Vielleicht gvu/bka virus

Pan777 · 02.09.2013, 09:03

Hallo Experten,

Ich habe grande problema ... Oder auch nicht. Vor zwei Tagen beim surfen - machen wir uns nichts vor, die damen im browser waren eher unbekleidet, - öffnete sich eine Seite mit dem Erpressungstext. In der Adressleiste passenderweise polizei.de/dann wurds sehr lang/irgendwas. Gut ich hab mir dennoch auf dem anderen tab das video gegönnt - nur zur motivation - um dann kurz rum zu lesen, malwarebyte und antivir drüber geschickt, maleware hat bisschen was gefunden(hatte glaub uch aber nichts damit zu tun) was ich gelöscht hab. Seitdem ist mein pc zur sicherheit offline.

Was mich wundert, mein pc war nie gesperrt. Wie finde ich heraus, ob das ding auf meinem pc ist?

Sorry, rechtschreibung und iphone ist sone sache, aber wie gesagt bleibt der pc erstmal offline.

schrauber · 02.09.2013, 09:06

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Pan777 · 02.09.2013, 13:35

Es wären 32bit. Allerdings hängt sich der firefox auf, wenn ich versuche den Link zu Filepony zu öffnen. Ich bin gerade - mit fiesem unwohlgefühl - online mit meinem pc.

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-09-2013 04
Ran by Shirin (administrator) on BLACK-PEARL on 02-09-2013 10:58:41
Running from C:\Users\Shirin\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Microsoft) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
() C:\Users\Shirin\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Realtek Semiconductor Corp.) C:\Users\Shirin\AppData\Local\Temp\RtkBtMnt.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Microsoft Corp.) C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6111232 2008-04-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-01-18] (Synaptics, Inc.)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [409600 2008-06-11] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-05-14] (Egis Incorporated)
HKLM\...\Run: [BkupTray] - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [LManager] - C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [821768 2008-07-02] (Dritek System Inc.)
HKLM\...\Run: [eRecoveryService] -  [x]
HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-05-29] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [167936 2008-05-29] (CyberLink)
HKLM\...\Run: [PlayMovie] - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-05-12] (Acer Corp.)
HKLM\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [6144 2008-09-23] (Acer)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [185896 2009-01-31] (RealNetworks, Inc.)
HKLM\...\Run: [PhilipsDM\SA1916] - C:\Program Files\Philips\SA19XX\Philips Device Manager\Bin\LaunchDM.exe [47616 2008-05-11] (Koninklijke Philips Electronics N.V.)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Bing Bar] - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe [243544 2010-04-27] (Microsoft Corp.)
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-01-12] (Hewlett-Packard)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-26] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-12-07] (Google Inc.)
HKCU\...\Run: [Windows Update Manager] - C:\Users\Public\winsvcn.exe [x]
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [1631144 2013-03-29] (Valve Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
MountPoints2: {3fe2472b-675b-11e1-8983-00238b393468} - G:\LaunchU3.exe -a
MountPoints2: {74abfe60-a77c-11df-bb74-00238b393468} - F:\AutoRun.exe
MountPoints2: {74abfe6d-a77c-11df-bb74-00238b393468} - F:\AutoRun.exe
MountPoints2: {74abfe7f-a77c-11df-bb74-00238b393468} - F:\AutoRun.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk
ShortcutTarget: simplicheck.lnk -> C:\Program Files\simplitec\simplicheck\simplicheck.exe (simplitec)
Startup: C:\Users\Shirin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer | explore beyond limits
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {4F11ACBB-393F-4c86-A214-FF3D0D155CC3} URL = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll ()
BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll No File
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll No File
BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll No File
BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
BHO: StumbleUpon - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\Shirin\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM - Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll No File
Toolbar: HKLM - softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll No File
Toolbar: HKCU -Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll No File
Toolbar: HKCU -Winamp Toolbar - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
Toolbar: HKCU -softonic-de3 Toolbar - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: x-sdch - No CLSID Value - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Shirin\AppData\Roaming\Mozilla\Firefox\Profiles\lzx8zq12.default
FF user.js: detected! => C:\Users\Shirin\AppData\Roaming\Mozilla\Firefox\Profiles\lzx8zq12.default\user.js
FF Homepage: Berger-film.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @mcafee.com/SAFFPlugin - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @protectdisc.com/NPPDLicenseHelper - C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF Plugin: @real.com/nppl3260;version=6.0.11.3088 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.448 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.3146 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.11.3006 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Shirin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Shirin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Shirin\AppData\Roaming\Mozilla\Firefox\Profiles\lzx8zq12.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Shirin\AppData\Roaming\Mozilla\Firefox\Profiles\lzx8zq12.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Shirin\AppData\Roaming\Mozilla\Firefox\Profiles\lzx8zq12.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Shirin\AppData\Roaming\Mozilla\Firefox\Profiles\lzx8zq12.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Shirin\AppData\Roaming\Mozilla\Firefox\Profiles\lzx8zq12.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Shirin\AppData\Roaming\Mozilla\Firefox\Profiles\lzx8zq12.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Shirin\AppData\Roaming\Mozilla\Firefox\Profiles\lzx8zq12.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: StumbleUpon - C:\Users\Shirin\AppData\Roaming\Mozilla\Firefox\Profiles\lzx8zq12.default\Extensions\toolbar@stumbleupon.com
FF Extension: toolbar - C:\Users\Shirin\AppData\Roaming\Mozilla\Firefox\Profiles\lzx8zq12.default\Extensions\toolbar@web.de.xpi
FF Extension: No Name - C:\Users\Shirin\AppData\Roaming\Mozilla\Firefox\Profiles\lzx8zq12.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Shirin\AppData\Roaming\Mozilla\Firefox\Profiles\lzx8zq12.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: support - C:\Program Files\Mozilla Firefox\extensions\support@burn4free-toolbar.com
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF Extension: Bing Bar - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: No Name - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [8704 2012-06-18] (Microsoft)
S3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33752 2008-12-01] (NOS Microsystems Ltd.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [95232 2012-12-04] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S4 mcmscsvc; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [767976 2008-01-09] (McAfee, Inc.)
S4 McNASvc; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2458128 2008-01-25] (McAfee, Inc.)
S4 McODS; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [378184 2007-11-07] (McAfee, Inc.)
S4 McProxy; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [359248 2007-08-15] (McAfee, Inc.)
R2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [144704 2007-07-24] (McAfee, Inc.)
S4 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [695624 2007-12-05] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S4 MpfService; C:\Program Files\McAfee\MPF\MPFSrv.exe [856864 2007-07-18] (McAfee, Inc.)
S4 MSK80Service; C:\Program Files\McAfee\MSK\MskSrver.exe [23880 2007-11-26] (McAfee, Inc.)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] ()
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 StumbleUponUpdater; C:\Users\Shirin\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] ()
S3 BstHdAndroidSvc; "C:\Program Files\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [x]
S2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [x]

