| |
| |||||||
Log-Analyse und Auswertung: Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer BildschirmWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.09.2013, 12:46
| #1 |
  |  Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Hallo, vor wenigen Tagen erhielt ich den Laptop einer Freundin zu welchem ihr Sohn ebenfalls Zugang hat. Offensichtlich mit starkem Befall. Da die beiden ebenfalls keine Ahnung haben, baten sie mich um Hilfe und ich hiermit euch. Kurze Info zum Laptop: Er wurde von einem Gebrauchthändler gekauft, inkl. Windows. Da kein Windows-Aufkleber auf ihm vorhanden ist, zweifle ich an der Echtheit von Windows. Wie kann man soetwas herausfinden? Zum eigentlichen, In abgesicherten Modi booten: Nach Anmeldung sofort automatischer Neustart. Normal booten: Nach Anmelden Weißer Bildschirm, ausser Neustart nichts mehr möglich. Um wenigstens das Bootproblem zu lösen half das Programm "HitmanPro" (von Botfrei.de) Log: siehe Anhang, da zu lang Ich bezweifle dass der Computer schon Virenfrei ist, dafür fand der erste Scan viel zu viel. Hier die Logs von defogger, FRST & Gmer: defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:36 on 13/09/2013 (user)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-09-2013
Ran by user (administrator) on USER-PC on 13-09-2013 12:38:59
Running from C:\Users\user\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
() C:\Program Files\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MouseDriver] - C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKCU\...\Run: [Google Update] - C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-03] (Google Inc.)
HKCU\...\Run: [RocketDock] - C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
MountPoints2: {ffb082ce-cab1-11e2-8597-00262285f644} - F:\Autorun.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE69ECB89E889CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=46364&st=home&tid=3869&ver=3.5&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/my_homepage/0022/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974
HKLM\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=46364&st=home&tid=3869&ver=3.5&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=3.5&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=41460&st=bs&tid=3201&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=3.2&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974
SearchScopes: HKCU - URL hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=3.2&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A&q={searchTerms}
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=46364&gid=1&dbCode=1&command={searchTerms}
SearchScopes: HKCU - TopResultURLFallback hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=3.2&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=122471&babsrc=SP_ss&mntrId=F4B0904CE5293AE5
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=816cc1db-8aeb-4c3c-ac3c-4bb3af7706e3&searchtype=ds&q={searchTerms}&installDate=01/01/1970
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\user\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Web Search.xml
FF Extension: General Crawler - C:\Users\user\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
Chrome:
=======
CHR HomePage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974
CHR RestoreOnStartup: "hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974"
CHR DefaultSearchURL: (qvo6) - hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974&type=default&q={searchTerms}
CHR DefaultSuggestURL: (qvo6) - "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\user\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\user\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Injovo Extension Plugin) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\npbrowserext.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll No File
CHR Plugin: (widdit) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnnkmdadebfapiihcaiajaplpmpfgpnh\2.1_0\npwiddit.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Acrobat3\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Google Update) - C:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Kalydo Player Plugin for Mozilla) - C:\Users\user\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: () - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (DealPly Shopping) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci\3.5.3.0_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Amazon-Icon) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [apfdadfinodckpcehhdhjlgiphgnbfci] - C:\Program Files\PutLockerDownloader\putlockerdownloader10.crx
CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\user\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\user\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\user\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files\Gophoto.it\gophotoit14.crx
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-12] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-12] (Avira Operations GmbH & Co. KG)
R2 Radio.fx; C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
S2 SystemStoreService; C:\Program Files\SoftwareUpdater\SystemStore.exe [278016 2013-07-09] ()
S2 HitmanPro37CrusaderBoot; "G:\HitmanPro.exe" /crusader:boot [x]
==================== Drivers (Whitelisted) ====================
S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-05-19] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-09-12] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-06-01] (DT Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 HPMo4DE3; C:\Windows\System32\DRIVERS\HPMo4DE3.sys [20992 2011-03-09] (TPMX Electronics Ltd.)
S3 HPub4DE3; C:\Windows\System32\Drivers\HPub4DE3.sys [13824 2011-04-12] (TPMX Electronics Ltd.)
S3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2010-07-01] (Screaming Bee LLC)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-12] (Avira GmbH)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [5120 2012-12-19] ()
S3 WinRing0_1_2_0; C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 taphss; system32\DRIVERS\taphss.sys [x]
S3 taphss6; system32\DRIVERS\taphss6.sys [x]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [x]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-13 12:38 - 2013-09-13 12:38 - 00000000 ____D C:\FRST
2013-09-13 12:37 - 2013-09-13 12:32 - 00377856 _____ C:\Users\user\Desktop\bpkhnbrj.exe
2013-09-13 12:37 - 2013-09-13 12:28 - 01082459 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2013-09-13 12:36 - 2013-09-13 12:36 - 00000470 _____ C:\Users\user\Desktop\defogger_disable.log
2013-09-13 12:36 - 2013-09-13 12:36 - 00000000 _____ C:\Users\user\defogger_reenable
2013-09-13 12:36 - 2013-09-13 12:34 - 00050477 _____ C:\Users\user\Desktop\Defogger.exe
2013-09-13 10:22 - 2013-09-13 12:26 - 00000168 _____ C:\Windows\setupact.log
2013-09-13 10:22 - 2013-09-13 10:22 - 00000000 _____ C:\Windows\setuperr.log
2013-09-13 10:21 - 2013-09-13 10:21 - 00348096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 09:21 - 2013-09-12 09:21 - 00097656 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-12 01:50 - 2013-09-12 01:50 - 00000000 ____D C:\Windows\system32\Lang
2013-09-12 01:50 - 2009-09-02 11:18 - 00398848 _____ (Intel(R) Corporation) C:\Windows\system32\TVWizudlg.exe
2013-09-12 01:50 - 2009-09-02 11:18 - 00140288 _____ () C:\Windows\system32\igfxtvcx.dll
2013-09-12 01:50 - 2009-09-02 11:16 - 00121232 _____ C:\Windows\system32\IScrNB.bmp
2013-09-12 01:45 - 2012-08-23 16:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-09-12 01:45 - 2012-08-23 16:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-09-12 01:45 - 2012-08-23 16:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-09-12 01:45 - 2012-08-23 16:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-09-12 01:45 - 2012-08-23 16:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-09-12 01:45 - 2012-08-23 15:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-09-12 01:45 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-09-12 01:45 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-09-12 01:45 - 2012-08-23 15:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-09-12 01:45 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-09-12 01:45 - 2012-08-23 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-09-12 01:45 - 2012-08-23 13:32 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-09-12 01:45 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-09-12 01:45 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-09-12 01:45 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-09-12 01:45 - 2012-08-23 12:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-09-12 01:45 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Windows\system32\x64
2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Intel
2013-09-12 01:43 - 2009-09-02 18:56 - 01002008 _____ (Intel Corporation) C:\Windows\system32\igxpun.exe
2013-09-12 01:42 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 01:42 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 01:42 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 01:42 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 01:42 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 01:42 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 01:38 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 01:38 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 01:38 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 01:38 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 01:38 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 01:38 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 01:38 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 01:38 - 2012-08-24 19:05 - 00136560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-09-12 01:38 - 2012-08-24 19:02 - 00369856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-09-12 01:38 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-09-12 01:38 - 2012-08-24 18:56 - 01039360 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-09-12 01:38 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-09-12 01:37 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 01:34 - 2013-09-12 01:33 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-12 01:31 - 2013-09-12 01:31 - 00002012 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-12 01:30 - 2013-09-12 01:30 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-12 01:30 - 2013-09-12 01:30 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-12 01:30 - 2013-09-12 01:30 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-12 01:30 - 2013-09-12 01:30 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-09-12 01:11 - 2013-09-12 09:16 - 00000000 ____D C:\Windows\pss
2013-09-12 00:53 - 2013-09-12 01:06 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-09-12 00:53 - 2013-09-12 01:06 - 00000340 _____ C:\Windows\system32\.crusader
2013-09-12 00:30 - 2013-09-12 00:54 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-05 21:13 - 2013-09-11 16:25 - 00000004 _____ C:\Users\user\AppData\Roaming\cache.ini
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (9).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (8).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (7).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (6).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (5).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (4).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (3).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (2).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (1).zip
2013-09-05 21:12 - 2013-09-05 21:12 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv.zip
2013-09-04 22:33 - 2013-09-04 22:36 - 1119874775 _____ C:\Users\user\Desktop\Fusion-Network.zip
2013-09-04 22:26 - 2013-09-04 22:31 - 00000000 ____D C:\Users\user\Desktop\Fusion-Network
2013-09-04 22:25 - 2013-09-04 22:26 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner
2013-09-04 22:16 - 2013-09-04 22:16 - 05829952 _____ (TeamViewer GmbH) C:\Users\user\Downloads\TeamViewer_Setup_de_8.0.20768.exe
2013-09-02 19:57 - 2013-09-02 19:57 - 00001128 _____ C:\Users\Public\Desktop\Game Booster 3.lnk
2013-09-02 19:56 - 2013-09-02 19:57 - 04344120 _____ (IObit ) C:\Users\user\Downloads\gb3-4-setup.exe
2013-09-02 15:28 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-02 15:28 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-02 15:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-09-02 15:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-02 15:28 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-02 15:28 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-02 15:28 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-02 15:28 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-02 15:28 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-02 15:28 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-02 15:28 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-02 15:27 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\ProgramData\IObit
2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\Program Files\IObit
