| |
| |||||||
Log-Analyse und Auswertung: Windows 7 64bit - Win32.downloader.gen (C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll) durch Spybot gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.09.2013, 10:48
| #1 |
| |  Windows 7 64bit - Win32.downloader.gen (C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll) durch Spybot gefunden Hallo an die Helfer des Trojaner-Boards, nachdem heute Vormittag mein Browser (Firefox) immer wieder abstürzte, habe ich einen Scan mit dem Spybot durchgeführt. Der Fund ist: Win32.downloader.gen (C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll). Auf der Suche nach Hilfe bin ich auf euer Forum gestoßen und hoffe nun sehr auf Hilfe von euch. Ich habe mich an eure Anleitung gehalten und hoffe das ich alle relevanten Logs zusammen habe, falls etwas fehlen sollte, reiche ich es so schnell wie möglich nach. Leider sind die Logfiles zum Teil zu groß um sie anzuhängen und auch zu groß um sie alle in CODE-Tags zu posten. Deshalb habe ich die großen Logfiles (Gmer.txt & Spybot.Result) in einer ZIP-Datei angehängt. Vielen Dank schon einmal im voraus und freundliche Grüße. Mari Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2013
Ran by Flores at 2013-09-24 10:50:45
Running from C:\Users\Flores\Desktop\tools
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Out of date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Aware (Disabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: avast! Antivirus (Enabled - Out of date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Disabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (x32)
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.20 (x32)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Ad-Aware Antivirus (x32 Version: 10.5.3.4405)
Ad-Aware Browsing Protection (x32 Version: 1.0.1.110)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader XI (11.0.02) - Deutsch (x32 Version: 11.0.02)
AI Suite (x32 Version: 1.06.20)
AllDup 3.4.12 (x32 Version: 3.4.12)
AMD OverDrive (x32 Version: 3.2.2.0452)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
ASUSUpdate (x32 Version: 7.18.03)
Audials (x32 Version: 8.0.54300.0)
Audials TV (x32 Version: 1.3.10803.300)
AudibleManager (x32 Version: 2001481840.48.56.6425834)
avast! Free Antivirus (x32 Version: 7.0.1426.0)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Browser Configuration Utility (x32 Version: 1.0.10.0)
BufferChm (x32 Version: 130.0.331.000)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32)
Canon MP Navigator EX 4.0 (x32)
Canon Solution Menu EX (x32)
CanoScan LiDE 110 Scanner Driver
CDDRV_Installer (Version: 4.60)
C-Media PCI Audio Device
Conduit Engine (x32 Version: )
D1300 (x32 Version: 130.0.365.000)
D1300_Help (x32 Version: 82.0.233.000)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.41.3.0173)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DeviceDiscovery (x32 Version: 130.0.465.000)
Diablo III (x32 Version: 1.0.7.14633)
ElsterFormular (x32 Version: 14.1.11318)
ElsterFormular-Upgrade (x32 Version: 14.3.11574)
EPU (x32 Version: 1.02.20)
erLT (x32 Version: 1.20.0137)
Express Gate (x32 Version: 1.5.17.9)
Flatrate Player (x32)
Free Video Flip and Rotate version 2.0.8.706 (x32 Version: 2.0.8.706)
GIMP 2.6.8
GoldWave v5.58 (x32)
Google Chrome (HKCU Version: 29.0.1547.76)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Deskjet & Photosmart Printer Driver Software 13.0 Rel. A (Version: 13.0)
HP Deskjet 3000 J310 series - Grundlegende Software für das Gerät (Version: 22.0.334.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photo Creations (x32 Version: 1.0.0.3341)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Update (x32 Version: 5.002.005.003)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPPhotoGadget (x32 Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000)
HPPhotosmartEssential (x32 Version: 2.04.0000)
HPSSupply (x32 Version: 130.0.371.000)
ImageMagick 6.8.5-3 Q16 (32-bit) (2013-05-01) (x32 Version: 6.8.5)
ImgBurn (x32 Version: 2.5.6.0)
Java 7 Update 11 (x32 Version: 7.0.110)
Java Auto Updater (x32 Version: 2.1.9.0)
JMicron JMB36X Driver (x32 Version: 1.00.0000)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
KhalInstallWrapper (Version: 2.00.0000)
Lexware buchhalter 2011 (x32 Version: 16.22.00.0155)
Lexware Elster (x32 Version: 9.10.00.0041)
Logitech SetPoint (x32 Version: 4.80)
MarketResearch (x32 Version: 130.0.374.000)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Small Business 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (x32 Version: 14.0.5120.5000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.126.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Mobile Partner (x32 Version: 16.002.03.02.705)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Napster Download Manager (HKCU Version: 1.0.0.105)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.11.1111)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenAL (x32)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Origin (x32 Version: 9.1.10.2728)
PC Probe II (x32 Version: 1.04.86)
PDFCreator (x32 Version: 1.2.0)
Photo Stamp Remover 5.1 (x32 Version: 5.1)
QuickTime (x32 Version: 7.74.80.86)
RCT3 Soaked (x32 Version: 1.00.000)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.21.531.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6037)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0)
RewardsArcade (HKCU)
RollerCoaster Tycoon 3 (x32 Version: 1.00.000)
SF_CDA_ProductContext (x32 Version: 130.0.365.000)
SF_CDA_Software (x32 Version: 130.0.396.000)
Shop for HP Supplies (Version: 13.0)
SimCity™ (x32 Version: 1.0.0.0)
Skype™ 6.6 (x32 Version: 6.6.106)
SmartWebPrinting (x32 Version: 130.0.457.000)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Status (x32 Version: 130.0.469.000)
Steam (x32 Version: 1.0.0.0)
Studie zur Verbesserung von HP Deskjet 3000 J310 series Produkten (Version: 22.0.334.0)
System Requirements Lab (x32)
TeamSpeak 3 Client (x32 Version: 3.0.8)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2)
Toolbox (x32 Version: 130.0.648.000)
TrayApp (x32 Version: 130.0.422.000)
Trillian (x32)
TurboV EVO (x32 Version: 1.02.32)
UnloadSupport (x32 Version: 11.0.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Vuze (x32 Version: 4.7)
Vuze Remote Toolbar (x32 Version: 6.3.3.3)
WebReg (x32 Version: 130.0.132.017)
Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.01 (32-Bit) (x32 Version: 4.01.0)
World of Warcraft (x32 Version: 5.3.0.17128)
==================== Restore Points =========================
22-09-2013 17:00:52 Windows-Sicherung
==================== Hosts content: ==========================
2009-07-14 04:34 - 2011-09-03 00:42 - 00437269 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {1B712A91-B742-4886-A45A-CE91A8640BB6} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe [2010-07-07] (ASUSTeK Computer Inc.)
Task: {20C39E93-7527-4706-9763-567C1C1DC56B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2760105893-1207353389-577432222-1000UA => C:\Users\Flores\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-28] (Google Inc.)
Task: {3179F163-FE8C-49B2-B857-8216FF2DD4C0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3217E8AC-BEF3-4365-9A23-4D2A22AE2031} - System32\Tasks\HPCustParticipation HP Deskjet 3000 J310 series => C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPCustPartic.exe
Task: {3A981153-E95F-4DED-BE15-DF77B903BD3E} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-18] (Adobe Systems Incorporated)
Task: {55B2203A-F840-46B1-BEC3-190E459EF9DE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5D076674-443F-437E-A3AE-1D7E1D122CB5} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.05\AsLoader.exe [2010-01-13] (ASUSTeK Computer Inc.)
Task: {740C714D-E2D2-4D17-97D8-6B025FE1E6F1} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {9275AFD1-FE64-4A91-A848-01F520537E44} - System32\Tasks\{CA5D7B44-FDA6-4C21-955E-B2FB1E3B8EFD} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.114.259/en/abandoninstall?page=tsPlugin&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;userlevelpresent
Task: {96363FD6-BE88-4A6A-A1C8-8D754A5AD4C9} - System32\Tasks\{30D933E0-2F8C-4FA5-B965-113B2F0D709E} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {9D6674EC-2C20-4245-9408-554E763BD0BC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-21] (Adobe Systems Incorporated)
Task: {A18576BC-DE5B-4B67-92A0-2E0A782C14AD} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {A658B115-7F1D-4262-8D90-E6DCFD7E7221} - System32\Tasks\Google Updater and Installer => C:\Users\Flores\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-28] (Google Inc.)
Task: {B388D6FC-6BAB-469C-91B3-A7A1BC12B3CB} - System32\Tasks\{5F4609D4-FE2F-4FEB-94FB-AB13871FBB24} => F:\Autorun.exe
Task: {C1C47A0A-D86E-4B44-B7D4-3CAC6117083D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2760105893-1207353389-577432222-1000Core => C:\Users\Flores\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-28] (Google Inc.)
Task: {C4874D9D-0CDE-4EF9-8ED6-167ACF72E524} - System32\Tasks\{A21C703B-B1FE-4BE9-AFA5-24644F86F2AA} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?source=lightinstaller&page=tsProgressBar
Task: {ED8A0E5F-530D-4929-A255-6FDED7FDD80D} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2760105893-1207353389-577432222-1000Core.job => C:\Users\Flores\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2760105893-1207353389-577432222-1000UA.job => C:\Users\Flores\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-01-18 20:36 - 2009-07-20 13:37 - 00056848 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\lgscroll.dll
2012-01-18 20:36 - 2009-07-20 13:33 - 00055824 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\GameHook.dll
2011-02-27 17:49 - 2013-02-26 00:32 - 15053264 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2010-10-16 14:13 - 2013-01-18 17:00 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2011-07-15 21:05 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-01-18 20:36 - 2009-07-20 13:35 - 00096272 _____ (Logitech, Inc.) C:\Windows\system32\KemXML.dll
2012-01-18 20:36 - 2009-07-20 13:34 - 00235536 _____ (Logitech, Inc.) C:\Windows\system32\kemutb.dll
2012-01-18 20:36 - 2009-07-20 13:34 - 00235536 _____ (Logitech, Inc.) C:\Windows\system32\KemUtil.dll
2012-01-18 20:36 - 2009-07-20 13:34 - 00159248 _____ (Logitech, Inc.) C:\Windows\system32\KemWnd.dll
2012-01-18 20:36 - 2009-07-20 13:39 - 00039952 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\SetPointCOM.dll
2012-01-18 20:36 - 2009-07-20 13:35 - 00018960 _____ () G:\mausscheisse\SetPoint\khalwrapper.dll
2012-01-18 20:36 - 2009-07-20 13:40 - 01596944 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\Macros\MacroCore.dll
2012-01-18 20:36 - 2009-07-20 13:33 - 00019472 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\IMHook.dll
2012-01-18 20:36 - 2009-07-20 13:39 - 00363536 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\WebBrowserSupport.dll
2012-01-18 20:36 - 2009-07-20 13:40 - 00207888 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\Macros\MacroAppSwitch.dll
2012-01-18 20:36 - 2009-07-20 13:35 - 00104464 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\kgame.dll
2012-01-18 20:36 - 2009-07-20 13:36 - 00189968 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\LCabHandler.dll
2012-06-11 13:48 - 2011-11-17 07:41 - 01292592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-03-17 10:27 - 2013-01-04 06:51 - 01114112 _____ (Microsoft Corporation) C:\Windows\syswow64\kernel32.dll
2013-03-17 10:27 - 2013-01-04 06:51 - 00274944 _____ (Microsoft Corporation) C:\Windows\syswow64\KERNELBASE.dll
2009-07-14 01:24 - 2009-07-14 03:11 - 00833024 _____ (Microsoft Corporation) C:\Windows\syswow64\USER32.dll
2009-07-14 01:25 - 2009-07-14 03:11 - 00310784 _____ (Microsoft Corporation) C:\Windows\syswow64\GDI32.dll
2009-07-14 01:25 - 2009-07-14 03:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\syswow64\LPK.dll
2013-01-17 01:18 - 2012-11-22 11:33 - 00627712 _____ (Microsoft Corporation) C:\Windows\syswow64\USP10.dll
2012-06-11 13:46 - 2011-12-16 09:59 - 00690688 _____ (Microsoft Corporation) C:\Windows\syswow64\msvcrt.dll
2009-07-14 02:20 - 2009-07-14 03:14 - 00640000 _____ (Microsoft Corporation) C:\Windows\syswow64\ADVAPI32.dll
2009-07-14 01:11 - 2009-07-14 03:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2009-07-14 01:12 - 2009-07-14 03:11 - 00662528 _____ (Microsoft Corporation) C:\Windows\syswow64\RPCRT4.dll
2012-10-20 15:27 - 2012-06-02 06:42 - 00096768 _____ (Microsoft Corporation) C:\Windows\syswow64\SspiCli.dll
2009-07-14 01:12 - 2009-07-14 03:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\syswow64\CRYPTBASE.dll
2012-10-20 15:33 - 2012-06-09 06:46 - 12868608 _____ (Microsoft Corporation) C:\Windows\syswow64\SHELL32.dll
2009-07-14 01:39 - 2009-07-14 03:16 - 00350208 _____ (Microsoft Corporation) C:\Windows\syswow64\SHLWAPI.dll
2011-02-28 09:46 - 2010-06-29 07:02 - 01413632 _____ (Microsoft Corporation) C:\Windows\syswow64\OLE32.DLL
2011-12-23 00:22 - 2011-08-27 06:43 - 00571904 _____ (Microsoft Corporation) C:\Windows\syswow64\OLEAUT32.DLL
2009-07-14 01:28 - 2009-07-14 03:15 - 00828928 _____ (Microsoft Corporation) C:\Windows\syswow64\MSCTF.dll
2009-07-14 01:16 - 2009-07-14 03:16 - 01668608 _____ (Microsoft Corporation) C:\Windows\syswow64\SETUPAPI.dll
2011-07-14 13:51 - 2011-05-24 12:34 - 00145920 _____ (Microsoft Corporation) C:\Windows\syswow64\CFGMGR32.dll
2011-07-14 13:51 - 2011-05-24 12:34 - 00064512 _____ (Microsoft Corporation) C:\Windows\syswow64\DEVOBJ.dll
2011-02-27 18:06 - 2010-02-08 18:19 - 00053248 _____ () C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll
2011-02-27 18:06 - 2010-06-01 11:38 - 00253952 _____ () C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll
2011-02-28 09:46 - 2010-06-29 07:02 - 01413632 _____ (Microsoft Corporation) C:\Windows\syswow64\ole32.dll
2012-06-11 14:34 - 2012-03-01 07:45 - 00158720 _____ (Microsoft Corporation) C:\Windows\syswow64\imagehlp.dll
2011-12-23 00:22 - 2011-08-27 06:43 - 00571904 _____ (Microsoft Corporation) C:\Windows\syswow64\OLEAUT32.dll
2009-07-14 01:34 - 2009-07-14 03:16 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\USERENV.dll
2009-07-14 01:12 - 2009-07-14 03:16 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profapi.dll
2009-07-14 02:18 - 2009-07-14 03:14 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WINSPOOL.DRV
2009-07-14 01:55 - 2009-07-14 03:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPR.dll
2013-03-17 10:27 - 2013-01-04 06:43 - 00044032 _____ (Microsoft Corporation) C:\Windows\AppPatch\AcWow64.DLL
2009-07-14 01:41 - 2009-07-14 03:16 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VERSION.dll
2011-12-30 17:26 - 2009-05-11 03:57 - 08126464 ____R (C-Media Corporation) C:\Windows\Syswow64\CMICNFG3.dll
2009-07-14 02:03 - 2009-07-14 03:16 - 00194048 _____ (Microsoft Corporation) C:\Windows\Syswow64\WINMM.dll
2009-07-14 01:39 - 2009-07-14 03:15 - 00486912 _____ (Microsoft Corporation) C:\Windows\syswow64\comdlg32.dll
2009-07-14 01:24 - 2009-07-14 03:15 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2012-10-20 15:27 - 2012-08-24 19:10 - 00172544 _____ (Microsoft Corporation) C:\Windows\syswow64\WINTRUST.dll
2012-10-20 15:28 - 2012-06-02 06:45 - 01157632 _____ (Microsoft Corporation) C:\Windows\syswow64\CRYPT32.dll