==================== Drivers (Whitelisted) ====================

R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [277736 2008-07-30] (Protect Software GmbH)
S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-06-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-06-03] (Avira Operations GmbH & Co. KG)
S3 BTKbFltr; C:\Windows\System32\Drivers\BTKbFltr.sys [29440 2012-06-21] (Anuj Infotech, India)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-03-21] (Acer, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79304 2007-11-22] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35240 2007-11-22] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [201320 2007-11-22] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [33832 2007-11-22] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40488 2007-12-02] (McAfee, Inc.)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [125728 2007-07-13] (McAfee, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R2 NTIPPKernel; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [122368 2008-01-16] (Cyberlink Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-06-03] (Avira GmbH)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-05-09] (Cyberlink Corp.)
S2 BstHdDrv; \??\C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-02 10:56 - 2013-09-02 10:56 - 01085803 _____ (Farbar) C:\Users\Shirin\Desktop\FRST.exe
2013-08-30 12:04 - 2013-08-30 12:04 - 00000000 ____D C:\Users\Shirin\AppData\Roaming\Malwarebytes
2013-08-30 12:04 - 2013-08-30 12:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-30 12:04 - 2013-08-30 12:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-30 12:04 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-30 11:59 - 2013-08-30 12:01 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Shirin\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-29 17:18 - 2012-08-04 13:35 - 99950874 _____ C:\Users\Shirin\Desktop\Polizei gegen Medienprojekt    ZAPP Medienmagazin   NDR.avi
2013-08-29 08:11 - 2013-08-29 08:11 - 00090387 _____ C:\Users\Shirin\.recently-used.xbel
2013-08-28 07:25 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-27 11:19 - 2013-08-27 11:19 - 00001025 _____ C:\Users\Public\Desktop\MAGIX Web Designer 9 Premium.lnk
2013-08-21 08:46 - 2013-08-21 08:46 - 00165221 _____ C:\Users\Shirin\Desktop\facebook-php-sdk-master.zip
2013-08-21 08:44 - 2013-08-21 08:44 - 00044245 _____ C:\Users\Shirin\Desktop\facebook-php-sdk.htm
2013-08-21 08:22 - 2013-08-21 08:24 - 07949158 _____ C:\Users\Shirin\Desktop\kompozer-0.7.10-win32.zip
2013-08-20 10:10 - 2013-08-20 10:10 - 00057757 _____ C:\Users\Shirin\Desktop\FBProblem.xcf
2013-08-18 16:51 - 2013-08-18 16:51 - 04951608 _____ C:\Users\Shirin\Desktop\DoktorArbeit-CitaviDefaultCitationStyle_de.rar
2013-08-17 15:50 - 2013-08-17 15:50 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-16 08:29 - 2013-08-16 08:44 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 08:18 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 08:18 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 08:18 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 08:18 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 08:18 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 08:18 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-16 08:18 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-16 08:18 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 08:18 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-16 08:18 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 08:18 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 08:18 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-16 08:18 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-16 08:18 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 08:18 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 08:18 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 09:25 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 09:25 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 09:25 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 09:25 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-14 09:25 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 09:24 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 09:24 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 09:24 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 09:24 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 09:24 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 09:24 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 09:24 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-06 08:13 - 2013-08-29 17:10 - 00005972 _____ C:\Users\Shirin\AppData\Local\d3d9caps.dat