2013-08-17 00:42 - 2013-08-17 00:42 - 04706130 _____ C:\Users\user\Downloads\3D Cube.zip
2013-08-17 00:24 - 2013-08-17 00:26 - 33130822 _____ C:\Users\user\Downloads\Cube.rar
2013-08-15 18:10 - 2013-08-15 17:57 - 1009950912 _____ C:\Users\user\Desktop\Fusion-Network (2).rar
2013-08-15 17:36 - 2013-08-15 17:57 - 1009950912 _____ C:\Users\user\Downloads\Fusion-Network (2).rar
2013-08-15 17:36 - 2013-08-15 17:57 - 1009950912 _____ C:\Users\user\Downloads\Fusion-Network (1).rar
2013-08-15 14:20 - 2013-08-15 14:20 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira
2013-08-15 14:19 - 2013-08-15 14:19 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-15 14:19 - 2013-08-15 14:19 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-08-15 14:17 - 2013-08-15 14:17 - 00000000 ____D C:\ProgramData\Avira
2013-08-15 14:17 - 2013-08-15 14:17 - 00000000 ____D C:\Program Files\Avira
==================== One Month Modified Files and Folders =======
2013-09-13 12:38 - 2013-09-13 12:38 - 00000000 ____D C:\FRST
2013-09-13 12:36 - 2013-09-13 12:36 - 00000470 _____ C:\Users\user\Desktop\defogger_disable.log
2013-09-13 12:36 - 2013-09-13 12:36 - 00000000 _____ C:\Users\user\defogger_reenable
2013-09-13 12:35 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-13 12:34 - 2013-09-13 12:36 - 00050477 _____ C:\Users\user\Desktop\Defogger.exe
2013-09-13 12:33 - 2012-08-27 16:44 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-13 12:33 - 2009-07-14 06:34 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-13 12:33 - 2009-07-14 06:34 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-13 12:32 - 2013-09-13 12:37 - 00377856 _____ C:\Users\user\Desktop\bpkhnbrj.exe
2013-09-13 12:29 - 2013-08-13 19:58 - 00781776 _____ C:\Windows\WindowsUpdate.log
2013-09-13 12:28 - 2013-09-13 12:37 - 01082459 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2013-09-13 12:26 - 2013-09-13 10:22 - 00000168 _____ C:\Windows\setupact.log
2013-09-13 12:26 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-13 10:22 - 2013-09-13 10:22 - 00000000 _____ C:\Windows\setuperr.log
2013-09-13 10:22 - 2012-09-03 17:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-13 10:21 - 2013-09-13 10:21 - 00348096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 09:21 - 2013-09-12 09:21 - 00097656 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-12 09:20 - 2012-09-03 17:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-12 09:20 - 2012-09-03 17:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-12 09:20 - 2012-08-27 15:25 - 00000000 ____D C:\Windows\Panther
2013-09-12 09:16 - 2013-09-12 01:11 - 00000000 ____D C:\Windows\pss
2013-09-12 09:16 - 2012-12-15 01:12 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2013-09-12 01:50 - 2013-09-12 01:50 - 00000000 ____D C:\Windows\system32\Lang
2013-09-12 01:50 - 2012-09-03 20:27 - 00000000 ____D C:\Program Files\Intel
2013-09-12 01:47 - 2009-07-14 10:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-09-12 01:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Windows\system32\x64
2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Intel
2013-09-12 01:40 - 2013-08-12 03:02 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 01:39 - 2012-09-07 11:10 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 01:33 - 2013-09-12 01:34 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-12 01:31 - 2013-09-12 01:31 - 00002012 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-12 01:30 - 2013-09-12 01:30 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-12 01:30 - 2013-09-12 01:30 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-12 01:30 - 2013-09-12 01:30 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-12 01:30 - 2013-09-12 01:30 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-09-12 01:14 - 2013-02-03 20:00 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000UA.job
2013-09-12 01:06 - 2013-09-12 00:53 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-09-12 01:06 - 2013-09-12 00:53 - 00000340 _____ C:\Windows\system32\.crusader
2013-09-12 01:00 - 2013-08-13 19:41 - 00000000 ____D C:\Program Files\WinZipper
2013-09-12 00:59 - 2012-09-13 16:52 - 00000000 ____D C:\Program Files\DsNET Corp
2013-09-12 00:54 - 2013-09-12 00:30 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-12 00:53 - 2013-08-13 04:15 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner (2)
2013-09-12 00:53 - 2013-08-13 03:39 - 00000000 ____D C:\Users\user\AppData\Roaming\Desk 365
2013-09-12 00:53 - 2013-08-13 03:39 - 00000000 ____D C:\ProgramData\eSafe
2013-09-11 16:25 - 2013-09-05 21:13 - 00000004 _____ C:\Users\user\AppData\Roaming\cache.ini
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (9).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (8).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (7).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (6).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (5).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (4).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (3).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (2).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (1).zip
2013-09-05 21:12 - 2013-09-05 21:12 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv.zip
2013-09-05 08:14 - 2013-02-03 20:00 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000Core.job
2013-09-04 22:36 - 2013-09-04 22:33 - 1119874775 _____ C:\Users\user\Desktop\Fusion-Network.zip
2013-09-04 22:31 - 2013-09-04 22:26 - 00000000 ____D C:\Users\user\Desktop\Fusion-Network
2013-09-04 22:26 - 2013-09-04 22:25 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner
2013-09-04 22:16 - 2013-09-04 22:16 - 05829952 _____ (TeamViewer GmbH) C:\Users\user\Downloads\TeamViewer_Setup_de_8.0.20768.exe
2013-09-03 04:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-02 19:57 - 2013-09-02 19:57 - 00001128 _____ C:\Users\Public\Desktop\Game Booster 3.lnk
2013-09-02 19:57 - 2013-09-02 19:56 - 04344120 _____ (IObit ) C:\Users\user\Downloads\gb3-4-setup.exe
2013-09-02 16:17 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-09-02 16:16 - 2013-04-04 19:45 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-09-02 16:16 - 2013-02-03 20:01 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-02 16:16 - 2012-12-15 01:12 - 00000000 ___RD C:\Program Files\Skype
2013-09-02 16:16 - 2012-09-14 18:57 - 00000000 ____D C:\Users\user\AppData\Local\Akamai
2013-09-02 16:16 - 2012-09-12 16:27 - 00000000 ____D C:\Program Files\CCleaner
2013-09-02 16:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-02 16:16 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-09-02 16:14 - 2012-12-15 01:12 - 00000000 ____D C:\ProgramData\Skype
2013-09-02 16:14 - 2012-09-08 10:00 - 00000000 ____D C:\ProgramData\Real
2013-09-02 16:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\ProgramData\IObit
2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\Program Files\IObit
2013-08-17 00:42 - 2013-08-17 00:42 - 04706130 _____ C:\Users\user\Downloads\3D Cube.zip
2013-08-17 00:33 - 2012-10-07 12:39 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-08-17 00:33 - 2012-10-07 12:39 - 00000000 ____D C:\Windows\system32\directx
2013-08-17 00:26 - 2013-08-17 00:24 - 33130822 _____ C:\Users\user\Downloads\Cube.rar
2013-08-15 17:57 - 2013-08-15 18:10 - 1009950912 _____ C:\Users\user\Desktop\Fusion-Network (2).rar
2013-08-15 17:57 - 2013-08-15 17:36 - 1009950912 _____ C:\Users\user\Downloads\Fusion-Network (2).rar
2013-08-15 17:57 - 2013-08-15 17:36 - 1009950912 _____ C:\Users\user\Downloads\Fusion-Network (1).rar
2013-08-15 14:20 - 2013-08-15 14:20 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira
2013-08-15 14:19 - 2013-08-15 14:19 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-15 14:19 - 2013-08-15 14:19 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-08-15 14:17 - 2013-08-15 14:17 - 00000000 ____D C:\ProgramData\Avira
2013-08-15 14:17 - 2013-08-15 14:17 - 00000000 ____D C:\Program Files\Avira
Files to move or delete:
====================
C:\Users\Alles\NosTale[DE]Lvl,Job Bot.exe
C:\Users\user\jagex_cl_runescape_LIVE.dat
C:\Users\user\random.dat
C:\Users\user\AppData\Roaming\cache.ini
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-12 09:58
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-09-2013
Ran by user at 2013-09-13 12:39:54
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Adobe Acrobat Reader 3.0
Adobe Flash Player 11 ActiveX (Version: 11.8.800.168)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04)
Adobe Shockwave Player 11.6 (Version: 11.6.6.636)
Akamai NetSession Interface
Avira Free Antivirus (Version: 13.0.0.4052)
CCleaner (Version: 4.02)
Command & Conquer Windows 95
DivX-Setup (Version: 2.6.1.22)
Game Booster 3 (Version: 3.4)
Google Chrome (HKCU Version: 29.0.1547.66)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1892)
Intel(R) TV Wizard
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
League of Legends (Version: 1.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nexon Game Manager
NVIDIA PhysX (Version: 9.10.0129)
Radio.fx
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
RealUpgrade 1.1 (Version: 1.1.0)
RocketDock 1.3.5
RuneScape Launcher 1.2.2 (Version: 1.2.2)
Skype™ 6.5 (Version: 6.5.158)
swMSM (Version: 12.0.0.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Winamp (Version: 5.64 )
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
==================== Restore Points =========================
03-09-2013 01:00:12 Windows Update
03-09-2013 01:34:18 Windows-Sicherung
11-09-2013 12:17:31 Windows-Sicherung
11-09-2013 23:38:35 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {0FEBE866-0D45-4BC5-B0E4-32F381A86924} - System32\Tasks\Software Updater Ui => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-07-09] ()
Task: {10D13FE9-DB91-4185-A5C5-00C7643AD394} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-03] (Google Inc.)
Task: {20E2D111-3877-4DCC-81DE-28D7A3F482FF} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-07-06] ()
Task: {221A7075-ED51-4A0F-996D-3CB66535EC91} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-03] (Google Inc.)
Task: {42A3DCCB-3B62-49E0-B9D3-32858D0F956B} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files\Omiga Plus\omigaplus.exe
Task: {49AA6FDC-7B8B-4BC3-AC0B-DDBF86A896AB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-390601350-1865464865-2767028540-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {5CDD061D-62CA-4CA9-9E69-E1EDD5508E51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-12] (Adobe Systems Incorporated)
Task: {73A05E22-1452-4654-84DF-5A4C99433BB9} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-390601350-1865464865-2767028540-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {83CF2527-B8D3-43D4-9E45-EA3C0D8C7244} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe
Task: {8D77BCB9-3E5F-4887-9101-E2F37C80CE50} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe [2013-09-02] ()
Task: {90AE8D60-35E9-4DD5-9B75-D7A33FB07D56} - System32\Tasks\DealPlyUpdate => C:\Program
Task: {AE402E78-1860-4EF2-95E7-0BECC5221281} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {AEE18223-E9ED-4464-9249-58B59BFC85C0} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files\Real\RealPlayer\Update\realsched.exe [2012-11-17] (RealNetworks, Inc.)
Task: {BDC278DC-1449-4352-A238-57EC0D18EC58} - System32\Tasks\Freemium1ClickMaint => C:\Users\user\Downloads\1Click.exe
Task: {C634BB63-6A51-4E45-947E-120DFD16C301} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2012-11-30] ()
Task: {C751AA88-1EAD-4077-BBA4-827450C87A52} - System32\Tasks\Dealply => C:\Users\user\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE
Task: {CED1312B-0E7C-4DD8-BC87-0F858C178994} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {D6B1E253-603D-4295-967A-7696A7310447} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {F13D8727-32A2-4321-A51B-746977B3436C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation)
Task: {FFFC673F-5F30-4681-A8BA-E8138BC16F94} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\user\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-12-19 15:36 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files\RocketDock\RocketDock.dll
2013-05-17 21:51 - 2012-06-09 19:20 - 00167936 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll
2009-09-02 18:21 - 2009-09-02 18:21 - 00303616 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
==================== Alternate Data Streams (whitelisted) ==========
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/12/2013 01:01:18 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/12/2013 00:56:38 AM) (Source: MsiInstaller) (User: user-PC)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011004}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (09/12/2013 00:55:15 AM) (Source: ESENT) (User: )
Description: taskhost (2224) Versuch, Datei "C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
System errors:
=============
Error: (09/13/2013 00:26:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (09/13/2013 10:43:37 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (09/13/2013 10:43:35 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 13.09.2013 um 10:41:19 unerwartet heruntergefahren.