2011-02-28 09:43 - 2009-08-29 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\syswow64\MSASN1.dll
2009-07-14 02:03 - 2009-07-14 03:15 - 00453632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsound.dll
2009-07-14 01:16 - 2009-07-14 03:16 - 00145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\POWRPROF.dll
2009-07-14 01:44 - 2009-07-14 03:15 - 00522240 _____ (Microsoft Corporation) C:\Windows\syswow64\CLBCatQ.DLL
2009-07-14 02:03 - 2009-07-14 03:14 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOSES.DLL
2012-01-18 20:36 - 2009-07-20 05:00 - 00038912 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\x86\lgscroll.dll
2009-07-14 01:34 - 2009-07-14 03:16 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntmarta.dll
2009-07-14 01:38 - 2009-07-14 03:16 - 00268800 _____ (Microsoft Corporation) C:\Windows\syswow64\WLDAP32.dll
2012-01-18 20:36 - 2009-07-20 05:00 - 00057344 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\x86\GameHook.dll
2011-12-23 00:22 - 2011-08-27 06:43 - 00571904 _____ (Microsoft Corporation) C:\Windows\syswow64\oleaut32.dll
2012-10-20 15:27 - 2012-08-24 19:10 - 00172544 _____ (Microsoft Corporation) C:\Windows\syswow64\wintrust.dll
2013-04-12 22:33 - 2013-02-22 05:38 - 01104384 _____ (Microsoft Corporation) C:\Windows\syswow64\URLMON.DLL
2013-04-12 22:33 - 2013-02-22 05:32 - 01796096 _____ (Microsoft Corporation) C:\Windows\syswow64\iertutil.dll
2013-04-12 22:33 - 2013-02-22 05:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\syswow64\WININET.dll
2009-07-14 01:15 - 2009-07-14 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\syswow64\Normaliz.dll
2012-10-20 15:33 - 2012-06-09 06:46 - 12868608 _____ (Microsoft Corporation) C:\Windows\syswow64\shell32.dll
2009-07-14 01:12 - 2009-07-14 03:16 - 00206336 _____ (Microsoft Corporation) C:\Windows\syswow64\WS2_32.dll
2009-07-14 01:12 - 2009-07-14 03:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\syswow64\NSI.dll
2009-07-14 01:15 - 2009-07-14 03:16 - 00006144 _____ (Microsoft Corporation) C:\Windows\syswow64\PSAPI.DLL
2009-07-14 02:03 - 2009-07-14 03:15 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2013-06-21 09:53 - 2013-06-21 09:53 - 00088680 ____R (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.dll
2013-01-17 01:18 - 2012-12-07 06:57 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2011-12-23 00:21 - 2011-06-16 06:35 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XmlLite.dll
2009-07-14 01:27 - 2009-07-14 03:16 - 00377856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2013-04-12 22:33 - 2013-02-22 06:05 - 12324352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-12 22:33 - 2013-02-22 05:47 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-10-20 15:27 - 2012-06-02 06:48 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2009-07-14 01:33 - 2009-07-14 03:17 - 00249680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2013-04-12 22:33 - 2013-02-22 05:46 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-15 23:09 - 2013-07-15 23:09 - 00318864 _____ (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll
2009-07-14 02:20 - 2009-07-14 03:14 - 00309248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2009-07-14 01:40 - 2009-07-14 03:16 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2009-07-14 01:22 - 2009-07-14 03:15 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FunDisc.dll
2009-07-14 02:14 - 2009-07-14 03:14 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ATL.DLL
2009-07-14 01:22 - 2009-07-14 03:15 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdproxy.dll
2010-04-27 03:33 - 2010-04-27 03:33 - 00096904 _____ (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll
2011-02-27 18:07 - 2009-04-22 21:20 - 00179712 _____ () C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL
2012-10-20 15:27 - 2012-08-24 19:10 - 00172544 _____ (Microsoft Corporation) C:\Windows\syswow64\WINTRUST.DLL
2012-10-20 15:33 - 2012-06-09 06:46 - 12868608 _____ (Microsoft Corporation) C:\Windows\syswow64\SHELL32.DLL
2011-02-27 18:07 - 2010-01-08 18:17 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU\pngio.dll
2011-02-27 18:07 - 2010-01-08 18:17 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
2009-06-27 11:11 - 2009-06-27 11:11 - 00503202 _____ () C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
2009-10-26 14:16 - 2009-10-26 14:16 - 00170216 _____ (DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\plugins\ZyngaGames\ZyngaGames.dll
2009-07-14 01:39 - 2009-07-14 03:15 - 00486912 _____ (Microsoft Corporation) C:\Windows\syswow64\COMDLG32.dll
2013-04-12 22:33 - 2013-02-22 05:38 - 01104384 _____ (Microsoft Corporation) C:\Windows\syswow64\urlmon.dll
2009-07-14 02:07 - 2009-07-14 03:14 - 00064000 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\l3codeca.acm
2012-01-18 20:36 - 2009-07-20 05:00 - 00010752 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\x86\IMHook.dll
2012-01-18 20:36 - 2009-07-20 05:00 - 00013824 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\x86\AdobeHookDll.dll
2012-01-18 20:36 - 2009-07-20 05:00 - 00014336 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\x86\AOLHookDll.dll
2012-01-18 20:36 - 2009-07-20 05:00 - 00069632 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\x86\MessengerHook.dll
2012-01-18 20:36 - 2009-07-20 05:00 - 00012288 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\x86\HookDll.dll
2012-01-18 20:36 - 2009-07-20 05:00 - 00027648 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\x86\KEMHook.dll
2012-06-11 14:34 - 2012-03-01 07:45 - 00158720 _____ (Microsoft Corporation) C:\Windows\syswow64\IMAGEHLP.DLL
2013-04-12 22:33 - 2013-02-22 05:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\syswow64\wininet.dll
2011-09-02 22:58 - 2008-06-19 17:35 - 00333288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\sqlite3.dll
2012-10-20 15:28 - 2012-06-02 06:45 - 01157632 _____ (Microsoft Corporation) C:\Windows\syswow64\crypt32.dll
2009-07-14 01:15 - 2009-07-14 03:16 - 00006144 _____ (Microsoft Corporation) C:\Windows\syswow64\psapi.dll
2011-09-02 22:58 - 2008-03-04 14:52 - 00790392 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll
2011-09-02 22:58 - 2008-03-05 09:34 - 00795520 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll
2011-09-02 22:58 - 2008-02-26 11:04 - 00717176 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll
2011-09-02 22:58 - 2007-12-24 01:05 - 00121344 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
2011-12-23 00:22 - 2011-08-27 06:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OLEACC.dll
2013-09-20 09:17 - 2013-09-17 05:20 - 47033808 _____ (Google Inc.) C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\chrome.dll
2013-09-20 09:17 - 2013-09-17 05:20 - 09962960 _____ (The ICU Project) C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\icudt.dll
2013-04-12 22:33 - 2013-02-22 05:38 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2009-07-14 01:16 - 2009-07-14 03:16 - 01668608 _____ (Microsoft Corporation) C:\Windows\syswow64\setupapi.dll
2013-09-20 09:17 - 2013-09-17 03:23 - 03231688 _____ (Microsoft Corporation) C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\D3DCompiler_46.dll
2013-09-20 09:17 - 2013-09-17 05:20 - 00709584 _____ () C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\libglesv2.dll
2013-09-20 09:17 - 2013-09-17 05:20 - 00099792 _____ () C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\libegl.dll
2013-09-20 09:17 - 2013-09-17 05:21 - 04053456 _____ () C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
2013-09-20 09:17 - 2013-09-17 05:21 - 00410576 _____ () C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
2013-09-20 09:17 - 2013-09-17 05:20 - 02110928 _____ (Google Inc.) C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\libpeerconnection.dll
2013-09-20 09:17 - 2013-09-17 05:20 - 01604560 _____ () C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
2013-06-13 02:28 - 2013-06-13 02:28 - 00953704 _____ (Terra Informatica Software, Inc., British Columbia, Canada.) C:\Program Files (x86)\Ad-Aware Antivirus\htmlayout.dll
2009-07-14 01:25 - 2009-07-14 03:11 - 00119808 _____ (Microsoft Corporation) C:\Windows\syswow64\IMM32.dll
2012-09-20 05:38 - 2012-09-20 05:38 - 00056712 _____ (GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvcPS.dll
2011-02-28 09:46 - 2010-11-02 06:40 - 00496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2013-06-13 02:27 - 2013-06-13 02:27 - 00465248 _____ (GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\cart\CartSdk.dll
2009-07-14 01:15 - 2009-07-14 03:10 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SFC.DLL
2012-03-08 18:16 - 2012-03-08 18:16 - 00284512 _____ ( ) C:\Program Files (x86)\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll
2013-04-12 22:33 - 2013-02-22 05:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/23/2013 10:00:29 AM) (Source: MsiInstaller) (User: WINDOWSPC)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011004}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (09/16/2013 10:01:44 AM) (Source: MsiInstaller) (User: WINDOWSPC)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011004}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (09/04/2013 07:59:52 PM) (Source: MsiInstaller) (User: WINDOWSPC)
Description: Produkt: HP Deskjet 3000 J310 series - Grundlegende Software für das Gerät -- Fehler 25025. Fehler 3: Fehler beim Kopieren der Port-Überwachungsdateien.
Error: (09/04/2013 07:58:59 PM) (Source: MsiInstaller) (User: WINDOWSPC)
Description: Produkt: HP Deskjet 3000 J310 series - Grundlegende Software für das Gerät -- Fehler 25025. Fehler 3: Fehler beim Kopieren der Port-Überwachungsdateien.
Error: (09/04/2013 07:58:55 PM) (Source: MsiInstaller) (User: WINDOWSPC)
Description: Produkt: HP Deskjet 3000 J310 series - Grundlegende Software für das Gerät -- Fehler 25026. Fehler 1722: Fehler beim Hinzufügen der Port-Überwachung HP Discovery Port Monitor (HP Deskjet 3000 J310 series).
Error: (09/04/2013 07:55:26 PM) (Source: MsiInstaller) (User: WINDOWSPC)
Description: Produkt: HP Deskjet 3000 J310 series - Grundlegende Software für das Gerät -- Fehler 25024. Error -2081883393: Failed to uninstall CN0C625K9N05HZ device.
Error: (09/04/2013 07:55:18 PM) (Source: MsiInstaller) (User: WINDOWSPC)
Description: Produkt: HP Deskjet 3000 J310 series - Grundlegende Software für das Gerät -- Fehler 25024. Error -2081883393: Failed to uninstall CN0C625K9N05HZ device.
Error: (09/04/2013 07:54:46 PM) (Source: MsiInstaller) (User: WINDOWSPC)
Description: Produkt: HP Deskjet 3000 J310 series - Grundlegende Software für das Gerät -- Fehler 25024. Error -2081883393: Failed to uninstall CN0C625K9N05HZ device.
Error: (09/04/2013 07:41:01 PM) (Source: MsiInstaller) (User: WINDOWSPC)
Description: Produkt: HP Deskjet 3000 J310 series - Grundlegende Software für das Gerät -- Fehler 25024. Error -2081883393: Failed to uninstall CN0C625K9N05HZ device.
Error: (09/02/2013 11:38:56 AM) (Source: MsiInstaller) (User: WINDOWSPC)
Description: Product: HPPhotosmartEssential -- Error 1706. An installation package for the product HPPhotosmartEssential cannot be found. Try the installation again using a valid copy of the installation package 'HPPhotosmartEssential.msi'.
System errors:
=============
Error: (09/24/2013 10:04:48 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/24/2013 08:40:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "HTTP" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (09/24/2013 08:40:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "HTTP" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (09/24/2013 08:40:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "HTTP" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (09/24/2013 08:40:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/24/2013 08:40:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" ist vom Dienst "HTTP" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (09/24/2013 08:40:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuchanbieter-Host" ist vom Dienst "HTTP" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (09/24/2013 08:40:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "HTTP" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (09/24/2013 08:40:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "HTTP" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (09/24/2013 08:40:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "HTTP" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Microsoft Office Sessions:
=========================
Error: (11/02/2011 10:56:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 111 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 24%
Total physical RAM: 12286.18 MB
Available physical RAM: 9235.46 MB
Total Pagefile: 24570.5 MB
Available Pagefile: 20945.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:105.11 GB) (Free:11.66 GB) NTFS
Drive d: () (Fixed) (Total:149 GB) (Free:37.02 GB) NTFS
Drive f: (COSMOPOLITAN) (CDROM) (Total:4.19 GB) (Free:0 GB) UDF
Drive g: (Volume) (Fixed) (Total:781.25 GB) (Free:658.12 GB) NTFS
Drive h: (Volume) (Fixed) (Total:488.28 GB) (Free:350.87 GB) NTFS
Drive i: (Volume) (Fixed) (Total:488.28 GB) (Free:228.12 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C9A48BB1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=105 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=781 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=977 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 149 GB) (Disk ID: AFCBAFCB)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 149 GB) (Disk ID: 0009EA20)
Partition 1: (Not Active) - (Size=93 MB) - (Type=83)
Partition 2: (Not Active) - (Size=977 MB) - (Type=82)
Partition 3: (Not Active) - (Size=55 GB) - (Type=83)
Partition 4: (Not Active) - (Size=93 GB) - (Type=83)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2013
Ran by Flores (administrator) on WINDOWSPC on 24-09-2013 10:50:04
Running from C:\Users\Flores\Desktop\tools
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
() C:\Windows\DAODx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Logitech, Inc.) G:\mausscheisse\SetPoint\SetPoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(
ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU\EPU.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() G:\mausscheisse\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Visicom Media Inc.) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\ffHelper.exe
(Lavasoft) C:\ProgramData\Search Protection\SearchProtection.exe
(Google Inc.) C:\Users\Flores\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Flores\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Flores\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Flores\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Flores\AppData\Local\Google\Chrome\Application\chrome.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Lavasoft Limited) C:\PROGRA~2\AD-AWA~1\AdAware.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Google Inc.) C:\Users\Flores\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe
(Google Inc.) C:\Users\Flores\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [CmPCIaudio] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Google Update] - C:\Users\Flores\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-03-28] (Google Inc.)
