exe
2013-08-18 15:12 - 2013-08-18 15:12 - 00000000 ____D C:\Users\Acer\AppData\Local\DriverTuner
2013-08-18 15:11 - 2013-08-18 15:09 - 02816072 _____ (LionSea SoftWare ) C:\Users\Acer\Downloads\setup.exe
2013-08-18 08:28 - 2011-04-25 16:28 - 00000000 ____D C:\Program Files\Lx_cats
2013-08-17 17:41 - 2013-08-15 18:09 - 00000000 ____D C:\Users\Acer\Desktop\Thailand2013T
2013-08-17 17:20 - 2013-08-17 17:20 - 00000000 _____ C:\Windows\setuperr.log
2013-08-17 00:17 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-08-15 20:35 - 2013-08-14 20:31 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 20:30 - 2010-12-29 15:19 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 19:51 - 2013-08-15 19:51 - 00001041 _____ C:\Users\Acer\Desktop\Dropbox.lnk
2013-08-15 19:51 - 2010-10-30 18:12 - 00000000 ____D C:\Users\Acer
2013-08-15 19:34 - 2013-08-15 19:31 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-15 19:29 - 2013-08-15 19:17 - 33641960 _____ (Dropbox, Inc.) C:\Users\Acer\Downloads\Dropbox_2.2.13.exe
2013-08-15 18:08 - 2013-08-15 18:08 - 00000000 ____D C:\Users\Acer\Desktop\Teneriffa2012T
2013-08-15 18:07 - 2013-08-15 18:07 - 00000000 ____D C:\Users\Acer\Desktop\Hochzeitsbilder2
2013-08-15 18:07 - 2013-08-15 18:07 - 00000000 ____D C:\Users\Acer\Desktop\Hochzeitsbilder1
2013-08-15 12:36 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-15 12:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-08-15 11:35 - 2010-10-30 18:15 - 00000000 ____D C:\Users\Acer\AppData\Local\EgisTec IPS
2013-08-10 16:57 - 2011-07-14 18:43 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-10 16:57 - 2010-12-26 13:48 - 00000000 ____D C:\Program Files\CCleaner
2013-08-10 16:44 - 2013-08-10 16:42 - 04429440 _____ (Piriform Ltd) C:\Users\Acer\Downloads\ccsetup404.exe
2013-08-10 16:31 - 2010-12-06 01:34 - 00000000 ____D C:\Users\Acer\Desktop\Programme
2013-07-31 14:45 - 2013-07-31 14:45 - 00000000 ____D C:\Users\Acer\Desktop\Klassenliste 4d
2013-07-26 07:13 - 2013-08-15 20:40 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-15 20:40 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-15 20:40 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-15 20:40 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-15 20:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-15 20:40 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-15 20:40 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 20:40 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-15 20:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-15 20:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-15 20:40 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-15 20:40 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-15 13:10 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-15 13:10 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-14 16:44
==================== End Of Log ============================
--- --- --- |
|
20.08.2013, 11:47
| #6 |
| /// the machine /// TB-Ausbilder | DirtyDecrypt über den BKA Trojaner eingefangen ransomware Adobe und Firefox updaten. Alle Funde von ESET bitte löschen. Noch Probleme?
__________________ --> DirtyDecrypt über den BKA Trojaner eingefangen ransomware |
|
20.08.2013, 16:35
| #7 |
| | DirtyDecrypt über den BKA Trojaner eingefangen ransomware Danke für die schnelle Hilfe. Können auch die anderen Programme wieder gelöscht werden? gruß lagunadream |
|
20.08.2013, 16:52
| #8 |
| /// the machine /// TB-Ausbilder | DirtyDecrypt über den BKA Trojaner eingefangen ransomware Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu DirtyDecrypt über den BKA Trojaner eingefangen ransomware |
| antivir, antivirus, branding, browser, ccsetup, converter, desktop, farbar, farbar recovery scan tool, firefox, flash player, launch, monitor, mozilla, msiinstaller, plug-in, problem, pup.offerbundler.st, pup.optional.babylon.a, pup.optional.dealply, svchost.exe, system, system error, trojaner, win32/filecoder.bh.gen, win32/hoax.archsms.vy, win32/spy.spyeye.cfg.a |
Linear-Darstellung