Error: (09/13/2013 10:22:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (09/12/2013 09:14:39 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (09/12/2013 01:51:13 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 70. Der interne Fehlerstatus lautet: 105.
Error: (09/12/2013 01:51:13 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 70. Der interne Fehlerstatus lautet: 105.
Error: (09/12/2013 01:51:13 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 70. Der interne Fehlerstatus lautet: 105.
Error: (09/12/2013 01:51:13 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 70. Der interne Fehlerstatus lautet: 105.
Error: (09/12/2013 01:49:19 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (09/12/2013 01:01:18 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"G:\HitmanPro_x64.exe
Error: (09/12/2013 00:56:38 AM) (Source: MsiInstaller)(User: user-PC)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011004}1625(NULL)(NULL)(NULL)
Error: (09/12/2013 00:55:15 AM) (Source: ESENT)(User: )
Description: taskhost2224C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
==================== Memory info ===========================
Percentage of memory in use: 25%
Total physical RAM: 3001.98 MB
Available physical RAM: 2248 MB
Total Pagefile: 6002.24 MB
Available Pagefile: 5075.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.42 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:149.04 GB) (Free:40.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:149 GB) (Free:81.65 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 08D908D8)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=0C)
==================== End Of Log ============================
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-13 12:57:04
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB
Running: bpkhnbrj.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys
---- System - GMER 2.1 ----
SSDT 8E4A8196 ZwCreateSection
SSDT 8E4A81A0 ZwRequestWaitReplyPort
SSDT 8E4A819B ZwSetContextThread
SSDT 8E4A81A5 ZwSetSecurityObject
SSDT 8E4A81AA ZwSystemDebugControl
SSDT 8E4A8137 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C4BA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C85212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C8C58C 4 Bytes [96, 81, 4A, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82C8C8E8 4 Bytes CALL CD4A696F
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82C8C92C 4 Bytes [9B, 81, 4A, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82C8C9A8 4 Bytes [A5, 81, 4A, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82C8C9FC 4 Bytes [AA, 81, 4A, 8E]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe[1692] kernel32.dll!SetUnhandledExceptionFilter 7685F4EB 5 Bytes JMP 0067B780 C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32@ %SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}
---- EOF - GMER 2.1 ----
Des Weiteren weiß ich nicht wieviele oder welche installierten Programme behaftet sind. Gruß, Geisteskr4nk bzw. Chris
__________________ NICHTS kann mich aufhalten! - mist, 'ne Kindersicherung  |
|
13.09.2013, 13:19
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ |
|
13.09.2013, 13:55
| #3 |
| | Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Hallo Cosinus,
__________________vielen Dank für die schnelle Antwort. hier das Log von Combofix: Code:
ATTFilter ComboFix 13-09-13.01 - user 13.09.2013 14:43:58.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3002.2081 [GMT 2:00]
ausgeführt von:: C:\Users\user\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
((((((((((((((((((((((( Dateien erstellt von 2013-08-13 bis 2013-09-13 ))))))))))))))))))))))))))))))
2013-09-13 12:48:31 . 2013-09-13 12:48:31 -------- d---a-w- C:\Users\Default\AppData\Local\temp
2013-09-13 10:38:38 . 2013-09-13 10:38:38 -------- d-----w- C:\FRST
2013-09-11 23:50:32 . 2009-09-02 09:18:58 398848 ----a-w- C:\Windows\system32\TVWizudlg.exe
2013-09-11 23:50:31 . 2009-09-02 09:18:32 140288 ----a-w- C:\Windows\system32\igfxtvcx.dll
2013-09-11 23:50:30 . 2013-09-11 23:50:31 -------- d-----w- C:\Windows\system32\Lang
2013-09-11 23:43:48 . 2013-09-11 23:43:48 -------- d-----w- C:\Intel
2013-09-11 23:43:38 . 2013-09-11 23:43:38 -------- d-----w- C:\Windows\system32\x64
2013-09-11 23:43:38 . 2009-09-02 16:56:48 1002008 ----a-w- C:\Windows\system32\igxpun.exe
2013-09-11 23:38:28 . 2012-05-04 09:59:54 514560 ----a-w- C:\Windows\system32\qdvd.dll
2013-09-11 23:37:47 . 2013-08-08 01:03:07 2348544 ----a-w- C:\Windows\system32\win32k.sys
2013-09-11 23:34:00 . 2013-09-11 23:33:47 66144 ----a-w- C:\Windows\system32\drivers\avnetflt.sys
2013-09-11 23:30:44 . 2013-09-11 23:30:05 88840 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2013-09-11 23:30:44 . 2013-09-11 23:30:05 37352 ----a-w- C:\Windows\system32\drivers\avkmgr.sys
2013-09-11 23:30:44 . 2013-09-11 23:30:05 136672 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2013-09-11 22:53:33 . 2013-09-11 23:06:13 12872 ----a-w- C:\Windows\system32\bootdelete.exe
2013-09-11 22:30:44 . 2013-09-11 22:54:05 -------- d-----w- C:\ProgramData\HitmanPro
2013-09-03 14:10:07 . 2013-08-06 07:28:16 7166848 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C719F4F7-7F2E-44CC-92B8-21B99FB2C33D}\mpengine.dll
2013-09-02 13:28:43 . 2013-07-09 04:50:42 652800 ----a-w- C:\Windows\system32\rpcrt4.dll
2013-09-02 13:28:36 . 2013-07-06 05:05:35 1293760 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2013-09-02 13:28:22 . 2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2013-09-02 13:28:22 . 2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-09-02 13:28:22 . 2013-07-09 04:53:46 1289096 ----a-w- C:\Windows\system32\ntdll.dll
2013-09-02 13:28:19 . 2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\system32\crypt32.dll
2013-09-02 13:28:18 . 2013-07-09 04:52:10 175104 ----a-w- C:\Windows\system32\wintrust.dll
2013-09-02 13:28:18 . 2013-07-09 04:46:31 140288 ----a-w- C:\Windows\system32\cryptsvc.dll
2013-09-02 13:28:18 . 2013-07-09 04:46:31 103936 ----a-w- C:\Windows\system32\cryptnet.dll
2013-09-02 13:28:13 . 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\system32\WMVDECOD.DLL
2013-09-02 13:28:04 . 2013-07-19 01:41:01 2048 ----a-w- C:\Windows\system32\tzres.dll
2013-09-02 13:27:59 . 2013-06-15 03:38:43 31232 ----a-w- C:\Windows\system32\drivers\tssecsrv.sys
2013-08-17 00:24:43 . 2013-08-17 00:24:43 -------- d-----w- C:\ProgramData\IObit
2013-08-17 00:24:43 . 2013-08-17 00:24:43 -------- d-----w- C:\Program Files\IObit
2013-08-15 12:20:42 . 2013-08-15 12:20:42 -------- d-----w- C:\Users\user\AppData\Roaming\Avira
2013-08-15 12:19:25 . 2013-08-15 12:19:25 -------- d-----w- C:\ProgramData\AskPartnerNetwork
2013-08-15 12:19:25 . 2013-08-15 12:19:25 -------- d-----w- C:\Program Files\AskPartnerNetwork
2013-08-15 12:17:30 . 2013-08-15 12:17:41 -------- d-----w- C:\ProgramData\Avira
2013-08-15 12:17:30 . 2013-08-15 12:17:30 -------- d-----w- C:\Program Files\Avira
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
2013-09-12 07:20:11 . 2012-09-03 15:46:01 71048 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-12 07:20:11 . 2012-09-03 15:46:01 692616 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2013-08-13 17:41:32 . 2011-02-19 21:03:12 421032 ----a-w- C:\Windows\system32\msvcp100.dll
2013-08-13 17:41:32 . 2011-02-18 22:40:50 773800 ----a-w- C:\Windows\system32\msvcr100.dll
2013-08-07 02:22:04 . 2012-09-03 15:26:18 238872 ------w- C:\Windows\system32\MpSigStub.exe
2013-07-19 15:34:39 . 2013-07-19 15:34:44 94632 ----a-w- C:\Windows\system32\WindowsAccessBridge.dll
2013-07-19 15:34:39 . 2012-09-15 12:14:20 789416 ----a-w- C:\Windows\system32\deployJava1.dll
2013-07-19 15:34:39 . 2012-09-15 12:14:19 867240 ----a-w- C:\Windows\system32\npDeployJava1.dll
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 12:58:52 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MouseDriver"="TiltWheelMouse.exe" [2012-12-19 06:42:10 241152]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 05:32:50 253816]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 10:37:26 958576]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2013-09-11 23:29:31 347192]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2009-09-02 16:18:44 135168]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-09-02 16:18:32 167424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2009-09-02 16:18:22 144384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Radio.fx.LNK]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Radio.fx.LNK
backup=C:\Windows\pss\Radio.fx.LNK.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^301b5fcf8ce2fab8868e80b6c1f912fe.exe]
path=C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\301b5fcf8ce2fab8868e80b6c1f912fe.exe
backup=C:\Windows\pss\301b5fcf8ce2fab8868e80b6c1f912fe.exe.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2013-06-04 23:01:52 4489472 ----a-w- C:\Users\user\AppData\Local\Akamai\netsession_win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2012-11-13 18:13:34 450560 ----a-w- C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfxsrvtray]
2013-02-07 16:38:54 1838872 ----a-w- C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 12:58:52 495616 ----a-w- C:\Program Files\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-03 14:27:20 19603048 ----a-r- C:\Program Files\Skype\Phone\Skype.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Akamai NetSession Interface"="C:\Users\user\AppData\Local\Akamai\netsession_win.exe"
"Clownfish"="C:\Program Files\Clownfish\Clownfish.exe"
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"SDP"=C:\Program Files\FilesFrog Update Checker\update_checker.exe /auto
"Optimizer Pro"=C:\Program Files\Optimizer Pro\OptProLauncher.exe
"KPeerNexonEU"=C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
"301b5fcf8ce2fab8868e80b6c1f912fe"="C:\Users\user\AppData\Local\Temp\System.exe" ..