HKCU\...\Runonce: [adawarebp] - reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
HKCU\...\Runonce: [adawarebp_XP] - reg.exe delete "HKCU\Software\adawarebp" /f
MountPoints2: {38b68dbb-5a20-11e0-be8a-20cf30bf92b8} - G:\AutoRun.exe
MountPoints2: {38b68dcb-5a20-11e0-be8a-20cf30bf92b8} - G:\AutoRun.exe
MountPoints2: {38b68dd7-5a20-11e0-be8a-20cf30bf92b8} - K:\AutoRun.exe
MountPoints2: {410efac2-5b65-11e0-9a71-001e101f859f} - G:\AutoRun.exe
MountPoints2: {a0eb7129-e7b5-11e0-89c1-20cf30bf92b8} - J:\INSTALL.EXE
MountPoints2: {b0b35a42-42c1-11e0-8da2-806e6f6e6963} - F:\.\Bin\ASSETUP.exe
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Six Engine] - C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-03-16] (
ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [BCU] - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [375000 2009-10-26] (DeviceVM, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4241512 2012-03-07] (AVAST Software)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] - G:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe [943016 2013-06-13] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=___userid___
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBDBC55C997D6CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.)
URLSearchHook: (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {6EB971CA-7AD8-4912-A40A-C1024A2CC0A9} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: RewardsArcade - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll (215 Apps)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll No File
Toolbar: HKLM - Community Smart Bar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Community Smart Bar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{6278C29C-68B5-4D63-87E1-9ACD421D1145}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{C4239820-7EAD-455C-9D27-20A1B40F53E3}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{C58C5C8D-1B8E-4548-8705-F5043E83C0AA}: [NameServer]193.189.244.225 193.189.244.206
FireFox:
========
FF ProfilePath: C:\Users\Flores\AppData\Roaming\Mozilla\Firefox\Profiles\tmhqzx0t.default
FF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=___userid___
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Flores\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Flores\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Vuze Remote Community Toolbar - C:\Users\Flores\AppData\Roaming\Mozilla\Firefox\Profiles\tmhqzx0t.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF Extension: No Name - C:\Users\Flores\AppData\Roaming\Mozilla\Firefox\Profiles\tmhqzx0t.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Flores\AppData\Roaming\Mozilla\Firefox\Profiles\tmhqzx0t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [crossriderapp498@crossrider.com] - C:\Users\Flores\AppData\Local\RewardsArcade\498\Firefox
FF Extension: No Name - C:\Users\Flores\AppData\Local\RewardsArcade\498\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=___userid___
CHR RestoreOnStartup: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=___userid___"
CHR DefaultSearchURL: (SecureSearch) - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
CHR DefaultSuggestURL: (SecureSearch) - "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Flores\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (Google Docs) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Google Search) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RewardsArcade) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.23.177_0
CHR Extension: (avast! WebRep) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Lavasoft NewTab) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12_0
CHR Extension: (Gmail) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - C:\Users\Flores\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx
CHR HKLM-x32\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - C:\Users\Flores\AppData\Local\Temp\tbch.crx
==================== Services (Whitelisted) =================
R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [109056 2010-06-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768 2012-03-07] (AVAST Software)
R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-10-16] (DeviceVM, Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [x]
S3 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [x]
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [69976 2012-03-07] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-07] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-07] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-07] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-07] (AVAST Software)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2012-03-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-29] (Avira Operations GmbH & Co. KG)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1154560 2009-05-19] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-09-25] (DT Soft Ltd)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2010-05-11] (Huawei Technologies Co., Ltd.)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-24] (GFI Software)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-05-11] (Huawei Technologies Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2012-03-04] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-24 10:49 - 2013-09-24 10:49 - 00000000 ____D C:\FRST
2013-09-24 10:42 - 2013-09-24 10:49 - 00000000 ____D C:\Users\Flores\Desktop\tools
2013-09-24 10:42 - 2013-09-24 10:42 - 00000000 _____ C:\Users\Flores\defogger_reenable
2013-09-24 09:59 - 2013-09-24 09:59 - 00004326 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-09-24 09:59 - 2013-09-24 09:59 - 00000000 ____D C:\Users\Flores\AppData\Roaming\LavasoftStatistics
2013-09-24 09:59 - 2013-09-24 09:59 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-09-24 09:47 - 2013-09-24 09:59 - 00001868 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-09-24 09:47 - 2013-09-24 09:59 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-09-24 09:47 - 2013-09-24 09:47 - 00000000 ____D C:\ProgramData\Lavasoft
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\Users\Flores\AppData\Local\adawarebp
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\ProgramData\Search Protection
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\ProgramData\blekko toolbars
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-09-24 09:44 - 2013-09-24 09:59 - 00000000 ____D C:\Users\Flores\AppData\Roaming\Ad-Aware Antivirus
2013-09-24 09:44 - 2013-09-24 09:44 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-09-24 09:44 - 2013-09-24 09:44 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-09-24 09:43 - 2013-09-24 09:43 - 05616264 _____ (Lavasoft Limited) C:\Users\Flores\Desktop\Adaware_Installer.exe
2013-09-24 08:45 - 2013-09-24 08:45 - 00000000 ____D C:\Users\Flores\AppData\Local\{41EDFF1A-628A-4CFF-8B4D-35782DFAF8B8}
2013-09-23 21:29 - 2013-09-23 21:29 - 00000053 _____ C:\Users\Flores\Desktop\google81f6ebbb071c6405.html
2013-09-23 19:18 - 2013-09-23 19:18 - 00537652 _____ C:\Users\Flores\.recently-used.xbel
2013-09-23 11:49 - 2013-09-23 11:49 - 00000000 ____D C:\Users\Flores\AppData\Local\{DCC5FAF3-4223-4942-BCAF-B433B851A546}
2013-09-22 23:48 - 2013-09-22 23:48 - 01799927 _____ C:\Users\Flores\Desktop\vanessa.zip
2013-09-22 23:48 - 2013-09-22 23:48 - 00000000 ____D C:\Users\Flores\AppData\Local\{365E8A29-AB8A-459F-AF9B-2B70ADF9FE0E}
2013-09-22 10:42 - 2013-09-22 10:42 - 00000000 ____D C:\Users\Flores\AppData\Local\{60FBB7B6-2057-48CC-A087-27B4B0128597}
2013-09-22 10:06 - 2013-09-22 10:06 - 00291296 _____ C:\Windows\Minidump\092213-69420-01.dmp
2013-09-21 21:38 - 2013-09-21 21:38 - 00000000 ____D C:\Users\Flores\AppData\Local\{1234C4B2-3779-4019-B40E-60583EEDD8B4}
2013-09-21 15:27 - 2013-09-21 15:27 - 98547399 _____ C:\Windows\SysWOW64\醔쟫브“
2013-09-21 09:37 - 2013-09-21 09:38 - 00000000 ____D C:\Users\Flores\AppData\Local\{62A9BEEB-ADCD-4A2E-A7AA-1169E2605636}
2013-09-20 20:45 - 2013-09-20 20:45 - 00000000 ____D C:\Users\Flores\AppData\Local\{8255E3CB-41FA-4BE4-B101-EAB7720D6C91}
2013-09-20 08:19 - 2013-09-20 08:19 - 00000000 ____D C:\Users\Flores\AppData\Local\{822B417C-DE28-4484-A9B4-F0C8B0A108C3}
2013-09-19 11:10 - 2013-09-19 11:10 - 00000000 ____D C:\Users\Flores\AppData\Local\{14321BD9-C624-41B0-98EE-AB4A2D25AE44}
2013-09-18 22:20 - 2013-09-18 22:20 - 00000000 ____D C:\Users\Flores\AppData\Local\{314A1262-7F99-48CB-B81D-7C9573A055F3}
2013-09-18 10:19 - 2013-09-18 10:19 - 00000000 ____D C:\Users\Flores\AppData\Local\{507108AA-82EF-4EA7-8684-947155DE7689}
2013-09-17 22:18 - 2013-09-17 22:19 - 00000000 ____D C:\Users\Flores\AppData\Local\{5FE8550E-14C6-4EBE-BF02-F723AE64BD75}
2013-09-17 09:58 - 2013-09-17 09:58 - 00000000 ____D C:\Users\Flores\AppData\Local\{C9AE66BD-0F25-4320-95D7-3EE5D30D5CB1}
2013-09-16 21:57 - 2013-09-16 21:58 - 00000000 ____D C:\Users\Flores\AppData\Local\{8CF31A30-D1C5-49A8-9333-7F4DF75368C2}
2013-09-16 09:57 - 2013-09-16 09:57 - 00000000 ____D C:\Users\Flores\AppData\Local\{C9834061-DED0-47C7-BB71-84F4630CA926}
2013-09-15 10:24 - 2013-09-15 10:24 - 00000000 ____D C:\Users\Flores\AppData\Local\{C75A71B6-70DC-4088-A914-55D3C4A27FBF}
2013-09-14 22:23 - 2013-09-14 22:24 - 00000000 ____D C:\Users\Flores\AppData\Local\{0FF02114-5437-42C6-A831-60A4BAEFC6D7}
2013-09-14 10:23 - 2013-09-14 10:23 - 00000000 ____D C:\Users\Flores\AppData\Local\{F54EA2C2-1F3F-488A-8241-AAF129EF1D4A}
2013-09-13 22:13 - 2013-09-13 22:13 - 00000000 ____D C:\Users\Flores\AppData\Local\{A8E42B02-5A57-45C5-B62D-1A76242BDC47}
2013-09-13 10:12 - 2013-09-13 10:12 - 00000000 ____D C:\Users\Flores\AppData\Local\{F2D0A4F4-A560-4A6C-8046-B04974616ADC}
2013-09-12 22:03 - 2013-09-12 22:03 - 00000000 ____D C:\Users\Flores\AppData\Local\{6EFF57A7-66B3-44F7-A607-672FAB4B7D5D}
2013-09-12 10:03 - 2013-09-12 10:03 - 00000000 ____D C:\Users\Flores\AppData\Local\{5EF41BB7-0AB8-424B-AF58-B8C52D68FE83}
2013-09-11 22:02 - 2013-09-11 22:02 - 00000000 ____D C:\Users\Flores\AppData\Local\{48ED88E1-85F3-4A3B-9595-FB4D61B32F0B}
2013-09-11 10:02 - 2013-09-11 10:02 - 00000000 ____D C:\Users\Flores\AppData\Local\{D0A70605-DFA8-4336-8C7E-5088DD5A5C49}
2013-09-10 22:01 - 2013-09-10 22:01 - 00000000 ____D C:\Users\Flores\AppData\Local\{C50227C3-42CA-4FAD-8AAD-219CAAC6FA0D}
2013-09-10 10:00 - 2013-09-10 10:01 - 00000000 ____D C:\Users\Flores\AppData\Local\{831420DA-15D0-4A1D-B0B4-D6999E8730D1}
2013-09-09 22:23 - 2013-09-09 22:23 - 00010514 _____ C:\Users\Flores\Desktop\want you back.ods
2013-09-09 22:00 - 2013-09-09 22:00 - 00000000 ____D C:\Users\Flores\AppData\Local\{C491EF05-8228-488D-84B2-DE4E1FE75616}
2013-09-09 09:59 - 2013-09-09 10:00 - 00000000 ____D C:\Users\Flores\AppData\Local\{EBE863DB-177E-4CFA-9CA8-E632116038BD}
2013-09-08 21:39 - 2013-09-08 21:39 - 00000000 ____D C:\Users\Flores\AppData\Local\{697CFFD1-6FF5-469A-A07C-6426E3BA3307}
2013-09-08 09:38 - 2013-09-08 09:38 - 00000000 ____D C:\Users\Flores\AppData\Local\{1D9D232B-326E-4FE4-B438-8A7C3A9A7E0F}
2013-09-07 09:22 - 2013-09-07 09:22 - 00000000 ____D C:\Users\Flores\AppData\Local\{F4D020DD-6FC4-4D8D-8C18-99C6D152F9AE}
2013-09-06 11:51 - 2013-09-06 11:51 - 00000000 ____D C:\Users\Flores\AppData\Local\{1F94DFEA-DC8E-4048-9DAB-2CFFB358E610}
2013-09-05 23:50 - 2013-09-05 23:51 - 00000000 ____D C:\Users\Flores\AppData\Local\{ECBAD234-9262-46E8-ACD8-DB75F6EAA9AD}
2013-09-05 13:22 - 2013-07-08 02:15 - 00000000 ____D C:\Users\Flores\Desktop\015_Evelin
2013-09-05 11:36 - 2013-09-05 11:58 - 177107930 _____ C:\Users\Flores\Desktop\015_Evelin.zip
2013-09-05 11:11 - 2013-09-05 11:25 - 00000000 ____D C:\Users\Flores\Desktop\Fetisch
2013-09-05 10:17 - 2013-09-05 10:17 - 00000000 ____D C:\Users\Flores\AppData\Local\{5BD4D89B-27D6-4042-85E5-A78407F9AB48}
2013-09-04 23:39 - 2013-09-04 23:41 - 00000000 ____D C:\Windows\system32\MRT
2013-09-04 23:37 - 2013-09-04 23:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-04 23:37 - 2013-09-04 23:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-04 21:29 - 2013-09-04 21:29 - 00000000 ____D C:\Users\Flores\AppData\Local\{2A10A133-9F89-46D3-B822-BD98313EA9F3}
2013-09-04 19:54 - 2013-09-04 19:54 - 00000057 _____ C:\ProgramData\Ament.ini
2013-09-04 09:28 - 2013-09-04 09:28 - 00000000 ____D C:\Users\Flores\AppData\Local\{3C6829A1-E467-4E28-B63D-4BE18C6A5DDE}
2013-09-03 19:36 - 2013-09-03 21:05 - 00019626 _____ C:\Users\Flores\Desktop\mail to do sept.ods
2013-09-03 11:00 - 2013-09-03 11:00 - 00000000 ____D C:\Users\Flores\AppData\Local\{0313E221-8193-42CF-A92B-386E7F772DDD}
2013-09-02 22:59 - 2013-09-02 23:00 - 00000000 ____D C:\Users\Flores\AppData\Local\{4E916835-1E75-4496-BE23-64EBF84DEF6B}
2013-09-02 16:44 - 2013-09-17 11:30 - 00017713 _____ C:\Users\Flores\Desktop\abrechnung august.ods
2013-09-02 10:59 - 2013-09-02 10:59 - 00000000 ____D C:\Users\Flores\AppData\Local\{32675FDE-818F-4DA3-B686-2C7D92DE1186}
2013-09-01 22:58 - 2013-09-01 22:58 - 00000000 ____D C:\Users\Flores\AppData\Local\{190653B4-8602-4888-A653-65D16542F87B}
2013-09-01 09:40 - 2013-09-01 09:41 - 00000000 ____D C:\Users\Flores\AppData\Local\{73C60BE1-9F8A-4A35-B287-F9AD18FF5EAC}
2013-08-31 12:12 - 2013-08-31 12:13 - 00000000 ____D C:\Users\Flores\AppData\Local\{8F24E12C-4EAB-492B-9B6E-BA029437DE45}
2013-08-31 00:12 - 2013-08-31 00:12 - 00000000 ____D C:\Users\Flores\AppData\Local\{A6C33172-B4E0-420A-AC62-552E8C908583}
2013-08-30 12:11 - 2013-08-30 12:12 - 00000000 ____D C:\Users\Flores\AppData\Local\{352B5599-3398-4F47-8BD5-00DC0ED76B1D}