==================== One Month Modified Files and Folders =======

2013-09-02 10:58 - 2013-09-02 10:58 - 00000000 ____D C:\FRST
2013-09-02 10:56 - 2013-09-02 10:56 - 01085803 _____ (Farbar) C:\Users\Shirin\Desktop\FRST.exe
2013-09-02 10:06 - 2006-11-02 14:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-02 10:06 - 2006-11-02 14:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-02 08:25 - 2008-11-15 16:41 - 01646078 _____ C:\Windows\WindowsUpdate.log
2013-09-02 08:09 - 2012-09-17 17:48 - 00000000 ____D C:\Program Files\Steam
2013-09-02 08:08 - 2013-01-17 03:03 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1351374770-3214567529-3428670696-1000UA.job
2013-09-02 08:06 - 2012-07-05 02:28 - 00000000 _____ C:\sniffer.log
2013-09-02 08:06 - 2008-11-15 17:11 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
2013-09-02 08:05 - 2008-02-05 17:55 - 00000147 _____ C:\Windows\system32\agent.log
2013-09-02 08:05 - 2008-01-21 04:47 - 08995186 _____ C:\Windows\PFRO.log
2013-09-02 08:05 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-30 22:49 - 2006-11-02 15:01 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-30 17:11 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Provisioning
2013-08-30 12:04 - 2013-08-30 12:04 - 00000000 ____D C:\Users\Shirin\AppData\Roaming\Malwarebytes
2013-08-30 12:04 - 2013-08-30 12:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-30 12:04 - 2013-08-30 12:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-30 12:01 - 2013-08-30 11:59 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Shirin\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-30 08:13 - 2013-06-03 16:36 - 00000000 ____D C:\Users\Shirin\Desktop\Documente HP
2013-08-29 17:19 - 2008-01-21 09:16 - 01567488 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-29 17:18 - 2009-03-19 15:37 - 00056320 _____ C:\Users\Shirin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-29 17:10 - 2013-08-06 08:13 - 00005972 _____ C:\Users\Shirin\AppData\Local\d3d9caps.dat
2013-08-29 08:18 - 2013-06-03 12:26 - 00000000 ____D C:\Users\Shirin\.gimp-2.6
2013-08-29 08:11 - 2013-08-29 08:11 - 00090387 _____ C:\Users\Shirin\.recently-used.xbel
2013-08-29 08:11 - 2008-12-07 04:38 - 00000000 ____D C:\Users\Shirin
2013-08-28 10:05 - 2011-05-10 20:42 - 00000000 ____D C:\Users\Shirin\AppData\Roaming\gtk-2.0
2013-08-27 22:38 - 2008-11-15 16:48 - 00098008 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-08-27 22:36 - 2006-11-02 14:47 - 00367128 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-27 11:21 - 2013-07-01 13:30 - 00000000 ____D C:\Users\Shirin\AppData\Roaming\MAGIX
2013-08-27 11:20 - 2013-07-01 13:30 - 00000000 ____D C:\Users\Shirin\AppData\Local\Xara
2013-08-27 11:20 - 2007-04-27 10:43 - 00120200 _____ () C:\Windows\system32\DLLDEV32i.dll
2013-08-27 11:19 - 2013-08-27 11:19 - 00001025 _____ C:\Users\Public\Desktop\MAGIX Web Designer 9 Premium.lnk
2013-08-27 10:53 - 2013-07-01 13:29 - 00000000 ____D C:\ProgramData\MAGIX
2013-08-27 10:53 - 2013-07-01 13:29 - 00000000 ____D C:\Program Files\MAGIX
2013-08-23 14:37 - 2013-06-10 05:20 - 00000000 ____D C:\Users\Shirin\Desktop\Shirin
2013-08-21 08:46 - 2013-08-21 08:46 - 00165221 _____ C:\Users\Shirin\Desktop\facebook-php-sdk-master.zip
2013-08-21 08:44 - 2013-08-21 08:44 - 00044245 _____ C:\Users\Shirin\Desktop\facebook-php-sdk.htm
2013-08-21 08:24 - 2013-08-21 08:22 - 07949158 _____ C:\Users\Shirin\Desktop\kompozer-0.7.10-win32.zip
2013-08-20 10:10 - 2013-08-20 10:10 - 00057757 _____ C:\Users\Shirin\Desktop\FBProblem.xcf
2013-08-18 16:51 - 2013-08-18 16:51 - 04951608 _____ C:\Users\Shirin\Desktop\DoktorArbeit-CitaviDefaultCitationStyle_de.rar
2013-08-17 19:20 - 2012-06-07 22:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-17 15:50 - 2013-08-17 15:50 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-17 15:42 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-17 14:47 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-16 11:14 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-16 08:44 - 2013-08-16 08:29 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 08:29 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-08 11:46 - 2008-12-07 18:05 - 00000000 ____D C:\Users\Shirin\AppData\Local\Adobe
2013-08-07 04:22 - 2009-10-03 06:40 - 00238872 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\Users\Shirin\AppData\Local\Temp\AskSLib.dll
C:\Users\Shirin\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Shirin\AppData\Local\Temp\install_reader10_de_mssd_awc_aih.exe
C:\Users\Shirin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Shirin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Shirin\AppData\Local\Temp\ResetDevice.exe
C:\Users\Shirin\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Shirin\AppData\Local\Temp\uninst1.exe
C:\Users\Shirin\AppData\Local\Temp\zlib1.exe
C:\Users\Shirin\AppData\Local\Temp\_is3BF7.exe
C:\Users\Shirin\AppData\Local\Temp\_isD162.exe
C:\Users\Shirin\AppData\Local\Temp\_isFB97.exe
C:\Users\Shirin\AppData\Local\Temp\{E3FACC1A-ABB6-42E1-89FD-87C9CF398844}\{72D7E3D1-C9DF-4FA6-9F9B-4E5117AB2919}\dotnetfx45_full_x86_x64.exe
C:\Users\Shirin\AppData\Local\Temp\{AC76BA86-7AD7-1031-7B44-AA1000000001}\FixTransforms.exe
C:\Users\Shirin\AppData\Local\Temp\{7BD75556-39EE-4666-B499-30A9F86BCBD1}\ISSetup.dll
C:\Users\Shirin\AppData\Local\Temp\{7BD75556-39EE-4666-B499-30A9F86BCBD1}\_Setup.dll
C:\Users\Shirin\AppData\Local\Temp\{444AA6A1-3160-4B8B-8D85-550AAFFD3B8C}\ISSetup.dll
C:\Users\Shirin\AppData\Local\Temp\{444AA6A1-3160-4B8B-8D85-550AAFFD3B8C}\_Setup.dll
C:\Users\Shirin\AppData\Local\Temp\{29F26719-0E48-48F5-8438-8F7026671D47}\ISSetup.dll
C:\Users\Shirin\AppData\Local\Temp\{29F26719-0E48-48F5-8438-8F7026671D47}\_Setup.dll
C:\Users\Shirin\AppData\Local\Temp\_ISTMP1.DIR\_ISTMP0.DIR\FileGrp\BBInst.dll
C:\Users\Shirin\AppData\Local\Temp\updE458\BabScheduler2000201.exe
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\avmres.dll
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\avwebloader.dll
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\avwebloader.exe
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\avwebloadergui.dll
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\msvcp100.dll
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\msvcr100.dll
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\rcimage.dll
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\rcnwload_ar.dll
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\rcNwLoad_de.dll
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\rcnwload_en.dll
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\rcnwload_es.dll
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\rcNwLoad_fr.dll
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\rcNwLoad_it.dll
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\rcNwLoad_jp.dll
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\rcNwLoad_ko.dll
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\rcnwload_nl.dll
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\rcNwLoad_pt.dll
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\rcNwLoad_ru.dll
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\rcnwload_tr.dll
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\rcNwLoad_zhcn.dll
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\rcNwLoad_zhtw.dll
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\scewxmlw.dll
C:\Users\Shirin\AppData\Local\Temp\RarSFX0\update.dll
C:\Users\Shirin\AppData\Local\Temp\NeroInstallFiles\NERO20120813114817075\setup.exe
C:\Users\Shirin\AppData\Local\Temp\NeroInstallFiles\NERO20120813114817075\ISSetupPrerequisites\systemRequirementValidator\NeroOSValidator.exe
C:\Users\Shirin\AppData\Local\Temp\NeroInstallFiles\NERO20120813114817075\ISSetupPrerequisites\systemRequirementValidator\PRQStarter-1.exe
C:\Users\Shirin\AppData\Local\Temp\NeroInstallFiles\NERO20120813114817075\ISSetupPrerequisites\rebootValidator\PRQStarter-1.exe
C:\Users\Shirin\AppData\Local\Temp\NeroInstallFiles\NERO20120813114817075\ISSetupPrerequisites\neroAskToolbar\ApnIC.dll
C:\Users\Shirin\AppData\Local\Temp\NeroInstallFiles\NERO20120813114817075\ISSetupPrerequisites\neroAskToolbar\ApnStub.exe
C:\Users\Shirin\AppData\Local\Temp\NeroInstallFiles\NERO20120813114817075\ISSetupPrerequisites\neroAskToolbar\ApnToolbarInstaller.exe
C:\Users\Shirin\AppData\Local\Temp\NeroInstallFiles\NERO20120813114817075\ISSetupPrerequisites\neroAskToolbar\AskToolbarNRO.exe
C:\Users\Shirin\AppData\Local\Temp\NeroInstallFiles\NERO20120813114817075\ISSetupPrerequisites\neroAskToolbar\AskToolbarNRO3.exe
C:\Users\Shirin\AppData\Local\Temp\NeroInstallFiles\NERO20120813114817075\ISSetupPrerequisites\neroAskToolbar\NeroBar.exe
C:\Users\Shirin\AppData\Local\Temp\NeroInstallFiles\NERO20120813114817075\ISSetupPrerequisites\neroAskToolbar\PRQStarter-1.exe
C:\Users\Shirin\AppData\Local\Temp\NeroInstallFiles\NERO20120813114817075\ISSetupPrerequisites\msi4.5ForWindowsxpX86\PRQStarter-1.exe
C:\Users\Shirin\AppData\Local\Temp\NeroInstallFiles\NERO20120813114817075\ISSetupPrerequisites\msi4.5ForWindowsxpX86\WindowsXP-KB942288-v3-x86.exe
C:\Users\Shirin\AppData\Local\Temp\NeroInstallFiles\NERO20120813114817075\ISSetupPrerequisites\msi4.5ForWindows6.0X86\PRQStarter-1.exe
C:\Users\Shirin\AppData\Local\Temp\NeroInstallFiles\NERO20120813114817075\ISSetupPrerequisites\msi4.5ForWindows6.0X64\PRQStarter-1.exe
C:\Users\Shirin\AppData\Local\Temp\NeroInstallFiles\NERO20120813114817075\ISSetupPrerequisites\microsoftVcRedist2010Sp1X86\PRQStarter-1.exe
C:\Users\Shirin\AppData\Local\Temp\NeroInstallFiles\NERO20120813114817075\ISSetupPrerequisites\microsoftVcRedist2010Sp1X86\vcredist_x86.exe
C:\Users\Shirin\AppData\Local\Temp\NeroInstallFiles\NERO20120813114817075\ISSetupPrerequisites\microsoftVcRedist2010Sp1X64\PRQStarter-1.exe
C:\Users\Shirin\AppData\Local\Temp\NeroInstallFiles\NERO20120813114817075\ISSetupPrerequisites\microsoftVcRedist2010Sp1X64\vcredist_x64.exe
C:\Users\Shirin\AppData\Local\Temp\MSI66DA.tmp-\HD-ShortcutHandler.dll
C:\Users\Shirin\AppData\Local\Temp\MSI1CAE.tmp-\HD-ShortcutHandler.dll
C:\Users\Shirin\AppData\Local\Temp\MSI153E.tmp-\HD-ShortcutHandler.dll
C:\Users\Shirin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
C:\Users\Shirin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL