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
"Aeria Ignite"="C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent
"LogMeIn Hamachi Ui"="C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"IgfxTray"=C:\Windows\system32\igfxtray.exe
"Persistence"=C:\Windows\system32\igfxpers.exe
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe
"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
R2 HitmanPro37CrusaderBoot;HitmanPro 3.7 Crusader (Boot);G:\HitmanPro.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [2013-06-03 14:21:54 162408]
R2 SystemStoreService;System Store;C:\Program Files\SoftwareUpdater\SystemStore.exe -displayname System Store -servicename SystemStoreService [x]
R3 apf003;apf003;C:\Windows\system32\apf003.sys [2013-05-19 18:10:19 13232]
R3 EagleXNt;EagleXNt;C:\Windows\system32\drivers\EagleXNt.sys [x]
R3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);C:\Windows\system32\DRIVERS\HPMo4DE3.sys [2011-03-09 08:44:52 20992]
R3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);C:\Windows\system32\Drivers\HPub4DE3.sys [2011-04-12 09:46:00 13824]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14:44:32 14848]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\Windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 14:21:14 34896]
R3 t_mouse.sys;HID-compliand device;C:\Windows\system32\DRIVERS\t_mouse.sys [2012-12-19 06:42:08 5120]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\system32\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 14:40:25 49664]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-10-07 12:26:04 1343400]
R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [2010-11-01 04:08:46 14416]
R3 XDva399;XDva399;C:\Windows\system32\XDva399.sys [x]
R3 XDva401;XDva401;C:\Windows\system32\XDva401.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-09-11 23:29:37 815160]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [2013-09-11 23:30:05 37352]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-06-01 12:16:57 242240]
S2 AntiVirSchedulerService;Avira Planer;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2013-09-11 23:29:55 84024]
S2 Radio.fx;Radio.fx Server;C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe [2013-06-03 11:06:20 3999512]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 22:02:47 50688]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - KXLDAPOB
*Deregistered* - kxldapob
Inhalt des "geplante Tasks" Ordners
2013-09-13 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 15:46:01 . 2013-09-12 07:20:12]
2013-09-05 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000Core.job
- C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-03 18:00:41 . 2013-02-03 18:00:40]
2013-09-13 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000UA.job
- C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-03 18:00:41 . 2013-02-03 18:00:40]
------- Zusätzlicher Suchlauf -------
uStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974
mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=816cc1db-8aeb-4c3c-ac3c-4bb3af7706e3&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
LSP: C:\Program Files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.2.1
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HitmanPro37CrusaderBoot]
"ImagePath"="\"G:\HitmanPro.exe\" /crusader:boot"
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-390601350-1865464865-2767028540-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:38,03,94,f3,41,af,1c,2a,b6,62,4a,90,dc,ee,f7,3e,0c,f8,e3,37,51,1a,c0,
11,86,46,0a,eb,97,2e,8c,ed,20,70,2e,f3,41,e3,87,ae,8f,5f,0c,ba,9f,b5,df,4e,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
Chris
__________________ |
|
13.09.2013, 14:09
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.09.2013, 15:11
| #5 |
| | Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Hallo, beim 1. Durchlauf funkte mir Avira dazwischen, hier das 2. Log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org
Database version: v2013.09.13.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
user :: USER-PC [administrator]
13.09.2013 15:49:10
mbar-log-2013-09-13 (15-49-10).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 238123
Time elapsed: 12 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 3
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974) Good: (hxxp://www.google.com) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL (Hijack.SearchPage) -> Bad: (hxxp://search.certified-toolbar.com?si=46364&st=chrome&tid=3869&ver=3.5&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A&q=) Good: (hxxp://www.google.com/) -> Replace on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974) Good: (hxxp://www.google.com) -> Replace on reboot.
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Users\user\Desktop\Fusion-Network\metin2client.bin (RiskWare.Tool.CK) -> Delete on reboot.
C:\Users\user\Desktop\Neuer Ordner\Fusion-Network\metin2client.bin (RiskWare.Tool.CK) -> Delete on reboot.
C:\Users\user\AppData\Roaming\user-wchelper.dll (Trojan.Agent.Gen) -> Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org
Database version: v2013.09.13.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
user :: USER-PC [administrator]
13.09.2013 15:29:41
mbar-log-2013-09-13 (15-29-41).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 238026
Time elapsed: 18 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 3
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974) Good: (hxxp://www.google.com) -> No action taken.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL (Hijack.SearchPage) -> Bad: (hxxp://search.certified-toolbar.com?si=46364&st=chrome&tid=3869&ver=3.5&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A&q=) Good: (hxxp://www.google.com/) -> No action taken.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WXP0A99J9039J9039&ts=1376357974) Good: (hxxp://www.google.com) -> No action taken.
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Users\user\Desktop\Fusion-Network\metin2client.bin (RiskWare.Tool.CK) -> No action taken.
C:\Users\user\Desktop\Neuer Ordner\Fusion-Network\metin2client.bin (RiskWare.Tool.CK) -> No action taken.
C:\Users\user\AppData\Roaming\user-wchelper.dll (Trojan.Agent.Gen) -> No action taken.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Chris
__________________ NICHTS kann mich aufhalten! - mist, 'ne Kindersicherung |
|
13.09.2013, 15:34
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Nach dem Entfernen MUSS MBAR nochmal ausgeführt werden!
__________________ --> Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm |
|
13.09.2013, 15:37
| #7 |
| | Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Getan, Meldung: kein Fund. Log nötig? Edit: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org
Database version: v2013.09.13.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
user :: USER-PC [administrator]
13.09.2013 16:17:00
mbar-log-2013-09-13 (16-17-00).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 238203
Time elapsed: 13 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
__________________ NICHTS kann mich aufhalten! - mist, 'ne Kindersicherung Geändert von Geisteskr4nk (13.09.2013 um 16:28 Uhr) |
|
14.09.2013, 12:48
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.09.2013, 14:05
| #9 |
| | Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Hallo, AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.003 - Bericht erstellt am 14/09/2013 um 14:41:55
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : user - USER-PC
# Gestartet von : C:\Users\user\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : SystemStoreService
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files\SoftwareUpdater
Ordner Gelöscht : C:\Program Files\WinZipper
Ordner Gelöscht : C:\Program Files\Common Files\337
Ordner Gelöscht : C:\users\user\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\users\user\AppData\Local\DownTango
Ordner Gelöscht : C:\users\user\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\users\user\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\users\user\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\users\user\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\users\user\AppData\LocalLow\delta
Ordner Gelöscht : C:\users\user\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\users\user\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\users\user\AppData\Roaming\Babylon
Ordner Gelöscht : C:\users\user\AppData\Roaming\DealPly
Ordner Gelöscht : C:\users\user\AppData\Roaming\Desk 365
Ordner Gelöscht : C:\users\user\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\users\user\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\users\user\AppData\Roaming\Media Finder
Ordner Gelöscht : C:\users\user\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gelöscht : C:\users\user\AppData\Roaming\OCS
Ordner Gelöscht : C:\users\user\AppData\Roaming\Omiga Plus
Ordner Gelöscht : C:\users\user\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\users\user\AppData\Roaming\simplitec
Ordner Gelöscht : C:\users\user\AppData\Roaming\Windows Net Data
Ordner Gelöscht : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\Web Search.xml
Datei Gelöscht : C:\Windows\System32\Tasks\Dealply
Datei Gelöscht : C:\Windows\System32\Tasks\DealPlyUpdate
Datei Gelöscht : C:\Windows\System32\Tasks\Omiga Plus RunAsStdUser
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater Ui
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk
Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\apfdadfinodckpcehhdhjlgiphgnbfci
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C751AA88-1EAD-4077-BBA4-827450C87A52}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C751AA88-1EAD-4077-BBA4-827450C87A52}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90AE8D60-35E9-4DD5-9B75-D7A33FB07D56}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90AE8D60-35E9-4DD5-9B75-D7A33FB07D56}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Omiga Plus RunAsStdUser
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42A3DCCB-3B62-49E0-B9D3-32858D0F956B}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42A3DCCB-3B62-49E0-B9D3-32858D0F956B}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater Ui
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FEBE866-0D45-4BC5-B0E4-32F381A86924}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0FEBE866-0D45-4BC5-B0E4-32F381A86924}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20E2D111-3877-4DCC-81DE-28D7A3F482FF}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20E2D111-3877-4DCC-81DE-28D7A3F482FF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PutLockerDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKCU\Software\d28cd9e239b910
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{162E06EC-4E38-4809-AE76-BF2400D34334}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\FoxyDeal
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\V9
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\DomaIQ
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\omigaplusSvc
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKLM\Software\Uniblue\DriverScanner
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16686
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]
-\\ Mozilla Firefox v
-\\ Google Chrome v
[ Datei : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [22945 octets] - [14/09/2013 14:41:11]
AdwCleaner[S0].txt - [20246 octets] - [14/09/2013 14:41:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20307 octets] ##########
JRT: JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.0 (09.12.2013:1)
OS: Windows 7 Professional x86
Ran by user on 14.09.2013 at 14:45:40,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricstar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-390601350-1865464865-2767028540-1000\Software\IB Updater
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-390601350-1865464865-2767028540-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-390601350-1865464865-2767028540-1000\Software\Wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\omigaplussvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HappyLyrics_2802-7edf9df5_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HappyLyrics_2802-7edf9df5_RASMANCS
~~~ Files
Successfully deleted: [File] "C:\Windows\System32\Tasks\desk 365 runasstduser"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
~~~ Chrome
Successfully deleted: [Folder] C:\Users\user\appdata\local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Successfully deleted: [Folder] C:\Users\user\appdata\local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.09.2013 at 14:48:00,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-09-2013
Ran by user (administrator) on USER-PC on 14-09-2013 14:56:36
Running from C:\Users\user\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\RocketDock\RocketDock.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MouseDriver] - C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [RocketDock] - C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
HKCU\...\Policies\Explorer: [NoDrives] 0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE69ECB89E889CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - URL hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=3.2&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A&q={searchTerms}
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=46364&gid=1&dbCode=1&command={searchTerms}
SearchScopes: HKCU - TopResultURLFallback hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=3.2&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A&q={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
Chrome:
=======
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: () - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Amazon-Icon) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\user\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-12] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-12] (Avira Operations GmbH & Co. KG)
R2 Radio.fx; C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
S2 HitmanPro37CrusaderBoot; "G:\HitmanPro.exe" /crusader:boot [x]
==================== Drivers (Whitelisted) ====================
S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-05-19] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-09-12] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-06-01] (DT Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 HPMo4DE3; C:\Windows\System32\DRIVERS\HPMo4DE3.sys [20992 2011-03-09] (TPMX Electronics Ltd.)