2013-08-30 00:11 - 2013-08-30 00:11 - 00000000 ____D C:\Users\Flores\AppData\Local\{891C61BF-B667-4D00-AF3F-ED8C6FEA21A5}
2013-08-29 09:31 - 2013-08-29 09:31 - 00000000 ____D C:\Users\Flores\AppData\Local\{2C116E6A-66A7-470A-903F-64A83177840D}
2013-08-28 21:30 - 2013-08-28 21:31 - 00000000 ____D C:\Users\Flores\AppData\Local\{2FB19EB4-295F-42D6-AFCC-D384679D8DC0}
2013-08-28 09:30 - 2013-08-28 09:30 - 00000000 ____D C:\Users\Flores\AppData\Local\{71D04791-BA1D-47CD-BBE3-330245BB823E}
2013-08-27 21:06 - 2013-08-27 21:07 - 00000000 ____D C:\Users\Flores\AppData\Local\{D443EB66-B158-4299-886C-C02580508B64}
2013-08-27 09:06 - 2013-08-27 09:06 - 00000000 ____D C:\Users\Flores\AppData\Local\{DB649F53-A2F2-425D-BC86-ECE70CB399F1}
2013-08-26 21:05 - 2013-08-26 21:06 - 00000000 ____D C:\Users\Flores\AppData\Local\{66EBDA82-E1EF-44C9-9CAC-69A14D1C5E9C}
2013-08-26 09:05 - 2013-08-26 09:05 - 00000000 ____D C:\Users\Flores\AppData\Local\{E122A664-4B30-403C-9FA4-C059560D88A2}
2013-08-25 09:57 - 2013-08-25 11:59 - 00018561 _____ C:\Users\Flores\Desktop\mail to do sinti.ods
2013-08-25 09:44 - 2013-08-25 09:44 - 00000000 ____D C:\Users\Flores\AppData\Local\{7FC7C1FD-8061-4680-9DFA-5F489EB27DB3}
==================== One Month Modified Files and Folders =======
2013-09-24 10:49 - 2013-09-24 10:49 - 00000000 ____D C:\FRST
2013-09-24 10:49 - 2013-09-24 10:42 - 00000000 ____D C:\Users\Flores\Desktop\tools
2013-09-24 10:49 - 2011-03-04 19:29 - 00000000 ____D C:\Users\Flores\AppData\Roaming\Skype
2013-09-24 10:42 - 2013-09-24 10:42 - 00000000 _____ C:\Users\Flores\defogger_reenable
2013-09-24 10:42 - 2011-02-27 17:41 - 00000000 ____D C:\Users\Flores
2013-09-24 10:35 - 2011-02-27 18:09 - 00000177 ____H C:\dvmexp.idx
2013-09-24 10:33 - 2012-07-25 18:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-24 10:33 - 2011-02-27 20:43 - 00000000 ____D C:\Users\Flores\.gimp-2.6
2013-09-24 10:15 - 2013-03-28 14:26 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2760105893-1207353389-577432222-1000UA.job
2013-09-24 09:59 - 2013-09-24 09:59 - 00004326 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-09-24 09:59 - 2013-09-24 09:59 - 00000000 ____D C:\Users\Flores\AppData\Roaming\LavasoftStatistics
2013-09-24 09:59 - 2013-09-24 09:59 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-09-24 09:59 - 2013-09-24 09:47 - 00001868 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-09-24 09:59 - 2013-09-24 09:47 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-09-24 09:59 - 2013-09-24 09:44 - 00000000 ____D C:\Users\Flores\AppData\Roaming\Ad-Aware Antivirus
2013-09-24 09:47 - 2013-09-24 09:47 - 00000000 ____D C:\ProgramData\Lavasoft
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\Users\Flores\AppData\Local\adawarebp
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\ProgramData\Search Protection
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\ProgramData\blekko toolbars
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-09-24 09:44 - 2013-09-24 09:44 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-09-24 09:44 - 2013-09-24 09:44 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-09-24 09:43 - 2013-09-24 09:43 - 05616264 _____ (Lavasoft Limited) C:\Users\Flores\Desktop\Adaware_Installer.exe
2013-09-24 08:45 - 2013-09-24 08:45 - 00000000 ____D C:\Users\Flores\AppData\Local\{41EDFF1A-628A-4CFF-8B4D-35782DFAF8B8}
2013-09-24 08:40 - 2011-02-28 00:37 - 01551684 _____ C:\Windows\WindowsUpdate.log
2013-09-24 08:40 - 2009-07-14 06:51 - 00797024 _____ C:\Windows\setupact.log
2013-09-24 08:32 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-24 08:32 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-24 08:24 - 2011-02-27 17:51 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-24 08:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-23 21:31 - 2013-07-16 16:23 - 00000000 ____D C:\Users\Flores\Desktop\zzz
2013-09-23 21:29 - 2013-09-23 21:29 - 00000053 _____ C:\Users\Flores\Desktop\google81f6ebbb071c6405.html
2013-09-23 19:18 - 2013-09-23 19:18 - 00537652 _____ C:\Users\Flores\.recently-used.xbel
2013-09-23 19:18 - 2011-02-27 20:45 - 00000000 ____D C:\Users\Flores\AppData\Roaming\gtk-2.0
2013-09-23 19:15 - 2013-03-28 14:26 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2760105893-1207353389-577432222-1000Core.job
2013-09-23 11:49 - 2013-09-23 11:49 - 00000000 ____D C:\Users\Flores\AppData\Local\{DCC5FAF3-4223-4942-BCAF-B433B851A546}
2013-09-22 23:48 - 2013-09-22 23:48 - 01799927 _____ C:\Users\Flores\Desktop\vanessa.zip
2013-09-22 23:48 - 2013-09-22 23:48 - 00000000 ____D C:\Users\Flores\AppData\Local\{365E8A29-AB8A-459F-AF9B-2B70ADF9FE0E}
2013-09-22 10:42 - 2013-09-22 10:42 - 00000000 ____D C:\Users\Flores\AppData\Local\{60FBB7B6-2057-48CC-A087-27B4B0128597}
2013-09-22 10:06 - 2013-09-22 10:06 - 00291296 _____ C:\Windows\Minidump\092213-69420-01.dmp
2013-09-22 10:06 - 2011-03-30 19:04 - 00000000 ____D C:\Windows\Minidump
2013-09-21 21:38 - 2013-09-21 21:38 - 00000000 ____D C:\Users\Flores\AppData\Local\{1234C4B2-3779-4019-B40E-60583EEDD8B4}
2013-09-21 15:33 - 2012-07-25 18:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-21 15:33 - 2012-07-25 18:30 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-21 15:33 - 2011-05-17 09:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-21 15:27 - 2013-09-21 15:27 - 98547399 _____ C:\Windows\SysWOW64\醔쟫브“
2013-09-21 09:38 - 2013-09-21 09:37 - 00000000 ____D C:\Users\Flores\AppData\Local\{62A9BEEB-ADCD-4A2E-A7AA-1169E2605636}
2013-09-20 20:45 - 2013-09-20 20:45 - 00000000 ____D C:\Users\Flores\AppData\Local\{8255E3CB-41FA-4BE4-B101-EAB7720D6C91}
2013-09-20 08:19 - 2013-09-20 08:19 - 00000000 ____D C:\Users\Flores\AppData\Local\{822B417C-DE28-4484-A9B4-F0C8B0A108C3}
2013-09-19 11:10 - 2013-09-19 11:10 - 00000000 ____D C:\Users\Flores\AppData\Local\{14321BD9-C624-41B0-98EE-AB4A2D25AE44}
2013-09-18 22:20 - 2013-09-18 22:20 - 00000000 ____D C:\Users\Flores\AppData\Local\{314A1262-7F99-48CB-B81D-7C9573A055F3}
2013-09-18 10:19 - 2013-09-18 10:19 - 00000000 ____D C:\Users\Flores\AppData\Local\{507108AA-82EF-4EA7-8684-947155DE7689}
2013-09-17 22:19 - 2013-09-17 22:18 - 00000000 ____D C:\Users\Flores\AppData\Local\{5FE8550E-14C6-4EBE-BF02-F723AE64BD75}
2013-09-17 11:30 - 2013-09-02 16:44 - 00017713 _____ C:\Users\Flores\Desktop\abrechnung august.ods
2013-09-17 09:58 - 2013-09-17 09:58 - 00000000 ____D C:\Users\Flores\AppData\Local\{C9AE66BD-0F25-4320-95D7-3EE5D30D5CB1}
2013-09-16 21:58 - 2013-09-16 21:57 - 00000000 ____D C:\Users\Flores\AppData\Local\{8CF31A30-D1C5-49A8-9333-7F4DF75368C2}
2013-09-16 09:57 - 2013-09-16 09:57 - 00000000 ____D C:\Users\Flores\AppData\Local\{C9834061-DED0-47C7-BB71-84F4630CA926}
2013-09-15 19:56 - 2012-10-04 22:29 - 00000000 ____D C:\Users\Flores\Desktop\abrechnungen
2013-09-15 10:24 - 2013-09-15 10:24 - 00000000 ____D C:\Users\Flores\AppData\Local\{C75A71B6-70DC-4088-A914-55D3C4A27FBF}
2013-09-14 22:24 - 2013-09-14 22:23 - 00000000 ____D C:\Users\Flores\AppData\Local\{0FF02114-5437-42C6-A831-60A4BAEFC6D7}
2013-09-14 10:23 - 2013-09-14 10:23 - 00000000 ____D C:\Users\Flores\AppData\Local\{F54EA2C2-1F3F-488A-8241-AAF129EF1D4A}
2013-09-13 22:13 - 2013-09-13 22:13 - 00000000 ____D C:\Users\Flores\AppData\Local\{A8E42B02-5A57-45C5-B62D-1A76242BDC47}
2013-09-13 10:12 - 2013-09-13 10:12 - 00000000 ____D C:\Users\Flores\AppData\Local\{F2D0A4F4-A560-4A6C-8046-B04974616ADC}
2013-09-12 22:03 - 2013-09-12 22:03 - 00000000 ____D C:\Users\Flores\AppData\Local\{6EFF57A7-66B3-44F7-A607-672FAB4B7D5D}
2013-09-12 10:03 - 2013-09-12 10:03 - 00000000 ____D C:\Users\Flores\AppData\Local\{5EF41BB7-0AB8-424B-AF58-B8C52D68FE83}
2013-09-11 22:02 - 2013-09-11 22:02 - 00000000 ____D C:\Users\Flores\AppData\Local\{48ED88E1-85F3-4A3B-9595-FB4D61B32F0B}
2013-09-11 10:02 - 2013-09-11 10:02 - 00000000 ____D C:\Users\Flores\AppData\Local\{D0A70605-DFA8-4336-8C7E-5088DD5A5C49}
2013-09-10 22:01 - 2013-09-10 22:01 - 00000000 ____D C:\Users\Flores\AppData\Local\{C50227C3-42CA-4FAD-8AAD-219CAAC6FA0D}
2013-09-10 10:01 - 2013-09-10 10:00 - 00000000 ____D C:\Users\Flores\AppData\Local\{831420DA-15D0-4A1D-B0B4-D6999E8730D1}
2013-09-09 22:23 - 2013-09-09 22:23 - 00010514 _____ C:\Users\Flores\Desktop\want you back.ods
2013-09-09 22:00 - 2013-09-09 22:00 - 00000000 ____D C:\Users\Flores\AppData\Local\{C491EF05-8228-488D-84B2-DE4E1FE75616}
2013-09-09 10:00 - 2013-09-09 09:59 - 00000000 ____D C:\Users\Flores\AppData\Local\{EBE863DB-177E-4CFA-9CA8-E632116038BD}
2013-09-08 21:39 - 2013-09-08 21:39 - 00000000 ____D C:\Users\Flores\AppData\Local\{697CFFD1-6FF5-469A-A07C-6426E3BA3307}
2013-09-08 15:04 - 2011-02-28 00:21 - 00000000 ____D C:\Users\Flores\Desktop\chatarbeit
2013-09-08 09:38 - 2013-09-08 09:38 - 00000000 ____D C:\Users\Flores\AppData\Local\{1D9D232B-326E-4FE4-B438-8A7C3A9A7E0F}
2013-09-07 09:22 - 2013-09-07 09:22 - 00000000 ____D C:\Users\Flores\AppData\Local\{F4D020DD-6FC4-4D8D-8C18-99C6D152F9AE}
2013-09-06 11:51 - 2013-09-06 11:51 - 00000000 ____D C:\Users\Flores\AppData\Local\{1F94DFEA-DC8E-4048-9DAB-2CFFB358E610}
2013-09-05 23:51 - 2013-09-05 23:50 - 00000000 ____D C:\Users\Flores\AppData\Local\{ECBAD234-9262-46E8-ACD8-DB75F6EAA9AD}
2013-09-05 11:58 - 2013-09-05 11:36 - 177107930 _____ C:\Users\Flores\Desktop\015_Evelin.zip
2013-09-05 11:25 - 2013-09-05 11:11 - 00000000 ____D C:\Users\Flores\Desktop\Fetisch
2013-09-05 10:17 - 2013-09-05 10:17 - 00000000 ____D C:\Users\Flores\AppData\Local\{5BD4D89B-27D6-4042-85E5-A78407F9AB48}
2013-09-05 10:04 - 2011-02-27 21:17 - 06577148 _____ C:\Windows\PFRO.log
2013-09-04 23:41 - 2013-09-04 23:39 - 00000000 ____D C:\Windows\system32\MRT
2013-09-04 23:41 - 2011-02-27 20:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-04 23:39 - 2011-03-20 22:49 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-04 23:37 - 2013-09-04 23:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-04 23:37 - 2013-09-04 23:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-04 21:29 - 2013-09-04 21:29 - 00000000 ____D C:\Users\Flores\AppData\Local\{2A10A133-9F89-46D3-B822-BD98313EA9F3}
2013-09-04 19:58 - 2011-02-27 20:07 - 00000000 ____D C:\ProgramData\HP
2013-09-04 19:54 - 2013-09-04 19:54 - 00000057 _____ C:\ProgramData\Ament.ini
2013-09-04 15:18 - 2013-05-07 14:44 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-04 15:18 - 2013-03-29 00:24 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-04 15:18 - 2013-03-29 00:24 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 09:28 - 2013-09-04 09:28 - 00000000 ____D C:\Users\Flores\AppData\Local\{3C6829A1-E467-4E28-B63D-4BE18C6A5DDE}
2013-09-03 21:05 - 2013-09-03 19:36 - 00019626 _____ C:\Users\Flores\Desktop\mail to do sept.ods
2013-09-03 11:00 - 2013-09-03 11:00 - 00000000 ____D C:\Users\Flores\AppData\Local\{0313E221-8193-42CF-A92B-386E7F772DDD}
2013-09-02 23:00 - 2013-09-02 22:59 - 00000000 ____D C:\Users\Flores\AppData\Local\{4E916835-1E75-4496-BE23-64EBF84DEF6B}
2013-09-02 11:36 - 2012-02-23 18:45 - 00000000 ____D C:\Users\Flores\AppData\Roaming\HpUpdate
2013-09-02 10:59 - 2013-09-02 10:59 - 00000000 ____D C:\Users\Flores\AppData\Local\{32675FDE-818F-4DA3-B686-2C7D92DE1186}
2013-09-01 22:58 - 2013-09-01 22:58 - 00000000 ____D C:\Users\Flores\AppData\Local\{190653B4-8602-4888-A653-65D16542F87B}
2013-09-01 09:41 - 2013-09-01 09:40 - 00000000 ____D C:\Users\Flores\AppData\Local\{73C60BE1-9F8A-4A35-B287-F9AD18FF5EAC}
2013-08-31 12:13 - 2013-08-31 12:12 - 00000000 ____D C:\Users\Flores\AppData\Local\{8F24E12C-4EAB-492B-9B6E-BA029437DE45}
2013-08-31 00:12 - 2013-08-31 00:12 - 00000000 ____D C:\Users\Flores\AppData\Local\{A6C33172-B4E0-420A-AC62-552E8C908583}
2013-08-30 12:12 - 2013-08-30 12:11 - 00000000 ____D C:\Users\Flores\AppData\Local\{352B5599-3398-4F47-8BD5-00DC0ED76B1D}
2013-08-30 00:15 - 2011-08-14 21:17 - 00000000 ____D C:\Users\Flores\Desktop\fotosprivat
2013-08-30 00:11 - 2013-08-30 00:11 - 00000000 ____D C:\Users\Flores\AppData\Local\{891C61BF-B667-4D00-AF3F-ED8C6FEA21A5}
2013-08-29 09:31 - 2013-08-29 09:31 - 00000000 ____D C:\Users\Flores\AppData\Local\{2C116E6A-66A7-470A-903F-64A83177840D}
2013-08-28 21:31 - 2013-08-28 21:30 - 00000000 ____D C:\Users\Flores\AppData\Local\{2FB19EB4-295F-42D6-AFCC-D384679D8DC0}
2013-08-28 09:30 - 2013-08-28 09:30 - 00000000 ____D C:\Users\Flores\AppData\Local\{71D04791-BA1D-47CD-BBE3-330245BB823E}
2013-08-27 21:07 - 2013-08-27 21:06 - 00000000 ____D C:\Users\Flores\AppData\Local\{D443EB66-B158-4299-886C-C02580508B64}
2013-08-27 09:06 - 2013-08-27 09:06 - 00000000 ____D C:\Users\Flores\AppData\Local\{DB649F53-A2F2-425D-BC86-ECE70CB399F1}
2013-08-26 21:06 - 2013-08-26 21:05 - 00000000 ____D C:\Users\Flores\AppData\Local\{66EBDA82-E1EF-44C9-9CAC-69A14D1C5E9C}
2013-08-26 09:05 - 2013-08-26 09:05 - 00000000 ____D C:\Users\Flores\AppData\Local\{E122A664-4B30-403C-9FA4-C059560D88A2}
2013-08-25 11:59 - 2013-08-25 09:57 - 00018561 _____ C:\Users\Flores\Desktop\mail to do sinti.ods
2013-08-25 09:44 - 2013-08-25 09:44 - 00000000 ____D C:\Users\Flores\AppData\Local\{7FC7C1FD-8061-4680-9DFA-5F489EB27DB3}
Files to move or delete:
====================
C:\ProgramData\0tbpw.pad
Some content of TEMP:
====================
C:\Users\Flores\AppData\Local\Temp\724f194c-de08-40e2-a117-7ed33aa47352.exe
C:\Users\Flores\AppData\Local\Temp\7cba4d50-919d-4164-a0cf-25af4d2b6993.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-21 11:31
==================== End Of Log ============================
--- --- --- --- --- --- defoger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:42 on 24/09/2013 (Flores)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Geändert von mmmari (24.09.2013 um 10:55 Uhr) Grund: Einfügen der CODE-Tags |