C:\Users\Shirin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\64bitProxy.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\aebb.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\aecore.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\aeemu.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\aeexp.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\aegen.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\aehelp.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\aeheur.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\aeoffice.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\aepack.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\aerdl.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\aesbx.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\aescn.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\aescript.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\aevdf.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\apcfile.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ApnIC.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ApnStub.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ApnToolbarInstaller.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\AppRemover_64.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\AppRemover_API.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\AppRemover_CLI.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avacl.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avadmin.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avarkt.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avbb.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avcenter.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avconfig.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avconfig.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avesvc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avevtlog.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avgio.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avgnt.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avguard.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avinet.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avipc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avlode.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avmres.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avnotify.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avpref.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avreg.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avrep.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avrestart.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avscan.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avscplr.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avsda.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avsda64.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avsmtp.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avupgsvc.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avwebg7.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avwebgrd.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avwebloader.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avwebloader.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avwebloadergui.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avwinll.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avwmi.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\avwsc.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccavscanex.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccev.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccevw.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccgen.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccgenw.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccgrdw.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccguard.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\cchips.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\cclic.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\cclicw.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccmsg.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccprofil.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccquamgr.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccquaw.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccreport.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccrepow.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccscanw.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccsched.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccschedw.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccuac.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccupdate.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccupdw.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccwebtabs.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccwgrd.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccwgrdw.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ccwkrlib.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\cfglib.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\extdlgfw.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\fact.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\gpavgio.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\gpevtlog.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\gpgavid.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\gpgen.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\gpgenrep.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\gpgrd.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\gpgui.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\gpipc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\gplegacy.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\gpschd.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\grdcore.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\guardgui.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\imp64b.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\inssda64.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\insthlp.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ipmgui.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\libapr-1.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\libapriconv-1.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\libaprutil-1.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\libcurl.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\libdb44.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\libeay32.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\licmgr.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\luke.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\mgrs.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\msgclient.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\msvcp80.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\msvcr80.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\netnt.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\onlcfg.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\presetup.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_ar.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_de.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_en.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_es.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_fr.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_it.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_jp.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_ko.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_nl.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_pt.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_ru.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_tr.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_zhcn.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\rcnwload_zhtw.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\scewxmlw.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\sched.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\setup.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\setuppending.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\shlext.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\shlext64.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\sqlite3.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\ssleay32.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\thorwac.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\toastNotifier.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\unacev2.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\update.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\update.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\updext.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\updgui.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\updrgui.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\vcredist_x86.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\wksstats.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\wsctool.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\xp\avshadow.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\vista64\avipc64.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\vista64\avshadow.exe
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\avconfigrc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\avesvcr.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\avevtrc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\avnotify.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\avscanrc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\avwebgrc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccavscanexrc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccevrc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccgenrc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccgrdrc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\cchipsrc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\cclicrc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccmainrc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccmsgrc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccquarc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccreporc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccscanrc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccscherc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccupdrc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccwebtabsrc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\ccwgrdrc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\factrc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\guardmsg.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\licmgr.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\lukeres.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\rchelp.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\rcimage.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\rctext.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\restartrc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\schedr.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\setup.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\updaterc.dll
C:\Users\Shirin\AppData\Local\Temp\avnwldrtemp\setup\de-de\updguirc.dll
C:\Users\Shirin\AppData\Local\Temp\2FDBB3CD-BAB0-7891-AF80-578B466BFB37\Latest\BExternal.dll
C:\Users\Shirin\AppData\Local\Temp\2FDBB3CD-BAB0-7891-AF80-578B466BFB37\Latest\BUSolForMontiera.dll
C:\Users\Shirin\AppData\Local\Temp\2FDBB3CD-BAB0-7891-AF80-578B466BFB37\Latest\BUSolution.dll
C:\Users\Shirin\AppData\Local\Temp\2FDBB3CD-BAB0-7891-AF80-578B466BFB37\Latest\GUninstaller.exe
C:\Users\Shirin\AppData\Local\Temp\2FDBB3CD-BAB0-7891-AF80-578B466BFB37\Latest\IEHelper.dll
C:\Users\Shirin\AppData\Local\Temp\2FDBB3CD-BAB0-7891-AF80-578B466BFB37\Latest\MntrDLLInstall.dll
C:\Users\Shirin\AppData\Local\Temp\2FDBB3CD-BAB0-7891-AF80-578B466BFB37\Latest\sqlite3.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-02 09:02