S3 HPub4DE3; C:\Windows\System32\Drivers\HPub4DE3.sys [13824 2011-04-12] (TPMX Electronics Ltd.)
S3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2010-07-01] (Screaming Bee LLC)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-12] (Avira GmbH)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [5120 2012-12-19] ()
S3 WinRing0_1_2_0; C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org)
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 taphss; system32\DRIVERS\taphss.sys [x]
S3 taphss6; system32\DRIVERS\taphss6.sys [x]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [x]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-14 14:51 - 2013-09-14 14:51 - 00000624 _____ C:\Users\user\Desktop\JRT.txt
2013-09-14 14:45 - 2013-09-14 14:45 - 00000000 ____D C:\Windows\ERUNT
2013-09-14 14:41 - 2013-09-14 14:42 - 00000000 ____D C:\AdwCleaner
2013-09-14 14:40 - 2013-09-14 14:37 - 01037278 _____ C:\Users\user\Desktop\adwcleaner.exe
2013-09-14 14:40 - 2013-09-14 14:37 - 01029509 _____ (Thisisu) C:\Users\user\Desktop\JRT.exe
2013-09-13 15:22 - 2013-09-13 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-13 15:19 - 2013-09-13 16:30 - 00000000 ____D C:\Users\user\Desktop\mbar
2013-09-13 15:19 - 2013-09-13 15:18 - 12907592 _____ (Malwarebytes Corp.) C:\Users\user\Desktop\mbar-1.07.0.1005.exe
2013-09-13 14:58 - 2013-09-14 14:42 - 00003060 _____ C:\Windows\PFRO.log
2013-09-13 14:43 - 2013-09-13 14:49 - 00000000 ____D C:\ComboFix
2013-09-13 14:29 - 2013-09-13 14:43 - 00000000 ____D C:\Qoobox
2013-09-13 14:29 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-13 14:29 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-13 14:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-13 14:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-13 14:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-13 14:29 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-13 14:29 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-13 14:29 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-13 14:28 - 2013-09-13 14:38 - 00000000 ____D C:\Windows\erdnt
2013-09-13 14:27 - 2013-09-13 14:26 - 05125578 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2013-09-13 12:38 - 2013-09-13 12:38 - 00000000 ____D C:\FRST
2013-09-13 12:37 - 2013-09-13 12:32 - 00377856 _____ C:\Users\user\Desktop\bpkhnbrj.exe
2013-09-13 12:37 - 2013-09-13 12:28 - 01082459 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2013-09-13 12:36 - 2013-09-13 12:36 - 00000000 _____ C:\Users\user\defogger_reenable
2013-09-13 12:36 - 2013-09-13 12:34 - 00050477 _____ C:\Users\user\Desktop\Defogger.exe
2013-09-13 10:22 - 2013-09-14 14:43 - 00000560 _____ C:\Windows\setupact.log
2013-09-13 10:22 - 2013-09-13 10:22 - 00000000 _____ C:\Windows\setuperr.log
2013-09-13 10:21 - 2013-09-13 10:21 - 00348096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 09:21 - 2013-09-12 09:21 - 00097656 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-12 01:50 - 2013-09-12 01:50 - 00000000 ____D C:\Windows\system32\Lang
2013-09-12 01:50 - 2009-09-02 11:18 - 00398848 _____ (Intel(R) Corporation) C:\Windows\system32\TVWizudlg.exe
2013-09-12 01:50 - 2009-09-02 11:18 - 00140288 _____ () C:\Windows\system32\igfxtvcx.dll
2013-09-12 01:50 - 2009-09-02 11:16 - 00121232 _____ C:\Windows\system32\IScrNB.bmp
2013-09-12 01:45 - 2012-08-23 16:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-09-12 01:45 - 2012-08-23 16:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-09-12 01:45 - 2012-08-23 16:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-09-12 01:45 - 2012-08-23 16:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-09-12 01:45 - 2012-08-23 16:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-09-12 01:45 - 2012-08-23 15:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-09-12 01:45 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-09-12 01:45 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-09-12 01:45 - 2012-08-23 15:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-09-12 01:45 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-09-12 01:45 - 2012-08-23 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-09-12 01:45 - 2012-08-23 13:32 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-09-12 01:45 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-09-12 01:45 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-09-12 01:45 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-09-12 01:45 - 2012-08-23 12:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-09-12 01:45 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Windows\system32\x64
2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Intel
2013-09-12 01:43 - 2009-09-02 18:56 - 01002008 _____ (Intel Corporation) C:\Windows\system32\igxpun.exe
2013-09-12 01:42 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 01:42 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 01:42 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 01:42 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 01:42 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 01:42 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 01:38 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 01:38 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 01:38 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 01:38 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 01:38 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 01:38 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 01:38 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 01:38 - 2012-08-24 19:05 - 00136560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-09-12 01:38 - 2012-08-24 19:02 - 00369856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-09-12 01:38 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-09-12 01:38 - 2012-08-24 18:56 - 01039360 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-09-12 01:38 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-09-12 01:37 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 01:34 - 2013-09-12 01:33 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-12 01:31 - 2013-09-12 01:31 - 00002012 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-12 01:30 - 2013-09-12 01:30 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-12 01:30 - 2013-09-12 01:30 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-12 01:30 - 2013-09-12 01:30 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-12 01:30 - 2013-09-12 01:30 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-09-12 01:11 - 2013-09-12 09:16 - 00000000 ____D C:\Windows\pss
2013-09-12 00:53 - 2013-09-12 01:06 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-09-12 00:53 - 2013-09-12 01:06 - 00000340 _____ C:\Windows\system32\.crusader
2013-09-12 00:30 - 2013-09-12 00:54 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-05 21:13 - 2013-09-11 16:25 - 00000004 _____ C:\Users\user\AppData\Roaming\cache.ini
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (9).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (8).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (7).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (6).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (5).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (4).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (3).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (2).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (1).zip
2013-09-05 21:12 - 2013-09-05 21:12 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv.zip
2013-09-04 22:33 - 2013-09-04 22:36 - 1119874775 _____ C:\Users\user\Desktop\Fusion-Network.zip
2013-09-04 22:26 - 2013-09-13 16:02 - 00000000 ____D C:\Users\user\Desktop\Fusion-Network
2013-09-04 22:25 - 2013-09-04 22:26 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner
2013-09-04 22:16 - 2013-09-04 22:16 - 05829952 _____ (TeamViewer GmbH) C:\Users\user\Downloads\TeamViewer_Setup_de_8.0.20768.exe
2013-09-02 19:57 - 2013-09-02 19:57 - 00001128 _____ C:\Users\Public\Desktop\Game Booster 3.lnk
2013-09-02 19:56 - 2013-09-02 19:57 - 04344120 _____ (IObit ) C:\Users\user\Downloads\gb3-4-setup.exe
2013-09-02 15:28 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-02 15:28 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-02 15:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-09-02 15:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-02 15:28 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-02 15:28 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-02 15:28 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-02 15:28 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-02 15:28 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-02 15:28 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-02 15:28 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-02 15:27 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\ProgramData\IObit
2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\Program Files\IObit
2013-08-17 00:42 - 2013-08-17 00:42 - 04706130 _____ C:\Users\user\Downloads\3D Cube.zip
2013-08-17 00:24 - 2013-08-17 00:26 - 33130822 _____ C:\Users\user\Downloads\Cube.rar
2013-08-15 18:10 - 2013-08-15 17:57 - 1009950912 _____ C:\Users\user\Desktop\Fusion-Network (2).rar
2013-08-15 17:36 - 2013-08-15 17:57 - 1009950912 _____ C:\Users\user\Downloads\Fusion-Network (2).rar
2013-08-15 17:36 - 2013-08-15 17:57 - 1009950912 _____ C:\Users\user\Downloads\Fusion-Network (1).rar
2013-08-15 14:20 - 2013-08-15 14:20 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira
2013-08-15 14:19 - 2013-08-15 14:19 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-15 14:19 - 2013-08-15 14:19 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-08-15 14:17 - 2013-08-15 14:17 - 00000000 ____D C:\ProgramData\Avira
2013-08-15 14:17 - 2013-08-15 14:17 - 00000000 ____D C:\Program Files\Avira
==================== One Month Modified Files and Folders =======
2013-09-14 14:51 - 2013-09-14 14:51 - 00000624 _____ C:\Users\user\Desktop\JRT.txt
2013-09-14 14:50 - 2009-07-14 06:34 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-14 14:50 - 2009-07-14 06:34 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-14 14:45 - 2013-09-14 14:45 - 00000000 ____D C:\Windows\ERUNT
2013-09-14 14:43 - 2013-09-13 10:22 - 00000560 _____ C:\Windows\setupact.log
2013-09-14 14:43 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-14 14:42 - 2013-09-14 14:41 - 00000000 ____D C:\AdwCleaner
2013-09-14 14:42 - 2013-09-13 14:58 - 00003060 _____ C:\Windows\PFRO.log
2013-09-14 14:42 - 2013-08-13 19:58 - 00839171 _____ C:\Windows\WindowsUpdate.log
2013-09-14 14:41 - 2013-02-03 20:01 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-14 14:41 - 2012-08-27 14:54 - 00001146 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-14 14:37 - 2013-09-14 14:40 - 01037278 _____ C:\Users\user\Desktop\adwcleaner.exe
2013-09-14 14:37 - 2013-09-14 14:40 - 01029509 _____ (Thisisu) C:\Users\user\Desktop\JRT.exe
2013-09-14 11:14 - 2013-02-03 20:00 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000UA.job
2013-09-14 10:55 - 2012-08-27 16:44 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-13 17:20 - 2012-09-03 17:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-13 16:30 - 2013-09-13 15:19 - 00000000 ____D C:\Users\user\Desktop\mbar
2013-09-13 16:20 - 2012-09-03 17:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-13 16:20 - 2012-09-03 17:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-13 16:02 - 2013-09-04 22:26 - 00000000 ____D C:\Users\user\Desktop\Fusion-Network
2013-09-13 16:02 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\addins
2013-09-13 15:22 - 2013-09-13 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-13 15:18 - 2013-09-13 15:19 - 12907592 _____ (Malwarebytes Corp.) C:\Users\user\Desktop\mbar-1.07.0.1005.exe
2013-09-13 14:49 - 2013-09-13 14:43 - 00000000 ____D C:\ComboFix
2013-09-13 14:48 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-13 14:43 - 2013-09-13 14:29 - 00000000 ____D C:\Qoobox
2013-09-13 14:38 - 2013-09-13 14:28 - 00000000 ____D C:\Windows\erdnt
2013-09-13 14:38 - 2013-02-03 17:15 - 00000000 ___HD C:\Users\Neuer Ordner (2)