|
24.09.2013, 10:59
| #2 |
| /// Malwareteam   | Windows 7 64bit - Win32.downloader.gen (C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll) durch Spybot gefunden Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 3 poste bitte ein neues FRST Logfile und benutze bitte die Code Tags für alle Logfiles.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
24.09.2013, 11:44
| #3 |
| | Windows 7 64bit - Win32.downloader.gen (C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll) durch Spybot gefunden Hallo Aneri,
__________________erst einmal vielen Dank für deine schnelle Hilfe. Ich habe deine Anweisungen befolgt und hier die entsprechenden Logs (das JRT Log hat zu viele Zeichen um es im CODE Tag zu posten, soll ich es anhängen?): Code:
ATTFilter # AdwCleaner v3.005 - Bericht erstellt am 24/09/2013 um 12:09:17
# Updated 22/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzername : Flores - WINDOWSPC
# Gestartet von : C:\Users\Flores\Desktop\tools\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : BCUService
Dienst Gelöscht : DvmMDES
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\blekko toolbars
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\Search Protection
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine
Ordner Gelöscht : C:\Program Files (x86)\DeviceVM
Ordner Gelöscht : C:\Program Files (x86)\file scout
Ordner Gelöscht : C:\Program Files (x86)\RewardsArcade
Ordner Gelöscht : C:\Program Files (x86)\Vuze_Remote
Ordner Gelöscht : C:\Users\Flores\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Flores\AppData\Local\RewardsArcade
Ordner Gelöscht : C:\Users\Flores\AppData\Local\Temp\CT2504091
Ordner Gelöscht : C:\Users\Flores\AppData\LocalLow\adawaretb
Ordner Gelöscht : C:\Users\Flores\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Flores\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Flores\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Flores\AppData\LocalLow\Vuze_Remote
Ordner Gelöscht : C:\Users\Flores\AppData\Roaming\file scout
Ordner Gelöscht : C:\Users\Flores\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Flores\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Flores\AppData\Roaming\Mozilla\Firefox\Profiles\tmhqzx0t.default\adawaretb
Ordner Gelöscht : C:\Users\Flores\AppData\Roaming\Mozilla\Firefox\Profiles\tmhqzx0t.default\ConduitCommon
Ordner Gelöscht : C:\Users\Flores\AppData\Roaming\Mozilla\Firefox\Profiles\tmhqzx0t.default\CT2504091
Ordner Gelöscht : C:\Users\Flores\AppData\Roaming\Mozilla\Firefox\Profiles\tmhqzx0t.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Datei Gelöscht : C:\Windows\System32\roboot64.exe
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RewardsArcade.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RewardsArcade.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RewardsArcade.FBApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RewardsArcade.FBApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RewardsArcade.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RewardsArcade.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Wert Gelöscht : HKLM\SOFTWARE\mozilla\Firefox\Extensions [crossriderapp498@crossrider.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_fish-tycoon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_fish-tycoon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_internet-explorer-7_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_internet-explorer-7_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tunebite_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tunebite_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25514C64-8321-494E-BD3E-3DBAB3F8CEBA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{597A9974-8CB0-4F41-B61F-ED065738A397}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{380C3A68-D152-46EF-AD18-AECDF9AE1D76}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4F41-B61F-ED065738A397}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{380C3A68-D152-46EF-AD18-AECDF9AE1D76}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{982A0059-3086-4845-8F83-C43A5727970B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C05C6A2-0039-4306-B7F0-4554A3901F70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD99D3A7-C38F-4FFA-A768-54BDD2FAFC86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DeviceVM
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\RewardsArcade
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Vuze_Remote
Schlüssel Gelöscht : HKLM\Software\adawaretb
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\Software\Vuze_Remote
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\RewardsArcade
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99AD9D6D-A456-49EE-8360-F22EE7AA1272}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D793423B-FF18-4A54-B9C9-75B3396BAAC4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16476
-\\ Mozilla Firefox v23.0.1 (de)
[ Datei : C:\Users\Flores\AppData\Roaming\Mozilla\Firefox\Profiles\tmhqzx0t.default\prefs.js ]
Zeile gelöscht : user_pref("CT2504091..clientLogIsEnabled", true);
Zeile gelöscht : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2504091.CurrentServerDate", "26-9-2011");
Zeile gelöscht : user_pref("CT2504091.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2504091.DialogsGetterLastCheckTime", "Mon Sep 26 2011 20:21:20 GMT+0200");
Zeile gelöscht : user_pref("CT2504091.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2504091.EMailNotifierPollDate", "Mon Sep 26 2011 20:21:18 GMT+0200");
Zeile gelöscht : user_pref("CT2504091.FeedLastCount129079840422964131", 10);
Zeile gelöscht : user_pref("CT2504091.FeedPollDate128891351169457140", "Mon Sep 26 2011 20:21:18 GMT+0200");
Zeile gelöscht : user_pref("CT2504091.FeedPollDate129079840422964131", "Mon Sep 26 2011 20:21:18 GMT+0200");
Zeile gelöscht : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Zeile gelöscht : user_pref("CT2504091.FirstServerDate", "15-7-2011");
Zeile gelöscht : user_pref("CT2504091.FirstTime", true);
Zeile gelöscht : user_pref("CT2504091.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2504091.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2504091.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("CT2504091.HomePageProtectorEnabled", false);
Zeile gelöscht : user_pref("CT2504091.Initialize", true);
Zeile gelöscht : user_pref("CT2504091.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
Zeile gelöscht : user_pref("CT2504091.InstallationType", "ConduitIntegration");
Zeile gelöscht : user_pref("CT2504091.InstalledDate", "Fri Jul 15 2011 21:08:35 GMT+0200");
Zeile gelöscht : user_pref("CT2504091.IsAlertDBUpdated", true);
Zeile gelöscht : user_pref("CT2504091.IsGrouping", false);
Zeile gelöscht : user_pref("CT2504091.IsInitSetupIni", true);
Zeile gelöscht : user_pref("CT2504091.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2504091.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("CT2504091.IsOpenUninstallPage", false);
Zeile gelöscht : user_pref("CT2504091.LanguagePackLastCheckTime", "Mon Sep 26 2011 20:21:19 GMT+0200");
Zeile gelöscht : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2504091.LastLogin_3.5.0.12", "Fri Jul 15 2011 21:08:35 GMT+0200");
Zeile gelöscht : user_pref("CT2504091.LastLogin_3.6.0.10", "Mon Sep 26 2011 20:21:19 GMT+0200");
Zeile gelöscht : user_pref("CT2504091.LatestVersion", "3.6.0.10");
Zeile gelöscht : user_pref("CT2504091.Locale", "en-us");
Zeile gelöscht : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
Zeile gelöscht : user_pref("CT2504091.OriginalFirstVersion", "3.5.0.12");
Zeile gelöscht : user_pref("CT2504091.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=");
Zeile gelöscht : user_pref("CT2504091.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Mon Sep 26 2011 20:21:18 GMT+0200");
Zeile gelöscht : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2504091.SearchProtectorEnabled", false);
Zeile gelöscht : user_pref("CT2504091.SearchProtectorToolbarDisabled", false);
Zeile gelöscht : user_pref("CT2504091.ServiceMapLastCheckTime", "Mon Sep 26 2011 20:21:18 GMT+0200");
Zeile gelöscht : user_pref("CT2504091.SettingsLastCheckTime", "Mon Sep 26 2011 20:21:17 GMT+0200");
Zeile gelöscht : user_pref("CT2504091.SettingsLastUpdate", "1315002176");
Zeile gelöscht : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Mon Sep 26 2011 20:21:17 GMT+0200");
Zeile gelöscht : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1312887586");
Zeile gelöscht : user_pref("CT2504091.ToolbarShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
Zeile gelöscht : user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Zeile gelöscht : user_pref("CT2504091.Uninstall", true);
Zeile gelöscht : user_pref("CT2504091.UserID", "UN58710229847329918");
Zeile gelöscht : user_pref("CT2504091.alertChannelId", "897164");
Zeile gelöscht : user_pref("CT2504091.ct2504091.SettingsLastCheckTime", "Fri Jul 15 2011 21:08:35 GMT+0200");
Zeile gelöscht : user_pref("CT2504091.ct2504091.ThirdPartyComponentsLastCheck", "Fri Jul 15 2011 21:08:35 GMT+0200");
Zeile gelöscht : user_pref("CT2504091.ct2504091.globalFirstTimeInfoLastCheckTime", "Fri Jul 15 2011 21:08:36 GMT+0200");
Zeile gelöscht : user_pref("CT2504091.ct2504091.toolbarAppMetaDataLastCheckTime", "Fri Jul 15 2011 21:08:36 GMT+0200");
Zeile gelöscht : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Zeile gelöscht : user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Mon Sep 26 2011 20:21:19 GMT+0200");
Zeile gelöscht : user_pref("CT2504091.homepageProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2504091.initDone", true);
Zeile gelöscht : user_pref("CT2504091.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("CT2504091.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2504091.oldAppsList", "129079840421557838,129079840422026594,111,129079849636241789,129079840422182852,129079840422339107,129079840422964131,1000034,129566938558801595,129593776931068636,[...]
Zeile gelöscht : user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
Zeile gelöscht : user_pref("CT2504091.searchProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2504091.testingCtid", "");
Zeile gelöscht : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Mon Sep 26 2011 20:21:18 GMT+0200");
Zeile gelöscht : user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Mon Sep 26 2011 20:21:18 GMT+0200");
Zeile gelöscht : user_pref("CT2504091.usagesFlag", 2);
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897164/892962/DE", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", "\"1312220255\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "wVmmvqqOMqrv5xct1cJIHg==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "0uSPYx+Kl2jpu8sJZMeHjw==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "Dclc8oo4TTv7+mAkSlUSWg==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "K4Vqu91uAzWURlxJRdXJOg==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"8028f138140cc1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"0ee90707f77cc1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091", "\"634515122457000000\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2504091/CT2504091", "\"1315002176\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"634515953213470000\"");
Zeile gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Flores\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\tmhqzx0t.default\\conduitCommon\\modules\\3.5.0.12");
Zeile gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2504091");
Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "3865b4a7-f25c-4e31-8c25-d53e11635fa2");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jul 15 2011 21:19:14 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jul 15 2011 21:19:22 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jul 15 2011 21:17:38 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userId", "267b96b4-43b9-456c-adb4-62c99c2437e2");
Zeile gelöscht : user_pref("extensions.enabledItems", "linkuryfirefoxremoteplugin@linkury.com:1.0,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6,{BBDA0591-3099-440a-AA10-417[...]
-\\ Google Chrome v
[ Datei : C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [24322 octets] - [24/09/2013 12:08:40]
AdwCleaner[S0].txt - [21947 octets] - [24/09/2013 12:09:17]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22008 octets] ##########
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2013
Ran by Flores (administrator) on WINDOWSPC on 24-09-2013 12:37:12
Running from C:\Users\Flores\Desktop\tools
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Windows\DAODx.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) G:\mausscheisse\SetPoint\SetPoint.exe
() G:\mausscheisse\SetPoint\x86\SetPoint32.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(
ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU\EPU.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Lavasoft Limited) C:\PROGRA~2\AD-AWA~1\AdAware.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Google Inc.) C:\Users\Flores\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Flores\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Flores\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [CmPCIaudio] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Google Update] - C:\Users\Flores\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-03-28] (Google Inc.)