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-09-2013 04
Ran by Shirin at 2013-09-02 11:01:47
Running from C:\Users\Shirin\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Arcade Deluxe (Version: 2.0.5412)
Acer eDataSecurity Management (Version: 3.0.3062)
Acer Empowering Technology (Version: 3.0.3006)
Acer ePower Management (Version: 3.0.3012)
Acer eRecovery Management (Version: 3.0.3013)
Acer eSettings Management (Version: 3.0.3007)
Acer GameZone Console 2.0.1.1
Acer GridVista (Version: 2.72.317)
Acer Mobility Center Plug-In (Version: 3.0.3000)
Acer ScreenSaver (Version: 1.12.0506)
Acoustica MP3 To Wave Converter PLUS (Version: 2.5)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 9.5.0 - Deutsch (Version: 9.5.0)
Agatha Christie Death on the Nile
Agere Systems HDA Modem
Alice Greenfingers
Audacity 1.2.6
Audiograbber 1.83 SE  (Version: 1.83 SE)
Avira Free Antivirus (Version: 13.0.0.3885)
Azada
Backspin Billiards
Big Kahuna Reef
Bing Bar (Version: 5.0.1449.0)
Bing Bar Platform (Version: 5.0.1449.0)
Bricks of Egypt
Broadcom Gigabit Integrated Controller (Version: 11.11.03)
Burn4Free CD and DVD
Burn4Free Toolbar (Version: 3.3.0.1)
Cake Mania
calibre (Version: 0.8.4)
Chicken Invaders 3
Chuzzle
Citavi (Version: 3.4.0.2)
Citavi 4 (Version: 4.1.0.3)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
CyberLink PowerDirector (Version: 6.5.3023)
DIE SIEDLER - Aufstieg eines Königreichs (Version: 1.00.0000)
Die Siedler IV
Diner Dash Flo on the Go
Disciples III Version 1.06.3 (Version: 1.06.3)
DivX Plus Web Player (Version: 2.0.0)
Dropbox (HKCU Version: 1.4.17)
EPSON Scan
EPSON-Drucker-Software
eSobi v2 (Version: 2.0.3.000189)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Free Audio Converter version 5.0.6.221 (Version: 5.0.6.221)
Free FLV Converter V 7.4.0 (Version: 7.4.0.0)
Free YouTube Download version 3.0.0.602
Freemake Video Downloader (Version: 3.0.1)
GIMP 2.6.10 (Version: 2.6.10)
Google Toolbar for Internet Explorer (Version: 1.0.0)
GUI for dvdauthor 1.07 (Version: 1.07)
HD Writer AE 3.0 (Version: 3.00.019.1031)
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (Version: 22.0.334.0)
HP Officejet 6500 E710a-f Hilfe (Version: 140.0.2.2)
HP Update (Version: 5.002.007.004)
I.R.I.S. OCR (Version: 12.3.4)
ICQ6.5 (Version: 6.5)
ImgBurn (Version: 2.5.7.0)
Incomedia WebSite X5 v10 - Evolution Demo (Version: 10.0.4.28)
Incomedia WebSite X5 v10 - Free (Version: 10.0.6.31)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IrfanView (remove only) (Version: 4.32)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Jewel Quest Solitaire
JMicron JMB38X Flash Media Controller (Version: 1.00.10.04)
Kick N Rush
King's Quest I: Quest for the Crown (4.1) (Version: 4.1)
Lame ACM MP3 Codec
Launch Manager
LightScribe  1.4.142.1 (Version: 1.4.142.1)
MAGIX Web Designer 9 (Version: 9.0.1.27343)
MAGIX Web Designer 9 Premium (Version: 9.0.1.27343)
Mahjong Escape Ancient China
Mahjongg Artifacts
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Marketsplash Schnellzugriffe (Version: 1.0.0.9)
McAfee Security Scan Plus (Version: 3.0.318.3)
McAfee SecurityCenter
Meine CEWE FOTOWELT
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Default Manager (Version: 2.1.55.0)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6215.1000)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Search Enhancement Pack (Version: 2.0.271.0)
Microsoft Silverlight (Version: 3.0.40818.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0822)
Mobile Partner (Version: 11.302.09.01.528)
Mobipocket Creator 4.2 (Version: 4.2.41)
Mobipocket Reader 6.2 (Version: 6.2.608)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MuseScore 1.2 MuseScore score typesetter (Version: 1.2.0)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
Nero ControlCenter (Version: 11.0.15200)
Nero ControlCenter Help (CHM) (Version: 12.0.5000)
Nero Core Components (Version: 11.0.18100)
Nero CoverDesigner (Version: 12.0.00500)
Nero CoverDesigner (Version: 12.0.9000)
Nero CoverDesigner Help (CHM) (Version: 12.0.2000)
Nero Update (Version: 11.0.11800.31.0)
Nokia Connectivity Cable Driver (Version: 7.1.32.69)
NTI Backup Now 5 (Version: 5.1.2.606)
NTI Backup Now Standard (Version: 5.1.2.606)
NTI Media Maker 8 (Version: 8.0.2.6329)
ODF Add-In für Microsoft Office (Version: 4.0.5309.0)
Orion (Version: 2.0.1)
PDF To JPG Converter 2.0.2
PDFCreator (Version: 1.2.1)
Phase 5 HTML-Editor (Version: 5.6.2.3)
Philips SA19XX Device Manager (Version: 1.048.0.0)
PhotoNow! (Version: 1.1.4619)
Port Royale 2
Prerequisite installer (Version: 12.0.0002)
Protect Disc License Helper 1.0.118 (Version: 1.0.118)
ProtectDisc Driver, Version 11 (Version: 11.0.0.11)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.5612)
Roulette (Version 1.2) (Version: 1.2)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0)
Shogun - Total War - Gold Edition (Version: 1.00.0000)
Sid Meier's Civilization 4 - Beyond the Sword (Version: 3.01)
Sid Meier's Civilization 4 - Warlords (Version: 2.13)
Sid Meier's Civilization 4 (Version: 1.61)
Sid Meier's Civilization 4 (Version: 1.74)
Sid Meier's Civilization IV Colonization (Version: 1.00)
Sid Meier's Civilization V
simplitec simplicheck (Version: 1.3.10.0)
Skype™ 5.9 (Version: 5.9.115)
softonic-de3 Toolbar (Version: 5.7.1.1)
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 10.2.4.0)
System Requirements Lab for Intel (Version: 4.5.13.0)
Turbo Pizza
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1)
Update for Office 2007 (KB946691)
Vampires Dawn I: Reign of Blood (Version: Vampires Dawn I: Reign of Blood)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Vista Codec Package (Version: 5.4.9.5)
VLC media player 2.0.1 (Version: 2.0.1)
Web Designer Premium 9 Update (Version: 9.0.3.28277)
Wildlife Park 3 v1.11
Winamp (Version: 5.541 )
Winamp Toolbar for Firefox (Version: 5.5.1.1)
Winamp Toolbar for Internet Explorer (Version: 5.1.28.2)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR
XMedia Recode Version 3.1.1.6 (Version: 3.1.1.6)
Zuma Deluxe
Zylom Games Player Plugin
 