2013-09-13 14:38 - 2012-12-19 16:16 - 00000000 ___HD C:\Users\PICS
2013-09-13 14:38 - 2012-12-19 16:16 - 00000000 ___HD C:\Users\Alles
2013-09-13 14:38 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public
2013-09-13 14:38 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-13 14:26 - 2013-09-13 14:27 - 05125578 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2013-09-13 14:04 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-13 12:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-13 12:38 - 2013-09-13 12:38 - 00000000 ____D C:\FRST
2013-09-13 12:36 - 2013-09-13 12:36 - 00000000 _____ C:\Users\user\defogger_reenable
2013-09-13 12:34 - 2013-09-13 12:36 - 00050477 _____ C:\Users\user\Desktop\Defogger.exe
2013-09-13 12:32 - 2013-09-13 12:37 - 00377856 _____ C:\Users\user\Desktop\bpkhnbrj.exe
2013-09-13 12:28 - 2013-09-13 12:37 - 01082459 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2013-09-13 10:22 - 2013-09-13 10:22 - 00000000 _____ C:\Windows\setuperr.log
2013-09-13 10:21 - 2013-09-13 10:21 - 00348096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 09:21 - 2013-09-12 09:21 - 00097656 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-12 09:20 - 2012-08-27 15:25 - 00000000 ____D C:\Windows\Panther
2013-09-12 09:16 - 2013-09-12 01:11 - 00000000 ____D C:\Windows\pss
2013-09-12 09:16 - 2012-12-15 01:12 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2013-09-12 01:50 - 2013-09-12 01:50 - 00000000 ____D C:\Windows\system32\Lang
2013-09-12 01:50 - 2012-09-03 20:27 - 00000000 ____D C:\Program Files\Intel
2013-09-12 01:47 - 2009-07-14 10:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-09-12 01:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Windows\system32\x64
2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Intel
2013-09-12 01:40 - 2013-08-12 03:02 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 01:39 - 2012-09-07 11:10 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 01:33 - 2013-09-12 01:34 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-12 01:31 - 2013-09-12 01:31 - 00002012 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-12 01:30 - 2013-09-12 01:30 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-12 01:30 - 2013-09-12 01:30 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-12 01:30 - 2013-09-12 01:30 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-12 01:30 - 2013-09-12 01:30 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-09-12 01:06 - 2013-09-12 00:53 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-09-12 01:06 - 2013-09-12 00:53 - 00000340 _____ C:\Windows\system32\.crusader
2013-09-12 00:59 - 2012-09-13 16:52 - 00000000 ____D C:\Program Files\DsNET Corp
2013-09-12 00:54 - 2013-09-12 00:30 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-12 00:53 - 2013-08-13 04:15 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner (2)
2013-09-11 16:25 - 2013-09-05 21:13 - 00000004 _____ C:\Users\user\AppData\Roaming\cache.ini
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (9).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (8).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (7).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (6).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (5).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (4).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (3).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (2).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (1).zip
2013-09-05 21:12 - 2013-09-05 21:12 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv.zip
2013-09-05 08:14 - 2013-02-03 20:00 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000Core.job
2013-09-04 22:36 - 2013-09-04 22:33 - 1119874775 _____ C:\Users\user\Desktop\Fusion-Network.zip
2013-09-04 22:26 - 2013-09-04 22:25 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner
2013-09-04 22:16 - 2013-09-04 22:16 - 05829952 _____ (TeamViewer GmbH) C:\Users\user\Downloads\TeamViewer_Setup_de_8.0.20768.exe
2013-09-02 19:57 - 2013-09-02 19:57 - 00001128 _____ C:\Users\Public\Desktop\Game Booster 3.lnk
2013-09-02 19:57 - 2013-09-02 19:56 - 04344120 _____ (IObit ) C:\Users\user\Downloads\gb3-4-setup.exe
2013-09-02 16:17 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-09-02 16:16 - 2013-04-04 19:45 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-09-02 16:16 - 2012-12-15 01:12 - 00000000 ___RD C:\Program Files\Skype
2013-09-02 16:16 - 2012-09-14 18:57 - 00000000 ____D C:\Users\user\AppData\Local\Akamai
2013-09-02 16:16 - 2012-09-12 16:27 - 00000000 ____D C:\Program Files\CCleaner
2013-09-02 16:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-02 16:16 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-09-02 16:14 - 2012-12-15 01:12 - 00000000 ____D C:\ProgramData\Skype
2013-09-02 16:14 - 2012-09-08 10:00 - 00000000 ____D C:\ProgramData\Real
2013-09-02 16:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\ProgramData\IObit
2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\Program Files\IObit
2013-08-17 00:42 - 2013-08-17 00:42 - 04706130 _____ C:\Users\user\Downloads\3D Cube.zip
2013-08-17 00:33 - 2012-10-07 12:39 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-08-17 00:33 - 2012-10-07 12:39 - 00000000 ____D C:\Windows\system32\directx
2013-08-17 00:26 - 2013-08-17 00:24 - 33130822 _____ C:\Users\user\Downloads\Cube.rar
2013-08-15 17:57 - 2013-08-15 18:10 - 1009950912 _____ C:\Users\user\Desktop\Fusion-Network (2).rar
2013-08-15 17:57 - 2013-08-15 17:36 - 1009950912 _____ C:\Users\user\Downloads\Fusion-Network (2).rar
2013-08-15 17:57 - 2013-08-15 17:36 - 1009950912 _____ C:\Users\user\Downloads\Fusion-Network (1).rar
2013-08-15 14:20 - 2013-08-15 14:20 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira
2013-08-15 14:19 - 2013-08-15 14:19 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-15 14:19 - 2013-08-15 14:19 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-08-15 14:17 - 2013-08-15 14:17 - 00000000 ____D C:\ProgramData\Avira
2013-08-15 14:17 - 2013-08-15 14:17 - 00000000 ____D C:\Program Files\Avira
Files to move or delete:
====================
C:\Users\user\jagex_cl_runescape_LIVE.dat
C:\Users\user\random.dat
C:\Users\user\AppData\Roaming\cache.ini
C:\Users\user\AppData\Local\temp\catchme.dll
C:\Users\user\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-12 09:58
==================== End Of Log ============================
--- --- --- Addition: FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-09-2013 Ran by user at 2013-09-14 14:57:02 Running from C:\Users\user\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Acrobat Reader 3.0 Adobe Flash Player 11 ActiveX (Version: 11.8.800.174) Adobe Flash Player 11 Plugin (Version: 11.8.800.168) Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04) Adobe Shockwave Player 11.6 (Version: 11.6.6.636) Akamai NetSession Interface Avira Free Antivirus (Version: 13.0.0.4052) CCleaner (Version: 4.02) Command & Conquer Windows 95 DivX-Setup (Version: 2.6.1.22) Game Booster 3 (Version: 3.4) Google Chrome (HKCU Version: 29.0.1547.66) Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1892) Intel(R) TV Wizard Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) League of Legends (Version: 1.3) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) Nexon Game Manager NVIDIA PhysX (Version: 9.10.0129) Radio.fx RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0) RealPlayer (Version: 15.0.6) RealUpgrade 1.1 (Version: 1.1.0) RocketDock 1.3.5 RuneScape Launcher 1.2.2 (Version: 1.2.2) Skype™ 6.5 (Version: 6.5.158) swMSM (Version: 12.0.0.1) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) Winamp (Version: 5.64 ) WinRAR 4.20 (32-Bit) (Version: 4.20.0) ==================== Restore Points ========================= 03-09-2013 01:00:12 Windows Update 03-09-2013 01:34:18 Windows-Sicherung 11-09-2013 12:17:31 Windows-Sicherung 11-09-2013 23:38:35 Windows Update 13-09-2013 12:29:21 ComboFix created restore point 13-09-2013 13:26:24 Malwarebytes Anti-Rootkit Restore Point 13-09-2013 14:01:47 Malwarebytes Anti-Rootkit Restore Point ==================== Hosts content: ========================== 2009-07-14 04:04 - 2013-09-13 14:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {10D13FE9-DB91-4185-A5C5-00C7643AD394} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-03] (Google Inc.) Task: {221A7075-ED51-4A0F-996D-3CB66535EC91} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-03] (Google Inc.) Task: {546F8AFD-6566-4EB5-9F16-96647615A4D8} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-390601350-1865464865-2767028540-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {5CDD061D-62CA-4CA9-9E69-E1EDD5508E51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13] (Adobe Systems Incorporated) Task: {6D08A9C8-740B-400B-A170-5DCB95D22FB3} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-390601350-1865464865-2767028540-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {83CF2527-B8D3-43D4-9E45-EA3C0D8C7244} - \Desk 365 RunAsStdUser No Task File Task: {8D77BCB9-3E5F-4887-9101-E2F37C80CE50} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe [2013-09-02] () Task: {AE402E78-1860-4EF2-95E7-0BECC5221281} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation) Task: {AEE18223-E9ED-4464-9249-58B59BFC85C0} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files\Real\RealPlayer\Update\realsched.exe [2012-11-17] (RealNetworks, Inc.) Task: {BDC278DC-1449-4352-A238-57EC0D18EC58} - System32\Tasks\Freemium1ClickMaint => C:\Users\user\Downloads\1Click.exe Task: {C634BB63-6A51-4E45-947E-120DFD16C301} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2012-11-30] () Task: {CED1312B-0E7C-4DD8-BC87-0F858C178994} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd) Task: {D6B1E253-603D-4295-967A-7696A7310447} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: {F13D8727-32A2-4321-A51B-746977B3436C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation) Task: {FFFC673F-5F30-4681-A8BA-E8138BC16F94} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-19 15:36 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files\RocketDock\RocketDock.dll 2009-09-02 18:21 - 2009-09-02 18:21 - 00303616 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc 2013-05-17 21:51 - 2012-06-09 19:20 - 00167936 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 24% Total physical RAM: 3001.98 MB Available physical RAM: 2267.24 MB Total Pagefile: 6002.24 MB Available Pagefile: 5076.27 MB Total Virtual: 2047.88 MB Available Virtual: 1927.39 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.04 GB) (Free:37.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:149 GB) (Free:81.65 GB) FAT32 Drive g: (Transcend) (Removable) (Total:7.55 GB) (Free:7.46 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 08D908D8) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=149 GB) - (Type=0C) ======================================================== Disk: 1 (Size: 8 GB) (Disk ID: 070887FE) Partition 1: (Active) - (Size=8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Gruß und schönes Wochenende, Chris
__________________ NICHTS kann mich aufhalten! - mist, 'ne Kindersicherung |
|
15.09.2013, 19:51
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\user\jagex_cl_runescape_LIVE.dat
C:\Users\user\random.dat
C:\Users\user\AppData\Roaming\cache.ini
C:\Users\user\AppData\Local\temp\catchme.dll
C:\Users\user\AppData\Local\temp\Quarantine.exe
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.09.2013, 21:32
| #11 |
| | Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Abend, hier das Log: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-09-2013
Ran by user at 2013-09-15 22:29:42 Run:1
Running from C:\Users\user\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\user\jagex_cl_runescape_LIVE.dat
C:\Users\user\random.dat
C:\Users\user\AppData\Roaming\cache.ini
C:\Users\user\AppData\Local\temp\catchme.dll
C:\Users\user\AppData\Local\temp\Quarantine.exe
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
*****************
C:\Users\user\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\user\random.dat => Moved successfully.