MountPoints2: {38b68dbb-5a20-11e0-be8a-20cf30bf92b8} - G:\AutoRun.exe
MountPoints2: {38b68dcb-5a20-11e0-be8a-20cf30bf92b8} - G:\AutoRun.exe
MountPoints2: {38b68dd7-5a20-11e0-be8a-20cf30bf92b8} - K:\AutoRun.exe
MountPoints2: {410efac2-5b65-11e0-9a71-001e101f859f} - G:\AutoRun.exe
MountPoints2: {a0eb7129-e7b5-11e0-89c1-20cf30bf92b8} - J:\INSTALL.EXE
MountPoints2: {b0b35a42-42c1-11e0-8da2-806e6f6e6963} - F:\.\Bin\ASSETUP.exe
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Six Engine] - C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-03-16] (
ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4241512 2012-03-07] (AVAST Software)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] - G:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBDBC55C997D6CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6EB971CA-7AD8-4912-A40A-C1024A2CC0A9} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{6278C29C-68B5-4D63-87E1-9ACD421D1145}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{C4239820-7EAD-455C-9D27-20A1B40F53E3}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{C58C5C8D-1B8E-4548-8705-F5043E83C0AA}: [NameServer]193.189.244.225 193.189.244.206
FireFox:
========
FF ProfilePath: C:\Users\Flores\AppData\Roaming\Mozilla\Firefox\Profiles\tmhqzx0t.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Flores\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Flores\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Flores\AppData\Roaming\Mozilla\Firefox\Profiles\tmhqzx0t.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Flores\AppData\Roaming\Mozilla\Firefox\Profiles\tmhqzx0t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=___userid___
CHR RestoreOnStartup: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=___userid___"
CHR DefaultSearchURL: (SecureSearch) - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
CHR DefaultSuggestURL: (SecureSearch) - "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Flores\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (Google Docs) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Google Search) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (avast! WebRep) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Lavasoft NewTab) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12_0
CHR Extension: (Gmail) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - C:\Users\Flores\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx
==================== Services (Whitelisted) =================
R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [109056 2010-06-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768 2012-03-07] (AVAST Software)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [x]
S3 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [x]
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [69976 2012-03-07] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-07] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-07] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-07] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-07] (AVAST Software)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2012-03-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-29] (Avira Operations GmbH & Co. KG)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1154560 2009-05-19] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-09-25] (DT Soft Ltd)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2010-05-11] (Huawei Technologies Co., Ltd.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-24] (GFI Software)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-05-11] (Huawei Technologies Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2012-03-04] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-24 12:21 - 2013-09-24 12:21 - 00286160 _____ C:\Windows\Minidump\092413-64568-01.dmp
2013-09-24 12:18 - 2013-09-24 12:18 - 00000000 ____D C:\Windows\ERUNT
2013-09-24 12:07 - 2013-09-24 12:09 - 00000000 ____D C:\AdwCleaner
2013-09-24 10:49 - 2013-09-24 10:49 - 00000000 ____D C:\FRST
2013-09-24 10:42 - 2013-09-24 12:37 - 00000000 ____D C:\Users\Flores\Desktop\tools
2013-09-24 10:42 - 2013-09-24 10:42 - 00000000 _____ C:\Users\Flores\defogger_reenable
2013-09-24 09:59 - 2013-09-24 09:59 - 00004326 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-09-24 09:59 - 2013-09-24 09:59 - 00000000 ____D C:\Users\Flores\AppData\Roaming\LavasoftStatistics
2013-09-24 09:59 - 2013-09-24 09:59 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-09-24 09:47 - 2013-09-24 12:32 - 00001868 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-09-24 09:47 - 2013-09-24 09:59 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-09-24 09:47 - 2013-09-24 09:47 - 00000000 ____D C:\ProgramData\Lavasoft
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-09-24 09:44 - 2013-09-24 10:54 - 00000000 ____D C:\Users\Flores\AppData\Roaming\Ad-Aware Antivirus
2013-09-24 09:44 - 2013-09-24 09:44 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-09-24 09:44 - 2013-09-24 09:44 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-09-24 09:43 - 2013-09-24 09:43 - 05616264 _____ (Lavasoft Limited) C:\Users\Flores\Desktop\Adaware_Installer.exe
2013-09-23 21:29 - 2013-09-23 21:29 - 00000053 _____ C:\Users\Flores\Desktop\google81f6ebbb071c6405.html
2013-09-23 19:18 - 2013-09-23 19:18 - 00537652 _____ C:\Users\Flores\.recently-used.xbel
2013-09-22 23:48 - 2013-09-22 23:48 - 01799927 _____ C:\Users\Flores\Desktop\vanessa.zip
2013-09-22 10:06 - 2013-09-22 10:06 - 00291296 _____ C:\Windows\Minidump\092213-69420-01.dmp
2013-09-21 15:27 - 2013-09-21 15:27 - 98547399 _____ C:\Windows\SysWOW64\醔쟫브“
2013-09-09 22:23 - 2013-09-09 22:23 - 00010514 _____ C:\Users\Flores\Desktop\want you back.ods
2013-09-05 13:22 - 2013-07-08 02:15 - 00000000 ____D C:\Users\Flores\Desktop\015_Evelin
2013-09-05 11:36 - 2013-09-05 11:58 - 177107930 _____ C:\Users\Flores\Desktop\015_Evelin.zip
2013-09-05 11:11 - 2013-09-05 11:25 - 00000000 ____D C:\Users\Flores\Desktop\Fetisch
2013-09-04 23:39 - 2013-09-04 23:41 - 00000000 ____D C:\Windows\system32\MRT
2013-09-04 23:37 - 2013-09-04 23:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-04 23:37 - 2013-09-04 23:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-04 19:54 - 2013-09-04 19:54 - 00000057 _____ C:\ProgramData\Ament.ini
2013-09-03 19:36 - 2013-09-03 21:05 - 00019626 _____ C:\Users\Flores\Desktop\mail to do sept.ods
2013-09-02 16:44 - 2013-09-17 11:30 - 00017713 _____ C:\Users\Flores\Desktop\abrechnung august.ods
2013-08-25 09:57 - 2013-08-25 11:59 - 00018561 _____ C:\Users\Flores\Desktop\mail to do sinti.ods
==================== One Month Modified Files and Folders =======
2013-09-24 12:37 - 2013-09-24 10:42 - 00000000 ____D C:\Users\Flores\Desktop\tools
2013-09-24 12:33 - 2012-07-25 18:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-24 12:32 - 2013-09-24 09:47 - 00001868 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-09-24 12:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-24 12:30 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-24 12:30 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-24 12:25 - 2011-03-04 19:29 - 00000000 ____D C:\Users\Flores\AppData\Roaming\Skype
2013-09-24 12:21 - 2013-09-24 12:21 - 00286160 _____ C:\Windows\Minidump\092413-64568-01.dmp
2013-09-24 12:21 - 2011-03-30 19:04 - 00000000 ____D C:\Windows\Minidump
2013-09-24 12:21 - 2011-02-27 17:51 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-24 12:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-24 12:21 - 2009-07-14 06:51 - 00797136 _____ C:\Windows\setupact.log
2013-09-24 12:18 - 2013-09-24 12:18 - 00000000 ____D C:\Windows\ERUNT
2013-09-24 12:18 - 2011-02-28 00:37 - 01576546 _____ C:\Windows\WindowsUpdate.log
2013-09-24 12:15 - 2013-03-28 14:26 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2760105893-1207353389-577432222-1000UA.job
2013-09-24 12:09 - 2013-09-24 12:07 - 00000000 ____D C:\AdwCleaner
2013-09-24 12:09 - 2011-02-27 18:09 - 00000177 ____H C:\dvmexp.idx
2013-09-24 10:54 - 2013-09-24 09:44 - 00000000 ____D C:\Users\Flores\AppData\Roaming\Ad-Aware Antivirus
2013-09-24 10:49 - 2013-09-24 10:49 - 00000000 ____D C:\FRST
2013-09-24 10:42 - 2013-09-24 10:42 - 00000000 _____ C:\Users\Flores\defogger_reenable
2013-09-24 10:42 - 2011-02-27 17:41 - 00000000 ____D C:\Users\Flores
2013-09-24 10:33 - 2011-02-27 20:43 - 00000000 ____D C:\Users\Flores\.gimp-2.6
2013-09-24 09:59 - 2013-09-24 09:59 - 00004326 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-09-24 09:59 - 2013-09-24 09:59 - 00000000 ____D C:\Users\Flores\AppData\Roaming\LavasoftStatistics
2013-09-24 09:59 - 2013-09-24 09:59 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-09-24 09:59 - 2013-09-24 09:47 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-09-24 09:47 - 2013-09-24 09:47 - 00000000 ____D C:\ProgramData\Lavasoft
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-09-24 09:44 - 2013-09-24 09:44 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-09-24 09:44 - 2013-09-24 09:44 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-09-24 09:43 - 2013-09-24 09:43 - 05616264 _____ (Lavasoft Limited) C:\Users\Flores\Desktop\Adaware_Installer.exe
2013-09-23 21:31 - 2013-07-16 16:23 - 00000000 ____D C:\Users\Flores\Desktop\zzz
2013-09-23 21:29 - 2013-09-23 21:29 - 00000053 _____ C:\Users\Flores\Desktop\google81f6ebbb071c6405.html
2013-09-23 19:18 - 2013-09-23 19:18 - 00537652 _____ C:\Users\Flores\.recently-used.xbel
2013-09-23 19:18 - 2011-02-27 20:45 - 00000000 ____D C:\Users\Flores\AppData\Roaming\gtk-2.0
2013-09-23 19:15 - 2013-03-28 14:26 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2760105893-1207353389-577432222-1000Core.job
2013-09-22 23:48 - 2013-09-22 23:48 - 01799927 _____ C:\Users\Flores\Desktop\vanessa.zip
2013-09-22 10:06 - 2013-09-22 10:06 - 00291296 _____ C:\Windows\Minidump\092213-69420-01.dmp
2013-09-21 15:33 - 2012-07-25 18:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-21 15:33 - 2012-07-25 18:30 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-21 15:33 - 2011-05-17 09:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-21 15:27 - 2013-09-21 15:27 - 98547399 _____ C:\Windows\SysWOW64\醔쟫브“
2013-09-17 11:30 - 2013-09-02 16:44 - 00017713 _____ C:\Users\Flores\Desktop\abrechnung august.ods
2013-09-15 19:56 - 2012-10-04 22:29 - 00000000 ____D C:\Users\Flores\Desktop\abrechnungen
2013-09-09 22:23 - 2013-09-09 22:23 - 00010514 _____ C:\Users\Flores\Desktop\want you back.ods
2013-09-08 15:04 - 2011-02-28 00:21 - 00000000 ____D C:\Users\Flores\Desktop\chatarbeit
2013-09-05 11:58 - 2013-09-05 11:36 - 177107930 _____ C:\Users\Flores\Desktop\015_Evelin.zip
2013-09-05 11:25 - 2013-09-05 11:11 - 00000000 ____D C:\Users\Flores\Desktop\Fetisch
2013-09-05 10:04 - 2011-02-27 21:17 - 06577148 _____ C:\Windows\PFRO.log
2013-09-04 23:41 - 2013-09-04 23:39 - 00000000 ____D C:\Windows\system32\MRT
2013-09-04 23:41 - 2011-02-27 20:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-04 23:39 - 2011-03-20 22:49 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-04 23:37 - 2013-09-04 23:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-04 23:37 - 2013-09-04 23:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-04 19:58 - 2011-02-27 20:07 - 00000000 ____D C:\ProgramData\HP
2013-09-04 19:54 - 2013-09-04 19:54 - 00000057 _____ C:\ProgramData\Ament.ini
2013-09-04 15:18 - 2013-05-07 14:44 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-04 15:18 - 2013-03-29 00:24 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-04 15:18 - 2013-03-29 00:24 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-03 21:05 - 2013-09-03 19:36 - 00019626 _____ C:\Users\Flores\Desktop\mail to do sept.ods
2013-09-02 11:36 - 2012-02-23 18:45 - 00000000 ____D C:\Users\Flores\AppData\Roaming\HpUpdate
2013-08-30 00:15 - 2011-08-14 21:17 - 00000000 ____D C:\Users\Flores\Desktop\fotosprivat
2013-08-25 11:59 - 2013-08-25 09:57 - 00018561 _____ C:\Users\Flores\Desktop\mail to do sinti.ods
Files to move or delete:
====================
C:\ProgramData\0tbpw.pad
Some content of TEMP:
====================
C:\Users\Flores\AppData\Local\Temp\724f194c-de08-40e2-a117-7ed33aa47352.exe
C:\Users\Flores\AppData\Local\Temp\7cba4d50-919d-4164-a0cf-25af4d2b6993.exe
C:\Users\Flores\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-21 11:31
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- |
|
24.09.2013, 11:56
| #4 | |
| /// Malwareteam | Windows 7 64bit - Win32.downloader.gen (C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll) durch Spybot gefunden 1. Etwas zum lesen: Lesestoff:Warum wir Avira nicht mehr empfehlen Avira liefert seit einiger Zeit mit der Standardinstallation die Ask Toolbar mit aus. Diese Toolbar ist Voraussetzung dafür, dass der Webguard zuverlässig funktioniert. Die Ask Toolbar ist dafür bekannt, dass sie das Surfverhalten des Benutzers ausspioniert, um damit in letzter Konsequenz Geld zu verdienen. Daher wird von uns auf diesem Board als "schädlich" eingestuft. Mehr Informationen. Eine Sicherheitsfirma, die dem Benutzer praktisch ungefragt schädliche Software "unterjubelt", scheidet für uns daher aus. Wir empfehlen daher allen Nutzern von Avira aufgrund dieser Geschäftspraktik, der teilweise äußerst schlechten Erkennungsrate und der überaus nervtötenden Werbung Avira zu deinstallieren und auf ein alternatives Produkt auszuweichen. Solltest du dich zu einem Wechsel entscheiden, empfehlen wir dir nach der Deinstallation mit dem Avira-Cleaner alle Reste zu entfernen. Mehrere Anti-Virus-Programme Code:
ATTFilter avast!
Avira
McAfee Security Scan
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast. Zitat:
Deinstalliere folgende Programme: Code:
ATTFilter avira free antivirus
Spybot - Search & Destroy (veraltet)
poste bitte ein neues FRST Logfile und eine neue Adittions.txt; setze dazu nach dem Start von FRST bei addittions.txt den haken und drücke SCAN Schritt 4: Tritt das Problem mit Conduit noch auf? Verhällt sich der Rechner anderweitig auffällig? |
|
24.09.2013, 16:54
| #5 |
| | Windows 7 64bit - Win32.downloader.gen (C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll) durch Spybot gefunden So, erst einmal muss ich mich für den super Support bedanken! Ich habe mich für avast! entschieden und alles andere deinstalliert. Das Problem mit Conduit tritt nicht mehr auf, auch ansonsten bemerke ich keine Probleme. Falls es jetzt alles gut sein sollte, super! Vielleicht hast du ja auch noch den ein oder anderen Rat wie ich meinen PC noch besser schützen könnte, ich würde mich von mir aus erstmal an euren Leitfaden http://www.trojaner-board.de/96344-a...-rechners.html halten. Nochmals vielen vielen Dank für die kompetente Hilfe. LG Mari PS: Hier noch die Logs vom FSRT: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2013
Ran by Flores (administrator) on WINDOWSPC on 24-09-2013 17:44:39
Running from C:\Users\Flores\Desktop\tools
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Windows\DAODx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Users\Flores\AppData\Local\Google\Chrome\Application\chrome.exe
(Logitech, Inc.) G:\mausscheisse\SetPoint\SetPoint.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(
ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU\EPU.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() G:\mausscheisse\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Google Inc.) C:\Users\Flores\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Google Inc.) C:\Users\Flores\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Flores\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [CmPCIaudio] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Google Update] - C:\Users\Flores\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-03-28] (Google Inc.)