==================== Restore Points  =========================

19-08-2013 06:26:12 Geplanter Prüfpunkt
21-08-2013 17:43:43 Geplanter Prüfpunkt
23-08-2013 06:18:51 Geplanter Prüfpunkt
25-08-2013 06:48:30 Geplanter Prüfpunkt
26-08-2013 12:02:29 Geplanter Prüfpunkt
27-08-2013 07:12:04 Geplanter Prüfpunkt
29-08-2013 05:26:15 Windows Update
30-08-2013 08:45:01 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {19F59237-3329-4AB5-A935-0AFAAF7A426E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2008-01-21] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {22D26158-5537-4C1E-97CF-E1E8C33AF395} - System32\Tasks\Microsoft\Windows\WindowsBackup\CheckFull => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {642DEE0C-3A4A-47CC-AF08-3F5E096DEABF} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {6B4339E4-492C-47D3-A986-C9FF40237A74} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {90A321E6-CE28-4D45-AC39-481FED710651} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {A9C55978-FFBF-4A38-9590-5662439BED74} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1351374770-3214567529-3428670696-1000UA => C:\Users\Shirin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-17] (Facebook Inc.)
Task: {BB0E29C6-02ED-4B03-AD9F-7A58DFBE8DCA} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {BD1FF2AA-744B-4EC3-ABF8-DD264EE4D8AE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1351374770-3214567529-3428670696-1000Core => C:\Users\Shirin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-17] (Facebook Inc.)
Task: {C13B14F5-69BB-4CB4-A3D8-976FA7032420} - System32\Tasks\McQcTask => c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04] (McAfee, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FE73E5EF-7BCC-406F-AE1B-868EB0C482D5} - System32\Tasks\McDefragTask => c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04] (McAfee, Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1351374770-3214567529-3428670696-1000Core.job => C:\Users\Shirin\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1351374770-3214567529-3428670696-1000UA.job => C:\Users\Shirin\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\McDefragTask.job => C:\Windows\system32\defrag.exe
Task: C:\Windows\Tasks\McQcTask.job => c:\PROGRA~1\mcafee\mqc\QcConsol.exe