C:\Users\user\AppData\Roaming\cache.ini => Moved successfully.
C:\Users\user\AppData\Local\temp\catchme.dll => Moved successfully.
C:\Users\user\AppData\Local\temp\Quarantine.exe => Moved successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
==== End of Fixlog ====
__________________ NICHTS kann mich aufhalten! - mist, 'ne Kindersicherung |
|
15.09.2013, 21:45
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Bitte ein frisches Log mit FRST machen. FRST vorher neu runterladen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.09.2013, 00:16
| #13 |
| | Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Morgen, neues FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-09-2013 05
Ran by user (administrator) on USER-PC on 16-09-2013 01:08:01
Running from C:\Users\user\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\RocketDock\RocketDock.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MouseDriver] - C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [RocketDock] - C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKCU\...\Policies\Explorer: [NoDrives] 0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE69ECB89E889CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - URL hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=3.2&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A&q={searchTerms}
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=46364&gid=1&dbCode=1&command={searchTerms}
SearchScopes: HKCU - TopResultURLFallback hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=3.2&ts=1370021485157&tguid=46364-3869-1370021485157-D6E976DE7CEED04F2271008123F09D3A&q={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
Chrome:
=======
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: () - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Amazon-Icon) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\user\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-12] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-12] (Avira Operations GmbH & Co. KG)
R2 Radio.fx; C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
S2 HitmanPro37CrusaderBoot; "G:\HitmanPro.exe" /crusader:boot [x]
==================== Drivers (Whitelisted) ====================
S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-05-19] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-09-12] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-06-01] (DT Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 HPMo4DE3; C:\Windows\System32\DRIVERS\HPMo4DE3.sys [20992 2011-03-09] (TPMX Electronics Ltd.)
S3 HPub4DE3; C:\Windows\System32\Drivers\HPub4DE3.sys [13824 2011-04-12] (TPMX Electronics Ltd.)
S3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2010-07-01] (Screaming Bee LLC)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-12] (Avira GmbH)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [5120 2012-12-19] ()
S3 WinRing0_1_2_0; C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org)
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 taphss; system32\DRIVERS\taphss.sys [x]
S3 taphss6; system32\DRIVERS\taphss6.sys [x]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [x]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-16 01:03 - 2013-09-16 01:03 - 01084055 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2013-09-14 14:51 - 2013-09-14 14:51 - 00000624 _____ C:\Users\user\Desktop\JRT.txt
2013-09-14 14:45 - 2013-09-14 14:45 - 00000000 ____D C:\Windows\ERUNT
2013-09-14 14:41 - 2013-09-14 14:42 - 00000000 ____D C:\AdwCleaner
2013-09-14 14:40 - 2013-09-14 14:37 - 01037278 _____ C:\Users\user\Desktop\adwcleaner.exe
2013-09-14 14:40 - 2013-09-14 14:37 - 01029509 _____ (Thisisu) C:\Users\user\Desktop\JRT.exe
2013-09-13 15:22 - 2013-09-13 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-13 15:19 - 2013-09-13 16:30 - 00000000 ____D C:\Users\user\Desktop\mbar
2013-09-13 15:19 - 2013-09-13 15:18 - 12907592 _____ (Malwarebytes Corp.) C:\Users\user\Desktop\mbar-1.07.0.1005.exe
2013-09-13 14:58 - 2013-09-14 14:42 - 00003060 _____ C:\Windows\PFRO.log
2013-09-13 14:43 - 2013-09-13 14:49 - 00000000 ____D C:\ComboFix
2013-09-13 14:29 - 2013-09-13 14:43 - 00000000 ____D C:\Qoobox
2013-09-13 14:29 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-13 14:29 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-13 14:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-13 14:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-13 14:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-13 14:29 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-13 14:29 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-13 14:29 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-13 14:28 - 2013-09-13 14:38 - 00000000 ____D C:\Windows\erdnt
2013-09-13 14:27 - 2013-09-13 14:26 - 05125578 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2013-09-13 12:38 - 2013-09-13 12:38 - 00000000 ____D C:\FRST
2013-09-13 12:37 - 2013-09-13 12:32 - 00377856 _____ C:\Users\user\Desktop\bpkhnbrj.exe
2013-09-13 12:36 - 2013-09-13 12:36 - 00000000 _____ C:\Users\user\defogger_reenable
2013-09-13 12:36 - 2013-09-13 12:34 - 00050477 _____ C:\Users\user\Desktop\Defogger.exe
2013-09-13 10:22 - 2013-09-16 01:06 - 00000672 _____ C:\Windows\setupact.log
2013-09-13 10:22 - 2013-09-13 10:22 - 00000000 _____ C:\Windows\setuperr.log
2013-09-13 10:21 - 2013-09-13 10:21 - 00348096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 09:21 - 2013-09-12 09:21 - 00097656 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-12 01:50 - 2013-09-12 01:50 - 00000000 ____D C:\Windows\system32\Lang
2013-09-12 01:50 - 2009-09-02 11:18 - 00398848 _____ (Intel(R) Corporation) C:\Windows\system32\TVWizudlg.exe
2013-09-12 01:50 - 2009-09-02 11:18 - 00140288 _____ () C:\Windows\system32\igfxtvcx.dll
2013-09-12 01:50 - 2009-09-02 11:16 - 00121232 _____ C:\Windows\system32\IScrNB.bmp
2013-09-12 01:45 - 2012-08-23 16:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-09-12 01:45 - 2012-08-23 16:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-09-12 01:45 - 2012-08-23 16:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-09-12 01:45 - 2012-08-23 16:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-09-12 01:45 - 2012-08-23 16:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-09-12 01:45 - 2012-08-23 15:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-09-12 01:45 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-09-12 01:45 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-09-12 01:45 - 2012-08-23 15:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-09-12 01:45 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-09-12 01:45 - 2012-08-23 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-09-12 01:45 - 2012-08-23 13:32 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-09-12 01:45 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-09-12 01:45 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-09-12 01:45 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-09-12 01:45 - 2012-08-23 12:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-09-12 01:45 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Windows\system32\x64
2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Intel
2013-09-12 01:43 - 2009-09-02 18:56 - 01002008 _____ (Intel Corporation) C:\Windows\system32\igxpun.exe
2013-09-12 01:42 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 01:42 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 01:42 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 01:42 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 01:42 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 01:42 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 01:42 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 01:38 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 01:38 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 01:38 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 01:38 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 01:38 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 01:38 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 01:38 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 01:38 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 01:38 - 2012-08-24 19:05 - 00136560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-09-12 01:38 - 2012-08-24 19:02 - 00369856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-09-12 01:38 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-09-12 01:38 - 2012-08-24 18:56 - 01039360 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-09-12 01:38 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-09-12 01:37 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 01:34 - 2013-09-12 01:33 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-12 01:31 - 2013-09-12 01:31 - 00002012 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-12 01:30 - 2013-09-12 01:30 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-12 01:30 - 2013-09-12 01:30 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-12 01:30 - 2013-09-12 01:30 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-12 01:30 - 2013-09-12 01:30 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-09-12 01:11 - 2013-09-12 09:16 - 00000000 ____D C:\Windows\pss
2013-09-12 00:53 - 2013-09-12 01:06 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-09-12 00:53 - 2013-09-12 01:06 - 00000340 _____ C:\Windows\system32\.crusader
2013-09-12 00:30 - 2013-09-12 00:54 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (9).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (8).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (7).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (6).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (5).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (4).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (3).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (2).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (1).zip
2013-09-05 21:12 - 2013-09-05 21:12 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv.zip
2013-09-04 22:33 - 2013-09-04 22:36 - 1119874775 _____ C:\Users\user\Desktop\Fusion-Network.zip
2013-09-04 22:26 - 2013-09-13 16:02 - 00000000 ____D C:\Users\user\Desktop\Fusion-Network
2013-09-04 22:25 - 2013-09-04 22:26 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner
2013-09-04 22:16 - 2013-09-04 22:16 - 05829952 _____ (TeamViewer GmbH) C:\Users\user\Downloads\TeamViewer_Setup_de_8.0.20768.exe
2013-09-02 19:57 - 2013-09-02 19:57 - 00001128 _____ C:\Users\Public\Desktop\Game Booster 3.lnk
2013-09-02 19:56 - 2013-09-02 19:57 - 04344120 _____ (IObit ) C:\Users\user\Downloads\gb3-4-setup.exe
2013-09-02 15:28 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-02 15:28 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-02 15:28 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-09-02 15:28 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-02 15:28 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-02 15:28 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-02 15:28 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-02 15:28 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-02 15:28 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-02 15:28 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-02 15:28 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-02 15:27 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\ProgramData\IObit
2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\Program Files\IObit
2013-08-17 00:42 - 2013-08-17 00:42 - 04706130 _____ C:\Users\user\Downloads\3D Cube.zip
2013-08-17 00:24 - 2013-08-17 00:26 - 33130822 _____ C:\Users\user\Downloads\Cube.rar