HKCU\...\Runonce: [adawarebp] - reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
HKCU\...\Runonce: [adawarebp_XP] - reg.exe delete "HKCU\Software\adawarebp" /f
HKCU\...\Runonce: [adawarebp_DATA_FOLDER] - cmd.exe /c rmdir "C:\ProgramData\Ad-Aware Browsing Protection" /s /q
HKCU\...\Runonce: [adawarebp_INSTALL_FOLDER] - cmd.exe /c rmdir "C:\Users\Flores\AppData\Local\adawarebp" /s /q
MountPoints2: {38b68dbb-5a20-11e0-be8a-20cf30bf92b8} - G:\AutoRun.exe
MountPoints2: {38b68dcb-5a20-11e0-be8a-20cf30bf92b8} - G:\AutoRun.exe
MountPoints2: {38b68dd7-5a20-11e0-be8a-20cf30bf92b8} - K:\AutoRun.exe
MountPoints2: {410efac2-5b65-11e0-9a71-001e101f859f} - G:\AutoRun.exe
MountPoints2: {a0eb7129-e7b5-11e0-89c1-20cf30bf92b8} - J:\INSTALL.EXE
MountPoints2: {b0b35a42-42c1-11e0-8da2-806e6f6e6963} - F:\.\Bin\ASSETUP.exe
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Six Engine] - C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-03-16] (
ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4241512 2012-03-07] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] - G:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBDBC55C997D6CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6EB971CA-7AD8-4912-A40A-C1024A2CC0A9} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{6278C29C-68B5-4D63-87E1-9ACD421D1145}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{C4239820-7EAD-455C-9D27-20A1B40F53E3}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{C58C5C8D-1B8E-4548-8705-F5043E83C0AA}: [NameServer]193.189.244.225 193.189.244.206
FireFox:
========
FF ProfilePath: C:\Users\Flores\AppData\Roaming\Mozilla\Firefox\Profiles\tmhqzx0t.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Flores\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Flores\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Flores\AppData\Roaming\Mozilla\Firefox\Profiles\tmhqzx0t.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Flores\AppData\Roaming\Mozilla\Firefox\Profiles\tmhqzx0t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=___userid___
CHR RestoreOnStartup: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=___userid___"
CHR DefaultSearchURL: (SecureSearch) - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
CHR DefaultSuggestURL: (SecureSearch) - "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Flores\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (Google Docs) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Google Search) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (avast! WebRep) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Lavasoft NewTab) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12_0
CHR Extension: (Gmail) - C:\Users\Flores\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - C:\Users\Flores\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx
==================== Services (Whitelisted) =================
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [109056 2010-06-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768 2012-03-07] (AVAST Software)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [x]
S3 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [x]
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [69976 2012-03-07] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-07] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-07] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-07] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-07] (AVAST Software)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2012-03-04] ()
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1154560 2009-05-19] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-09-25] (DT Soft Ltd)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2010-05-11] (Huawei Technologies Co., Ltd.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-24] (GFI Software)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-05-11] (Huawei Technologies Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2012-03-04] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-24 17:32 - 2013-09-24 17:32 - 00000000 ____D C:\Users\Flores\AppData\Local\adawarebp
2013-09-24 13:38 - 2013-09-24 13:38 - 00500593 _____ C:\Users\Flores\.recently-used.xbel
2013-09-24 12:21 - 2013-09-24 12:21 - 00286160 _____ C:\Windows\Minidump\092413-64568-01.dmp
2013-09-24 12:18 - 2013-09-24 12:18 - 00000000 ____D C:\Windows\ERUNT
2013-09-24 12:07 - 2013-09-24 12:09 - 00000000 ____D C:\AdwCleaner
2013-09-24 10:49 - 2013-09-24 10:49 - 00000000 ____D C:\FRST
2013-09-24 10:42 - 2013-09-24 17:44 - 00000000 ____D C:\Users\Flores\Desktop\tools
2013-09-24 10:42 - 2013-09-24 10:42 - 00000000 _____ C:\Users\Flores\defogger_reenable
2013-09-24 09:59 - 2013-09-24 09:59 - 00000000 ____D C:\Users\Flores\AppData\Roaming\LavasoftStatistics
2013-09-24 09:47 - 2013-09-24 17:32 - 00001868 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-09-24 09:44 - 2013-09-24 09:44 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-09-24 09:43 - 2013-09-24 09:43 - 05616264 _____ (Lavasoft Limited) C:\Users\Flores\Desktop\Adaware_Installer.exe
2013-09-23 21:29 - 2013-09-23 21:29 - 00000053 _____ C:\Users\Flores\Desktop\google81f6ebbb071c6405.html
2013-09-22 23:48 - 2013-09-22 23:48 - 01799927 _____ C:\Users\Flores\Desktop\vanessa.zip
2013-09-22 10:06 - 2013-09-22 10:06 - 00291296 _____ C:\Windows\Minidump\092213-69420-01.dmp
2013-09-21 15:27 - 2013-09-21 15:27 - 98547399 _____ C:\Windows\SysWOW64\醔쟫브“
2013-09-09 22:23 - 2013-09-09 22:23 - 00010514 _____ C:\Users\Flores\Desktop\want you back.ods
2013-09-05 13:22 - 2013-07-08 02:15 - 00000000 ____D C:\Users\Flores\Desktop\015_Evelin
2013-09-05 11:36 - 2013-09-05 11:58 - 177107930 _____ C:\Users\Flores\Desktop\015_Evelin.zip
2013-09-05 11:11 - 2013-09-05 11:25 - 00000000 ____D C:\Users\Flores\Desktop\Fetisch
2013-09-04 23:39 - 2013-09-04 23:41 - 00000000 ____D C:\Windows\system32\MRT
2013-09-04 23:37 - 2013-09-04 23:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-04 23:37 - 2013-09-04 23:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-04 19:54 - 2013-09-04 19:54 - 00000057 _____ C:\ProgramData\Ament.ini
2013-09-03 19:36 - 2013-09-03 21:05 - 00019626 _____ C:\Users\Flores\Desktop\mail to do sept.ods
2013-09-02 16:44 - 2013-09-17 11:30 - 00017713 _____ C:\Users\Flores\Desktop\abrechnung august.ods
2013-08-25 09:57 - 2013-08-25 11:59 - 00018561 _____ C:\Users\Flores\Desktop\mail to do sinti.ods
==================== One Month Modified Files and Folders =======
2013-09-24 17:44 - 2013-09-24 10:42 - 00000000 ____D C:\Users\Flores\Desktop\tools
2013-09-24 17:39 - 2011-02-28 00:37 - 01603356 _____ C:\Windows\WindowsUpdate.log
2013-09-24 17:39 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-24 17:39 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-24 17:33 - 2012-07-25 18:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-24 17:33 - 2011-03-04 19:29 - 00000000 ____D C:\Users\Flores\AppData\Roaming\Skype
2013-09-24 17:32 - 2013-09-24 17:32 - 00000000 ____D C:\Users\Flores\AppData\Local\adawarebp
2013-09-24 17:32 - 2013-09-24 09:47 - 00001868 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-09-24 17:30 - 2011-02-27 21:17 - 06577958 _____ C:\Windows\PFRO.log
2013-09-24 17:30 - 2011-02-27 17:51 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-24 17:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-24 17:30 - 2009-07-14 06:51 - 00797528 _____ C:\Windows\setupact.log
2013-09-24 17:15 - 2013-03-28 14:26 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2760105893-1207353389-577432222-1000UA.job
2013-09-24 13:38 - 2013-09-24 13:38 - 00500593 _____ C:\Users\Flores\.recently-used.xbel
2013-09-24 13:38 - 2011-02-27 20:45 - 00000000 ____D C:\Users\Flores\AppData\Roaming\gtk-2.0
2013-09-24 13:38 - 2011-02-27 20:43 - 00000000 ____D C:\Users\Flores\.gimp-2.6
2013-09-24 13:38 - 2011-02-27 17:41 - 00000000 ____D C:\Users\Flores
2013-09-24 12:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-24 12:21 - 2013-09-24 12:21 - 00286160 _____ C:\Windows\Minidump\092413-64568-01.dmp
2013-09-24 12:21 - 2011-03-30 19:04 - 00000000 ____D C:\Windows\Minidump
2013-09-24 12:18 - 2013-09-24 12:18 - 00000000 ____D C:\Windows\ERUNT
2013-09-24 12:09 - 2013-09-24 12:07 - 00000000 ____D C:\AdwCleaner
2013-09-24 12:09 - 2011-02-27 18:09 - 00000177 ____H C:\dvmexp.idx
2013-09-24 10:49 - 2013-09-24 10:49 - 00000000 ____D C:\FRST
2013-09-24 10:42 - 2013-09-24 10:42 - 00000000 _____ C:\Users\Flores\defogger_reenable
2013-09-24 09:59 - 2013-09-24 09:59 - 00000000 ____D C:\Users\Flores\AppData\Roaming\LavasoftStatistics
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-09-24 09:46 - 2013-09-24 09:46 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-09-24 09:44 - 2013-09-24 09:44 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-09-24 09:43 - 2013-09-24 09:43 - 05616264 _____ (Lavasoft Limited) C:\Users\Flores\Desktop\Adaware_Installer.exe
2013-09-23 21:31 - 2013-07-16 16:23 - 00000000 ____D C:\Users\Flores\Desktop\zzz
2013-09-23 21:29 - 2013-09-23 21:29 - 00000053 _____ C:\Users\Flores\Desktop\google81f6ebbb071c6405.html
2013-09-23 19:15 - 2013-03-28 14:26 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2760105893-1207353389-577432222-1000Core.job
2013-09-22 23:48 - 2013-09-22 23:48 - 01799927 _____ C:\Users\Flores\Desktop\vanessa.zip
2013-09-22 10:06 - 2013-09-22 10:06 - 00291296 _____ C:\Windows\Minidump\092213-69420-01.dmp
2013-09-21 15:33 - 2012-07-25 18:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-21 15:33 - 2012-07-25 18:30 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-21 15:33 - 2011-05-17 09:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-21 15:27 - 2013-09-21 15:27 - 98547399 _____ C:\Windows\SysWOW64\醔쟫브“
2013-09-17 11:30 - 2013-09-02 16:44 - 00017713 _____ C:\Users\Flores\Desktop\abrechnung august.ods
2013-09-15 19:56 - 2012-10-04 22:29 - 00000000 ____D C:\Users\Flores\Desktop\abrechnungen
2013-09-09 22:23 - 2013-09-09 22:23 - 00010514 _____ C:\Users\Flores\Desktop\want you back.ods
2013-09-08 15:04 - 2011-02-28 00:21 - 00000000 ____D C:\Users\Flores\Desktop\chatarbeit
2013-09-05 11:58 - 2013-09-05 11:36 - 177107930 _____ C:\Users\Flores\Desktop\015_Evelin.zip
2013-09-05 11:25 - 2013-09-05 11:11 - 00000000 ____D C:\Users\Flores\Desktop\Fetisch
2013-09-04 23:41 - 2013-09-04 23:39 - 00000000 ____D C:\Windows\system32\MRT
2013-09-04 23:41 - 2011-02-27 20:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-04 23:39 - 2011-03-20 22:49 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-04 23:37 - 2013-09-04 23:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-04 23:37 - 2013-09-04 23:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-04 19:58 - 2011-02-27 20:07 - 00000000 ____D C:\ProgramData\HP
2013-09-04 19:54 - 2013-09-04 19:54 - 00000057 _____ C:\ProgramData\Ament.ini
2013-09-03 21:05 - 2013-09-03 19:36 - 00019626 _____ C:\Users\Flores\Desktop\mail to do sept.ods
2013-09-02 11:36 - 2012-02-23 18:45 - 00000000 ____D C:\Users\Flores\AppData\Roaming\HpUpdate
2013-08-30 00:15 - 2011-08-14 21:17 - 00000000 ____D C:\Users\Flores\Desktop\fotosprivat
2013-08-25 11:59 - 2013-08-25 09:57 - 00018561 _____ C:\Users\Flores\Desktop\mail to do sinti.ods
Files to move or delete:
====================
C:\ProgramData\0tbpw.pad
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-21 11:31
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2013
Ran by Flores at 2013-09-24 17:45:32
Running from C:\Users\Flores\Desktop\tools
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Out of date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Out of date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (x32)
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.20 (x32)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader XI (11.0.02) - Deutsch (x32 Version: 11.0.02)
AI Suite (x32 Version: 1.06.20)
AllDup 3.4.12 (x32 Version: 3.4.12)
AMD OverDrive (x32 Version: 3.2.2.0452)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
ASUSUpdate (x32 Version: 7.18.03)
Audials (x32 Version: 8.0.54300.0)
Audials TV (x32 Version: 1.3.10803.300)
AudibleManager (x32 Version: 2001481840.48.56.6425834)
avast! Free Antivirus (x32 Version: 7.0.1426.0)
BufferChm (x32 Version: 130.0.331.000)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32)
Canon MP Navigator EX 4.0 (x32)
Canon Solution Menu EX (x32)
CanoScan LiDE 110 Scanner Driver
CDDRV_Installer (Version: 4.60)
C-Media PCI Audio Device
D1300 (x32 Version: 130.0.365.000)
D1300_Help (x32 Version: 82.0.233.000)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.41.3.0173)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DeviceDiscovery (x32 Version: 130.0.465.000)
Diablo III (x32 Version: 1.0.7.14633)
ElsterFormular (x32 Version: 14.1.11318)
ElsterFormular-Upgrade (x32 Version: 14.3.11574)
EPU (x32 Version: 1.02.20)
erLT (x32 Version: 1.20.0137)
Flatrate Player (x32)
Free Video Flip and Rotate version 2.0.8.706 (x32 Version: 2.0.8.706)
GIMP 2.6.8
GoldWave v5.58 (x32)
Google Chrome (HKCU Version: 29.0.1547.76)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Deskjet & Photosmart Printer Driver Software 13.0 Rel. A (Version: 13.0)
HP Deskjet 3000 J310 series - Grundlegende Software für das Gerät (Version: 22.0.334.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photo Creations (x32 Version: 1.0.0.3341)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Update (x32 Version: 5.002.005.003)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPPhotoGadget (x32 Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000)
HPPhotosmartEssential (x32 Version: 2.04.0000)
HPSSupply (x32 Version: 130.0.371.000)
ImageMagick 6.8.5-3 Q16 (32-bit) (2013-05-01) (x32 Version: 6.8.5)
ImgBurn (x32 Version: 2.5.6.0)
Java 7 Update 11 (x32 Version: 7.0.110)
Java Auto Updater (x32 Version: 2.1.9.0)
JMicron JMB36X Driver (x32 Version: 1.00.0000)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
KhalInstallWrapper (Version: 2.00.0000)
Lexware buchhalter 2011 (x32 Version: 16.22.00.0155)
Lexware Elster (x32 Version: 9.10.00.0041)
Logitech SetPoint (x32 Version: 4.80)
MarketResearch (x32 Version: 130.0.374.000)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Small Business 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (x32 Version: 14.0.5120.5000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.126.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Mobile Partner (x32 Version: 16.002.03.02.705)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Napster Download Manager (HKCU Version: 1.0.0.105)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.11.1111)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenAL (x32)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Origin (x32 Version: 9.1.10.2728)
PC Probe II (x32 Version: 1.04.86)
PDFCreator (x32 Version: 1.2.0)
Photo Stamp Remover 5.1 (x32 Version: 5.1)
QuickTime (x32 Version: 7.74.80.86)
RCT3 Soaked (x32 Version: 1.00.000)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.21.531.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6037)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0)
RollerCoaster Tycoon 3 (x32 Version: 1.00.000)
SF_CDA_ProductContext (x32 Version: 130.0.365.000)
SF_CDA_Software (x32 Version: 130.0.396.000)
Shop for HP Supplies (Version: 13.0)
SimCity™ (x32 Version: 1.0.0.0)
Skype™ 6.6 (x32 Version: 6.6.106)
SmartWebPrinting (x32 Version: 130.0.457.000)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
Status (x32 Version: 130.0.469.000)
Steam (x32 Version: 1.0.0.0)
Studie zur Verbesserung von HP Deskjet 3000 J310 series Produkten (Version: 22.0.334.0)
System Requirements Lab (x32)
TeamSpeak 3 Client (x32 Version: 3.0.8)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2)
Toolbox (x32 Version: 130.0.648.000)
TrayApp (x32 Version: 130.0.422.000)
Trillian (x32)
TurboV EVO (x32 Version: 1.02.32)
UnloadSupport (x32 Version: 11.0.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Vuze (x32 Version: 4.7)
WebReg (x32 Version: 130.0.132.017)
Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.01 (32-Bit) (x32 Version: 4.01.0)
World of Warcraft (x32 Version: 5.3.0.17128)
==================== Restore Points =========================
24-09-2013 15:35:22 Removed Ad-Aware Antivirus.