==================== Loaded Modules (whitelisted) =============

2013-08-30 12:04 - 2013-04-04 14:50 - 00527944 _____ (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
2013-08-30 12:04 - 2013-04-04 14:50 - 02191944 _____ (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
2008-02-05 17:36 - 2008-06-11 11:21 - 00204800 _____ () C:\Windows\System32\SysHook.dll
2009-09-24 08:32 - 2009-04-11 08:28 - 02012160 _____ (Microsoft Corporation) C:\Windows\system32\milcore.dll
2012-06-30 06:19 - 2012-06-30 06:19 - 00094208 _____ (Dropbox, Inc.) C:\Users\Shirin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
2012-08-27 06:10 - 2012-08-27 06:10 - 00499712 _____ (Microsoft Corporation) C:\Users\Shirin\AppData\Roaming\Dropbox\bin\MSVCP71.dll
2012-06-18 21:22 - 2012-06-18 21:22 - 00348160 _____ (Microsoft Corporation) C:\Users\Shirin\AppData\Roaming\Dropbox\bin\MSVCR71.dll
2008-05-14 18:05 - 2008-05-14 18:05 - 00121392 _____ (Egis Inc.) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
2008-05-14 18:05 - 2008-05-14 18:05 - 00240176 _____ (Egis Incorporated.) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
2006-11-02 10:34 - 2006-11-02 11:46 - 00869376 _____ (Microsoft Corporation) C:\Windows\system32\WINBRAND.dll
2010-10-13 12:45 - 2010-05-04 21:13 - 00231424 _____ (Microsoft Corporation) C:\Windows\System32\msshsq.dll
2008-01-21 04:23 - 2008-01-21 04:23 - 02243072 _____ (Microsoft Corporation) C:\Windows\System32\NLSData0007.dll
2008-01-21 04:24 - 2008-01-21 04:24 - 00397312 _____ (Microsoft Corporation) C:\Windows\system32\audioeng.dll
2008-01-21 04:24 - 2008-01-21 04:24 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2009-09-24 08:31 - 2009-04-11 08:28 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\wscntfy.dll
2009-09-24 08:32 - 2009-04-11 08:28 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\FunDisc.dll
2009-09-24 08:31 - 2009-04-11 08:28 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\fdproxy.dll
2006-11-02 10:40 - 2006-11-02 11:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\tschannel.dll
2008-01-21 04:23 - 2008-01-21 04:23 - 01298432 _____ (Microsoft Corporation) C:\Windows\System32\TMM.dll
2008-09-02 09:09 - 2008-07-11 03:52 - 00249856 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2008-09-02 09:09 - 2008-07-11 03:50 - 00208896 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2006-11-02 14:34 - 2006-11-02 14:34 - 00653928 _____ (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpRes.dll
2008-01-21 04:23 - 2008-01-21 04:23 - 00671288 _____ (Microsoft Corporation) C:\Program Files\Windows Defender\MpRtMon.DLL
2008-02-06 01:45 - 2008-01-18 04:51 - 00163840 _____ (Synaptics, Inc.) C:\Windows\system32\SynCOM.dll
2008-02-06 01:45 - 2008-01-18 05:03 - 00147456 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPAPI.dll
2009-12-15 12:25 - 2009-12-15 12:25 - 00479232 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcm80.dll
2013-07-10 07:19 - 2013-04-23 01:00 - 05920408 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
2013-07-11 12:57 - 2013-07-11 12:57 - 11497984 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
2013-01-15 02:13 - 2012-10-05 12:58 - 00364656 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
2013-08-17 14:34 - 2013-08-17 14:34 - 07977984 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
2013-08-17 14:37 - 2013-08-17 14:37 - 01593344 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
2013-08-17 14:39 - 2013-08-17 14:39 - 12434432 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f575e4c534a93294c72fea670ca73492\System.Windows.Forms.ni.dll
2013-08-17 15:23 - 2013-08-17 15:23 - 00771584 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
2008-02-05 17:32 - 2008-02-05 17:32 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
2008-02-05 17:36 - 2008-06-11 11:20 - 00032768 _____ (Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\WMIInterface.dll
2008-02-05 17:32 - 2008-02-05 17:32 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
2008-02-05 17:32 - 2008-02-05 17:32 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2013-08-17 15:23 - 2013-08-17 15:23 - 00212992 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5974034f0f53755b11bde4c9698261cb\System.ServiceProcess.ni.dll
2008-05-14 18:04 - 2008-05-14 18:04 - 00254000 _____ (Egis Incorporated.) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ADMIN_CLASS_LIB.dll
2008-05-14 18:04 - 2008-05-14 18:04 - 00272944 _____ (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\keyManager.dll
2008-05-14 18:04 - 2008-05-14 18:04 - 00551472 _____ (Egis inc.) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\CryptoAPI.dll
2008-05-14 18:05 - 2008-05-14 18:05 - 00199216 _____ (Egis Incorporated.) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDUtil.dll
2008-05-14 18:05 - 2008-05-14 18:05 - 00227888 _____ () C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2008-05-14 18:04 - 2008-05-14 18:04 - 00103472 _____ (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSop.dll
2012-03-05 13:08 - 2012-03-05 13:08 - 00065536 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\MFC80DEU.DLL
2009-09-24 08:32 - 2009-03-30 06:42 - 00074048 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
2008-05-14 18:04 - 2008-05-14 18:04 - 04966960 _____ (Egis Incorporated.) C:\Program Files\Acer\Empowering Technology\eDataSecurity\EDS.Windows.Forms.dll
2008-04-28 10:49 - 2008-04-28 10:49 - 00003072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2008-11-15 16:40 - 2008-04-15 18:30 - 00204800 _____ (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
2008-11-15 16:40 - 2008-04-15 18:51 - 00077824 _____ (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAMon_DEU.dll
2008-09-02 09:09 - 2008-07-11 03:50 - 00106496 _____ (Intel Corporation) C:\Windows\System32\hccutils.DLL
2008-09-02 09:09 - 2008-07-11 03:51 - 00051712 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2008-09-02 09:09 - 2008-07-11 03:56 - 00274432 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2008-02-06 01:45 - 2008-07-02 04:50 - 00047888 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\CDRomUtl.dll
2008-02-06 01:45 - 2008-07-02 04:50 - 00105312 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\ComFnUtl.dll
2008-02-06 01:45 - 2008-07-02 04:51 - 00068368 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\MixerUtl.dll
2008-02-06 01:45 - 2008-07-02 04:51 - 00154464 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\OSDUtl.dll
2008-02-06 01:45 - 2008-07-02 04:51 - 00084568 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\RgnMaker.dll
2008-02-06 01:45 - 2008-07-02 04:52 - 00068368 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\SzUPFUtl.dll
2008-02-06 01:45 - 2008-07-02 04:52 - 00060176 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\Wnd2File.dll
2008-02-06 01:45 - 2008-07-02 04:52 - 00056080 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\SzPtcUtl.dll
2008-02-06 01:45 - 2008-07-02 04:51 - 00084752 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\LgKCUtl.Dll
2008-02-06 01:45 - 2008-07-02 04:50 - 00064272 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\DialCnt.Dll
2008-02-06 01:45 - 2008-07-02 04:52 - 00158480 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\VistaVol.DLL
2008-02-06 01:45 - 2008-07-02 04:51 - 00256520 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\MMDUtl.DLL
2008-09-02 09:09 - 2008-07-11 03:51 - 00024576 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2008-02-06 01:45 - 2008-01-18 04:51 - 00163840 _____ (Synaptics, Inc.) C:\Windows\system32\Syncom.dll
2008-02-06 01:45 - 2008-07-02 04:51 - 00059912 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\NTKCUtl.dll
2008-02-06 01:45 - 2008-07-02 04:52 - 00096776 _____ (Dritek System Inc.) C:\Program Files\Launch Manager\WHookCtl.dll
2008-05-29 18:44 - 2008-05-29 18:44 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\MFC71.DLL
2008-05-29 18:44 - 2008-05-29 18:44 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR71.dll
2008-05-29 18:44 - 2008-05-29 18:44 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP71.dll
2008-05-29 18:44 - 2008-05-29 18:44 - 00047616 ____N (CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\Common\CLRCEngine3.dll
2008-05-29 18:44 - 2008-05-29 18:44 - 00753664 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2006-10-26 22:41 - 2006-10-26 22:41 - 00044344 _____ (Microsoft Corporation) C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
2010-10-13 12:47 - 2010-09-13 17:46 - 10628096 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2010-10-13 12:47 - 2010-09-13 15:56 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.dll
2008-05-29 18:44 - 2008-05-29 18:44 - 00007680 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2008-11-15 17:15 - 2008-05-09 12:55 - 01060864 ____N (Microsoft Corporation) C:\Program Files\Acer Arcade Deluxe\PlayMovie\MFC71.DLL
2008-11-15 17:15 - 2008-05-09 12:55 - 00348160 ____N (Microsoft Corporation) C:\Program Files\Acer Arcade Deluxe\PlayMovie\MSVCR71.dll
2008-11-15 17:15 - 2008-05-09 12:55 - 00499712 ____N (Microsoft Corporation) C:\Program Files\Acer Arcade Deluxe\PlayMovie\MSVCP71.dll
2010-04-26 16:07 - 2010-04-26 16:07 - 00121856 _____ (Microsoft Corporation) C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\XmlLite.dll
2009-08-17 21:34 - 2009-08-17 21:34 - 00876872 _____ ( Microsoft Corporation) C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
2009-09-24 08:32 - 2009-04-11 08:28 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2009-08-17 21:34 - 2009-08-17 21:34 - 04508992 _____ (Microsoft Corporation) C:\Program Files\Microsoft Silverlight\3.0.40818.0\agcore.dll
2011-05-20 14:40 - 2010-04-27 16:39 - 00325976 _____ (Microsoft Corp.) C:\Users\Shirin\AppData\Local\Microsoft\Toolbar\Applications\AppMgr.dll
2009-08-17 21:34 - 2009-08-17 21:34 - 03077952 _____ (Microsoft Corporation) C:\Program Files\Microsoft Silverlight\3.0.40818.0\coreclr.dll
2011-04-22 15:23 - 2011-04-22 15:23 - 00095064 _____ (Microsoft Corp.) C:\Users\Shirin\AppData\Local\Microsoft\Toolbar\Applications\SCExtension.dll
2011-04-22 15:23 - 2011-04-22 15:23 - 00447832 _____ (Microsoft Corp.) C:\Users\Shirin\AppData\Local\Microsoft\Toolbar\Applications\WLExtension.dll
2009-08-18 11:30 - 2009-08-18 11:30 - 00807832 _____ (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
2009-08-17 21:34 - 2009-08-17 21:34 - 00171856 _____ ( Microsoft Corporation) C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrlUI.dll
2009-08-17 21:34 - 2009-08-17 21:34 - 00010576 _____ (Microsoft Corporation) C:\Program Files\Microsoft Silverlight\3.0.40818.0\de\mscorrc.dll
2011-02-20 00:03 - 2011-02-20 00:03 - 04422992 _____ (Microsoft Corporation) C:\Windows\system32\mfc100u.dll
2011-02-19 01:40 - 2011-02-19 01:40 - 00773968 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100.dll
2011-02-20 00:03 - 2011-02-20 00:03 - 00421200 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP100.dll
2011-02-20 00:03 - 2011-02-20 00:03 - 00064336 _____ (Microsoft Corporation) C:\Windows\system32\MFC100DEU.DLL
2013-06-03 16:33 - 2013-06-26 11:15 - 00739384 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll
2013-06-03 16:33 - 2013-06-26 11:13 - 00054840 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cfglib.dll
2013-06-03 16:32 - 2013-06-26 11:15 - 00349752 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccguard.dll
2013-06-03 16:32 - 2013-06-03 16:09 - 00030432 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgrdrc.dll
2013-06-03 16:32 - 2013-06-26 11:15 - 00229432 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgrdw.dll
2013-06-03 16:33 - 2013-06-26 11:15 - 00378424 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\grdcore.dll
2013-06-03 16:33 - 2013-06-26 11:15 - 00218168 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\gpipc.dll
2013-06-03 16:32 - 2013-06-26 11:13 - 00059448 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avipc.dll
2013-06-03 16:33 - 2013-06-26 11:15 - 00418872 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccwgrd.dll
2013-06-03 16:32 - 2013-06-26 11:15 - 00790584 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgen.dll
2013-06-03 16:32 - 2013-06-26 11:15 - 00049208 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccgenrc.dll
2013-06-03 16:33 - 2013-06-26 11:15 - 00219192 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccupdate.dll
2013-06-03 16:33 - 2013-06-03 16:10 - 00029472 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccupdrc.dll
2013-06-03 16:32 - 2013-06-26 11:15 - 00082488 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cclic.dll
2013-06-03 16:32 - 2013-06-03 16:10 - 00011632 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\cclicrc.dll
2013-06-03 16:32 - 2013-06-26 11:15 - 00207928 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmsg.dll
2013-06-03 16:32 - 2013-06-03 16:10 - 00010608 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmsgrc.dll
2013-06-03 16:33 - 2013-06-03 16:04 - 04780832 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\rcimage.dll
2013-06-03 16:32 - 2013-06-03 16:10 - 00016240 _____ (Avira Operations GmbH & Co. KG) c:\program files\avira\antivir desktop\ccmainrc.dll
2013-06-03 16:33 - 2013-06-26 11:15 - 00212536 _____ (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ccupdw.dll
2013-08-16 08:18 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 07:18 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\D3D10Warp.dll
2006-11-02 14:35 - 2006-11-02 14:35 - 00063488 _____ (Microsoft Corporation) C:\Program Files\Windows Sidebar\wlsrvc.dll
2013-07-10 07:18 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-10 07:18 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2008-09-02 09:09 - 2008-07-11 04:17 - 00536576 _____ (Intel Corporation) C:\Windows\system32\igdumdx32.dll
2008-09-02 09:09 - 2008-07-11 04:20 - 03313664 _____ (Intel Corporation) C:\Windows\system32\igdumd32.dll
2008-01-21 04:24 - 2008-01-21 04:24 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\D3DIM700.DLL
2010-10-07 00:29 - 2010-10-07 00:29 - 00149560 _____ (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\gtn.dll
2010-10-07 00:29 - 2010-10-07 00:29 - 00842296 _____ (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
2006-11-02 14:35 - 2006-11-02 14:35 - 00116736 _____ (Microsoft Corporation) C:\Windows\eHome\ehProxy.dll
2008-01-21 04:25 - 2008-01-21 04:25 - 00195072 _____ (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnssci.dll
2012-02-27 12:46 - 2012-02-27 12:46 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\Dxtrans.dll
2006-11-02 11:03 - 2006-11-02 11:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\ddrawex.dll
2012-02-27 12:46 - 2012-02-27 12:46 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\Dxtmsft.dll
2009-09-24 08:32 - 2009-04-11 08:28 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Shirin\Desktop\ManuelBerger_Menschen.mpg:TOC.WMV