==================== One Month Modified Files and Folders =======
2013-09-16 01:06 - 2013-09-13 10:22 - 00000672 _____ C:\Windows\setupact.log
2013-09-16 01:06 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-16 01:03 - 2013-09-16 01:03 - 01084055 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2013-09-15 22:36 - 2013-08-13 19:58 - 00845040 _____ C:\Windows\WindowsUpdate.log
2013-09-15 22:28 - 2009-07-14 06:34 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-15 22:28 - 2009-07-14 06:34 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-14 15:20 - 2012-09-03 17:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-14 15:14 - 2013-02-03 20:00 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000UA.job
2013-09-14 14:51 - 2013-09-14 14:51 - 00000624 _____ C:\Users\user\Desktop\JRT.txt
2013-09-14 14:45 - 2013-09-14 14:45 - 00000000 ____D C:\Windows\ERUNT
2013-09-14 14:42 - 2013-09-14 14:41 - 00000000 ____D C:\AdwCleaner
2013-09-14 14:42 - 2013-09-13 14:58 - 00003060 _____ C:\Windows\PFRO.log
2013-09-14 14:41 - 2013-02-03 20:01 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-14 14:41 - 2012-08-27 14:54 - 00001146 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-14 14:37 - 2013-09-14 14:40 - 01037278 _____ C:\Users\user\Desktop\adwcleaner.exe
2013-09-14 14:37 - 2013-09-14 14:40 - 01029509 _____ (Thisisu) C:\Users\user\Desktop\JRT.exe
2013-09-14 10:55 - 2012-08-27 16:44 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-13 16:30 - 2013-09-13 15:19 - 00000000 ____D C:\Users\user\Desktop\mbar
2013-09-13 16:20 - 2012-09-03 17:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-13 16:20 - 2012-09-03 17:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-13 16:02 - 2013-09-04 22:26 - 00000000 ____D C:\Users\user\Desktop\Fusion-Network
2013-09-13 16:02 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\addins
2013-09-13 15:22 - 2013-09-13 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-13 15:18 - 2013-09-13 15:19 - 12907592 _____ (Malwarebytes Corp.) C:\Users\user\Desktop\mbar-1.07.0.1005.exe
2013-09-13 14:49 - 2013-09-13 14:43 - 00000000 ____D C:\ComboFix
2013-09-13 14:48 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-13 14:43 - 2013-09-13 14:29 - 00000000 ____D C:\Qoobox
2013-09-13 14:38 - 2013-09-13 14:28 - 00000000 ____D C:\Windows\erdnt
2013-09-13 14:38 - 2013-02-03 17:15 - 00000000 ___HD C:\Users\Neuer Ordner (2)
2013-09-13 14:38 - 2012-12-19 16:16 - 00000000 ___HD C:\Users\PICS
2013-09-13 14:38 - 2012-12-19 16:16 - 00000000 ___HD C:\Users\Alles
2013-09-13 14:38 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public
2013-09-13 14:38 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-13 14:26 - 2013-09-13 14:27 - 05125578 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2013-09-13 14:04 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-13 12:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-13 12:38 - 2013-09-13 12:38 - 00000000 ____D C:\FRST
2013-09-13 12:36 - 2013-09-13 12:36 - 00000000 _____ C:\Users\user\defogger_reenable
2013-09-13 12:34 - 2013-09-13 12:36 - 00050477 _____ C:\Users\user\Desktop\Defogger.exe
2013-09-13 12:32 - 2013-09-13 12:37 - 00377856 _____ C:\Users\user\Desktop\bpkhnbrj.exe
2013-09-13 10:22 - 2013-09-13 10:22 - 00000000 _____ C:\Windows\setuperr.log
2013-09-13 10:21 - 2013-09-13 10:21 - 00348096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 09:21 - 2013-09-12 09:21 - 00097656 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-12 09:20 - 2012-08-27 15:25 - 00000000 ____D C:\Windows\Panther
2013-09-12 09:16 - 2013-09-12 01:11 - 00000000 ____D C:\Windows\pss
2013-09-12 09:16 - 2012-12-15 01:12 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2013-09-12 01:50 - 2013-09-12 01:50 - 00000000 ____D C:\Windows\system32\Lang
2013-09-12 01:50 - 2012-09-03 20:27 - 00000000 ____D C:\Program Files\Intel
2013-09-12 01:47 - 2009-07-14 10:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-09-12 01:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Windows\system32\x64
2013-09-12 01:43 - 2013-09-12 01:43 - 00000000 ____D C:\Intel
2013-09-12 01:40 - 2013-08-12 03:02 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 01:39 - 2012-09-07 11:10 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 01:33 - 2013-09-12 01:34 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-12 01:31 - 2013-09-12 01:31 - 00002012 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-12 01:30 - 2013-09-12 01:30 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-12 01:30 - 2013-09-12 01:30 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-12 01:30 - 2013-09-12 01:30 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-12 01:30 - 2013-09-12 01:30 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-09-12 01:06 - 2013-09-12 00:53 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-09-12 01:06 - 2013-09-12 00:53 - 00000340 _____ C:\Windows\system32\.crusader
2013-09-12 00:59 - 2012-09-13 16:52 - 00000000 ____D C:\Program Files\DsNET Corp
2013-09-12 00:54 - 2013-09-12 00:30 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-12 00:53 - 2013-08-13 04:15 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner (2)
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (9).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (8).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (7).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (6).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (5).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (4).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (3).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (2).zip
2013-09-05 21:13 - 2013-09-05 21:13 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv (1).zip
2013-09-05 21:12 - 2013-09-05 21:12 - 00049281 _____ C:\Users\user\Downloads\movie1080p.mkv.zip
2013-09-05 08:14 - 2013-02-03 20:00 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390601350-1865464865-2767028540-1000Core.job
2013-09-04 22:36 - 2013-09-04 22:33 - 1119874775 _____ C:\Users\user\Desktop\Fusion-Network.zip
2013-09-04 22:26 - 2013-09-04 22:25 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner
2013-09-04 22:16 - 2013-09-04 22:16 - 05829952 _____ (TeamViewer GmbH) C:\Users\user\Downloads\TeamViewer_Setup_de_8.0.20768.exe
2013-09-02 19:57 - 2013-09-02 19:57 - 00001128 _____ C:\Users\Public\Desktop\Game Booster 3.lnk
2013-09-02 19:57 - 2013-09-02 19:56 - 04344120 _____ (IObit ) C:\Users\user\Downloads\gb3-4-setup.exe
2013-09-02 16:17 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-09-02 16:16 - 2013-04-04 19:45 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-09-02 16:16 - 2012-12-15 01:12 - 00000000 ___RD C:\Program Files\Skype
2013-09-02 16:16 - 2012-09-14 18:57 - 00000000 ____D C:\Users\user\AppData\Local\Akamai
2013-09-02 16:16 - 2012-09-12 16:27 - 00000000 ____D C:\Program Files\CCleaner
2013-09-02 16:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-02 16:16 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-09-02 16:14 - 2012-12-15 01:12 - 00000000 ____D C:\ProgramData\Skype
2013-09-02 16:14 - 2012-09-08 10:00 - 00000000 ____D C:\ProgramData\Real
2013-09-02 16:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\ProgramData\IObit
2013-08-17 02:24 - 2013-08-17 02:24 - 00000000 ____D C:\Program Files\IObit
2013-08-17 00:42 - 2013-08-17 00:42 - 04706130 _____ C:\Users\user\Downloads\3D Cube.zip
2013-08-17 00:33 - 2012-10-07 12:39 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-08-17 00:33 - 2012-10-07 12:39 - 00000000 ____D C:\Windows\system32\directx
2013-08-17 00:26 - 2013-08-17 00:24 - 33130822 _____ C:\Users\user\Downloads\Cube.rar
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-12 09:58
==================== End Of Log ============================
__________________ NICHTS kann mich aufhalten! - mist, 'ne Kindersicherung |
|
16.09.2013, 08:41
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.09.2013, 13:23
| #15 |
| | Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm Hallo, hier die Logs: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.16.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16686 user :: USER-PC [Administrator] Schutz: Aktiviert 16.09.2013 10:39:43 mbam-log-2013-09-16 (10-39-43).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 234895 Laufzeit: 5 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 13 C:\Users\user\Downloads\padmak switch bot v5__2971_i50081972_il1913747.exe (PUP.Optional.Amonetize) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\padmak switch bot v5__2971_i50085171_il1913747.exe (PUP.Optional.Amonetize) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\padmak switch bot v5__2971_i50085397_il1913747.exe (PUP.Optional.Amonetize) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\movie1080p.mkv (1).zip (Malware.Packer.CDRC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\movie1080p.mkv (2).zip (Malware.Packer.CDRC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\movie1080p.mkv (3).zip (Malware.Packer.CDRC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\movie1080p.mkv (4).zip (Malware.Packer.CDRC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\movie1080p.mkv (5).zip (Malware.Packer.CDRC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\movie1080p.mkv (6).zip (Malware.Packer.CDRC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\movie1080p.mkv (7).zip (Malware.Packer.CDRC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\movie1080p.mkv (8).zip (Malware.Packer.CDRC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\movie1080p.mkv (9).zip (Malware.Packer.CDRC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\user\Downloads\movie1080p.mkv.zip (Malware.Packer.CDRC) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8f56befb07aafa4bab06a353bbee47ec
# engine=15147
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-16 12:15:56
# local_time=2013-09-16 02:15:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 95 186608 391673 179383 0
# compatibility_mode=5893 16776574 100 94 925391 130964947 0 0
# scanned=118470
# found=5
# cleaned=0
# scan_time=10902
sh=2138ABFB667440B4C27CE645C8E82621D168E8A1 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.B application" ac=I fn="D:\USER-PC\Backup Set 2013-06-02 190002\Backup Files 2013-06-02 190002\Backup files 3.zip"
sh=627FA7FAFABFA78A966C3DB45776F32D928B476F ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\USER-PC\Backup Set 2013-09-03 033414\Backup Files 2013-09-03 033414\Backup files 1.zip"
sh=ACD8BE2751E8FAB8243B61D0092EEFD59BE2981F ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\USER-PC\Backup Set 2013-09-03 033414\Backup Files 2013-09-03 033414\Backup files 5.zip"
sh=2AA083E6C973C60FF2E2A635322476EFE50BEAF8 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\USER-PC\Backup Set 2013-09-03 033414\Backup Files 2013-09-11 141727\Backup files 1.zip"
sh=B77E6AC92071D85D22D7CC364AD00CC877254B92 ft=0 fh=0000000000000000 vn="Win32/Kryptik.BJSY trojan" ac=I fn="D:\USER-PC\Backup Set 2013-09-03 033414\Backup Files 2013-09-11 141727\Backup files 24.zip"
Chris
__________________ NICHTS kann mich aufhalten! - mist, 'ne Kindersicherung |
|
| Themen zu Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm |
| adblock, amazon-icon, antivir, antivirus, avira, bildschirm, booten, computer, downloader, farbar, farbar recovery scan tool, fehlercode 1, flash player, freemium, google, hijack.searchpage, hijack.startpage, iexplore.exe, installation, msiinstaller, nicht installiert, omiga plus, plug-in, problem, programm, prozess, registry, riskware.tool.ck, software, software updater ui, svchost.exe, system, trojan.agent.gen, wajam, warnung |
WARNUNG an die MITLESER: 
Linear-Darstellung