==================== Faulty Device Manager Devices =============

Name: Microsoft-6zu4-Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-6zu4-Adapter #2
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-6zu4-Adapter #3
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-6zu4-Adapter #4
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-6zu4-Adapter #5
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-6zu4-Adapter #6
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-6zu4-Adapter #8
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-6zu4-Adapter #9
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-6zu4-Adapter #7
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-6zu4-Adapter #10
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2013 10:57:13 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 23.0.1.4974 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1460
Anfangszeit: 01cea7b9e9342bec
Zeitpunkt der Beendigung: 35

Error: (09/02/2013 10:49:59 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 23.0.1.4974 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: bb8
Anfangszeit: 01cea7b8e6d0dcfc
Zeitpunkt der Beendigung: 127

Error: (09/02/2013 10:46:12 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 23.0.1.4974 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 137c
Anfangszeit: 01cea7b877017b0c
Zeitpunkt der Beendigung: 66

Error: (09/02/2013 10:43:12 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 23.0.1.4974 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 13c8
Anfangszeit: 01cea7b7d4d9cadc
Zeitpunkt der Beendigung: 499

Error: (09/02/2013 08:08:32 AM) (Source: Google Update) (User: Black-Pearl)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (09/02/2013 08:06:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2013 08:08:11 PM) (Source: Google Update) (User: Black-Pearl)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (08/30/2013 05:13:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2013 05:08:07 PM) (Source: Google Update) (User: Black-Pearl)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (08/30/2013 02:08:09 PM) (Source: Google Update) (User: Black-Pearl)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned


System errors:
=============
Error: (09/02/2013 08:06:36 AM) (Source: Service Control Manager) (User: )
Description: BlueStacks Log Rotator Service%%2

Error: (09/02/2013 08:06:36 AM) (Source: Service Control Manager) (User: )
Description: BlueStacks Hypervisor%%3

Error: (08/30/2013 05:13:26 PM) (Source: Service Control Manager) (User: )
Description: BlueStacks Log Rotator Service%%2

Error: (08/30/2013 05:13:26 PM) (Source: Service Control Manager) (User: )
Description: BlueStacks Hypervisor%%3

Error: (08/30/2013 11:41:42 AM) (Source: Service Control Manager) (User: )
Description: 30000EMDMgmt

Error: (08/30/2013 11:41:12 AM) (Source: Service Control Manager) (User: )
Description: 30000SysMain

Error: (08/30/2013 11:40:43 AM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks

Error: (08/30/2013 07:24:01 AM) (Source: Service Control Manager) (User: )
Description: BlueStacks Log Rotator Service%%2

Error: (08/30/2013 07:24:01 AM) (Source: Service Control Manager) (User: )
Description: BlueStacks Hypervisor%%3

Error: (08/29/2013 08:43:35 PM) (Source: Service Control Manager) (User: )
Description: BlueStacks Log Rotator Service%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-08-30 22:25:05.089
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-30 22:25:04.239
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-30 22:25:03.386
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-30 22:25:02.536
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-30 22:25:01.675
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-30 22:25:00.819
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-30 22:24:59.747
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-30 22:24:58.857
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-30 22:24:57.993
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-30 22:24:57.157
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 49%
Total physical RAM: 3000.12 MB
Available physical RAM: 1514.74 MB
Total Pagefile: 6224.52 MB
Available Pagefile: 4536.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.81 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:111.44 GB) (Free:18.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:111.44 GB) (Free:11.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 8CF27C7C)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=111 GB) - (Type=07 NTFS)

==================== End Of Log ============================

sehr schlimm?

Ist das Ding jetzt sauber oder eher nicht

schrauber · 02.09.2013, 18:36

Eher nicht, aber entspann dich, wir machen das schon

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Vielleicht gvu/bka virus

Plagegeister aller Art und deren Bekämpfung: Vielleicht gvu/bka virus