==================== Hosts content: ==========================
2009-07-14 04:34 - 2011-09-03 00:42 - 00437269 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {1B712A91-B742-4886-A45A-CE91A8640BB6} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe [2010-07-07] (ASUSTeK Computer Inc.)
Task: {20C39E93-7527-4706-9763-567C1C1DC56B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2760105893-1207353389-577432222-1000UA => C:\Users\Flores\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-28] (Google Inc.)
Task: {3179F163-FE8C-49B2-B857-8216FF2DD4C0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3217E8AC-BEF3-4365-9A23-4D2A22AE2031} - System32\Tasks\HPCustParticipation HP Deskjet 3000 J310 series => C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPCustPartic.exe
Task: {3A981153-E95F-4DED-BE15-DF77B903BD3E} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-18] (Adobe Systems Incorporated)
Task: {55B2203A-F840-46B1-BEC3-190E459EF9DE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5D076674-443F-437E-A3AE-1D7E1D122CB5} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.05\AsLoader.exe [2010-01-13] (ASUSTeK Computer Inc.)
Task: {740C714D-E2D2-4D17-97D8-6B025FE1E6F1} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {9275AFD1-FE64-4A91-A848-01F520537E44} - System32\Tasks\{CA5D7B44-FDA6-4C21-955E-B2FB1E3B8EFD} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.114.259/en/abandoninstall?page=tsPlugin&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;userlevelpresent
Task: {96363FD6-BE88-4A6A-A1C8-8D754A5AD4C9} - System32\Tasks\{30D933E0-2F8C-4FA5-B965-113B2F0D709E} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {9D6674EC-2C20-4245-9408-554E763BD0BC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-21] (Adobe Systems Incorporated)
Task: {A18576BC-DE5B-4B67-92A0-2E0A782C14AD} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {A658B115-7F1D-4262-8D90-E6DCFD7E7221} - System32\Tasks\Google Updater and Installer => C:\Users\Flores\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-28] (Google Inc.)
Task: {B388D6FC-6BAB-469C-91B3-A7A1BC12B3CB} - System32\Tasks\{5F4609D4-FE2F-4FEB-94FB-AB13871FBB24} => F:\Autorun.exe
Task: {C1C47A0A-D86E-4B44-B7D4-3CAC6117083D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2760105893-1207353389-577432222-1000Core => C:\Users\Flores\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-28] (Google Inc.)
Task: {C4874D9D-0CDE-4EF9-8ED6-167ACF72E524} - System32\Tasks\{A21C703B-B1FE-4BE9-AFA5-24644F86F2AA} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?source=lightinstaller&page=tsProgressBar
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2760105893-1207353389-577432222-1000Core.job => C:\Users\Flores\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2760105893-1207353389-577432222-1000UA.job => C:\Users\Flores\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-01-18 20:36 - 2009-07-20 13:37 - 00056848 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\lgscroll.dll
2012-01-18 20:36 - 2009-07-20 13:33 - 00055824 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\GameHook.dll
2011-02-27 17:49 - 2013-02-26 00:32 - 15053264 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2012-01-18 20:36 - 2009-07-20 13:35 - 00096272 _____ (Logitech, Inc.) C:\Windows\system32\KemXML.dll
2012-01-18 20:36 - 2009-07-20 13:34 - 00235536 _____ (Logitech, Inc.) C:\Windows\system32\kemutb.dll
2012-01-18 20:36 - 2009-07-20 13:34 - 00235536 _____ (Logitech, Inc.) C:\Windows\system32\KemUtil.dll
2012-01-18 20:36 - 2009-07-20 13:34 - 00159248 _____ (Logitech, Inc.) C:\Windows\system32\KemWnd.dll
2012-01-18 20:36 - 2009-07-20 13:39 - 00039952 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\SetPointCOM.dll
2012-01-18 20:36 - 2009-07-20 13:35 - 00018960 _____ () G:\mausscheisse\SetPoint\khalwrapper.dll
2012-01-18 20:36 - 2009-07-20 13:40 - 01596944 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\Macros\MacroCore.dll
2012-01-18 20:36 - 2009-07-20 13:33 - 00019472 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\IMHook.dll
2012-01-18 20:36 - 2009-07-20 13:39 - 00363536 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\WebBrowserSupport.dll
2012-01-18 20:36 - 2009-07-20 13:40 - 00207888 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\Macros\MacroAppSwitch.dll
2012-01-18 20:36 - 2009-07-20 13:35 - 00104464 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\kgame.dll
2012-01-18 20:36 - 2009-07-20 13:36 - 00189968 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\LCabHandler.dll
2012-06-11 13:48 - 2011-11-17 07:41 - 01292592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-03-17 10:27 - 2013-01-04 06:51 - 01114112 _____ (Microsoft Corporation) C:\Windows\syswow64\kernel32.dll
2013-03-17 10:27 - 2013-01-04 06:51 - 00274944 _____ (Microsoft Corporation) C:\Windows\syswow64\KERNELBASE.dll
2009-07-14 01:24 - 2009-07-14 03:11 - 00833024 _____ (Microsoft Corporation) C:\Windows\syswow64\USER32.dll
2009-07-14 01:25 - 2009-07-14 03:11 - 00310784 _____ (Microsoft Corporation) C:\Windows\syswow64\GDI32.dll
2009-07-14 01:25 - 2009-07-14 03:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\syswow64\LPK.dll
2013-01-17 01:18 - 2012-11-22 11:33 - 00627712 _____ (Microsoft Corporation) C:\Windows\syswow64\USP10.dll
2012-06-11 13:46 - 2011-12-16 09:59 - 00690688 _____ (Microsoft Corporation) C:\Windows\syswow64\msvcrt.dll
2009-07-14 02:20 - 2009-07-14 03:14 - 00640000 _____ (Microsoft Corporation) C:\Windows\syswow64\ADVAPI32.dll
2009-07-14 01:11 - 2009-07-14 03:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2009-07-14 01:12 - 2009-07-14 03:11 - 00662528 _____ (Microsoft Corporation) C:\Windows\syswow64\RPCRT4.dll
2012-10-20 15:27 - 2012-06-02 06:42 - 00096768 _____ (Microsoft Corporation) C:\Windows\syswow64\SspiCli.dll
2009-07-14 01:12 - 2009-07-14 03:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\syswow64\CRYPTBASE.dll
2012-10-20 15:33 - 2012-06-09 06:46 - 12868608 _____ (Microsoft Corporation) C:\Windows\syswow64\SHELL32.dll
2009-07-14 01:39 - 2009-07-14 03:16 - 00350208 _____ (Microsoft Corporation) C:\Windows\syswow64\SHLWAPI.dll
2011-02-28 09:46 - 2010-06-29 07:02 - 01413632 _____ (Microsoft Corporation) C:\Windows\syswow64\OLE32.DLL
2011-12-23 00:22 - 2011-08-27 06:43 - 00571904 _____ (Microsoft Corporation) C:\Windows\syswow64\OLEAUT32.DLL
2009-07-14 01:28 - 2009-07-14 03:15 - 00828928 _____ (Microsoft Corporation) C:\Windows\syswow64\MSCTF.dll
2009-07-14 01:16 - 2009-07-14 03:16 - 01668608 _____ (Microsoft Corporation) C:\Windows\syswow64\SETUPAPI.dll
2011-07-14 13:51 - 2011-05-24 12:34 - 00145920 _____ (Microsoft Corporation) C:\Windows\syswow64\CFGMGR32.dll
2011-07-14 13:51 - 2011-05-24 12:34 - 00064512 _____ (Microsoft Corporation) C:\Windows\syswow64\DEVOBJ.dll
2011-02-27 18:06 - 2010-02-08 18:19 - 00053248 _____ () C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll
2011-02-27 18:06 - 2010-06-01 11:38 - 00253952 _____ () C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll
2011-02-28 09:46 - 2010-06-29 07:02 - 01413632 _____ (Microsoft Corporation) C:\Windows\syswow64\ole32.dll
2012-06-11 14:34 - 2012-03-01 07:45 - 00158720 _____ (Microsoft Corporation) C:\Windows\syswow64\imagehlp.dll
2011-12-23 00:22 - 2011-08-27 06:43 - 00571904 _____ (Microsoft Corporation) C:\Windows\syswow64\OLEAUT32.dll
2009-07-14 01:34 - 2009-07-14 03:16 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\USERENV.dll
2009-07-14 01:12 - 2009-07-14 03:16 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profapi.dll
2009-07-14 02:18 - 2009-07-14 03:14 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WINSPOOL.DRV
2009-07-14 01:55 - 2009-07-14 03:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPR.dll
2013-03-17 10:27 - 2013-01-04 06:43 - 00044032 _____ (Microsoft Corporation) C:\Windows\AppPatch\AcWow64.DLL
2009-07-14 01:41 - 2009-07-14 03:16 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VERSION.dll
2011-12-30 17:26 - 2009-05-11 03:57 - 08126464 ____R (C-Media Corporation) C:\Windows\Syswow64\CMICNFG3.dll
2009-07-14 02:03 - 2009-07-14 03:16 - 00194048 _____ (Microsoft Corporation) C:\Windows\Syswow64\WINMM.dll
2009-07-14 01:39 - 2009-07-14 03:15 - 00486912 _____ (Microsoft Corporation) C:\Windows\syswow64\comdlg32.dll
2009-07-14 01:24 - 2009-07-14 03:15 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2012-10-20 15:27 - 2012-08-24 19:10 - 00172544 _____ (Microsoft Corporation) C:\Windows\syswow64\WINTRUST.dll
2012-10-20 15:28 - 2012-06-02 06:45 - 01157632 _____ (Microsoft Corporation) C:\Windows\syswow64\CRYPT32.dll
2011-02-28 09:43 - 2009-08-29 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\syswow64\MSASN1.dll
2009-07-14 02:03 - 2009-07-14 03:15 - 00453632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsound.dll
2009-07-14 01:16 - 2009-07-14 03:16 - 00145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\POWRPROF.dll
2009-07-14 01:44 - 2009-07-14 03:15 - 00522240 _____ (Microsoft Corporation) C:\Windows\syswow64\CLBCatQ.DLL
2009-07-14 02:03 - 2009-07-14 03:14 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOSES.DLL
2012-01-18 20:36 - 2009-07-20 05:00 - 00038912 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\x86\lgscroll.dll
2009-07-14 01:34 - 2009-07-14 03:16 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntmarta.dll
2009-07-14 01:38 - 2009-07-14 03:16 - 00268800 _____ (Microsoft Corporation) C:\Windows\syswow64\WLDAP32.dll
2012-01-18 20:36 - 2009-07-20 05:00 - 00057344 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\x86\GameHook.dll
2013-09-20 09:17 - 2013-09-17 05:20 - 47033808 _____ (Google Inc.) C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\chrome.dll
2009-07-14 01:15 - 2009-07-14 03:16 - 00006144 _____ (Microsoft Corporation) C:\Windows\syswow64\PSAPI.DLL
2013-09-20 09:17 - 2013-09-17 05:20 - 09962960 _____ (The ICU Project) C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\icudt.dll
2009-07-14 01:12 - 2009-07-14 03:16 - 00206336 _____ (Microsoft Corporation) C:\Windows\syswow64\WS2_32.dll
2009-07-14 01:12 - 2009-07-14 03:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\syswow64\NSI.dll
2009-07-14 01:33 - 2009-07-14 03:17 - 00249680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2013-04-12 22:33 - 2013-02-22 05:47 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-12 22:33 - 2013-02-22 05:32 - 01796096 _____ (Microsoft Corporation) C:\Windows\syswow64\iertutil.dll
2009-07-14 02:20 - 2009-07-14 03:14 - 00309248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2009-07-14 02:03 - 2009-07-14 03:15 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2010-04-27 03:33 - 2010-04-27 03:33 - 00096904 _____ (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll
2011-02-27 18:07 - 2009-04-22 21:20 - 00179712 _____ () C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL
2012-10-20 15:27 - 2012-08-24 19:10 - 00172544 _____ (Microsoft Corporation) C:\Windows\syswow64\WINTRUST.DLL
2012-10-20 15:33 - 2012-06-09 06:46 - 12868608 _____ (Microsoft Corporation) C:\Windows\syswow64\SHELL32.DLL
2011-02-27 18:07 - 2010-01-08 18:17 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU\pngio.dll
2011-02-27 18:07 - 2010-01-08 18:17 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
2009-07-14 01:39 - 2009-07-14 03:15 - 00486912 _____ (Microsoft Corporation) C:\Windows\syswow64\COMDLG32.dll
2013-04-12 22:33 - 2013-02-22 05:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\syswow64\WININET.dll
2009-07-14 01:15 - 2009-07-14 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\syswow64\Normaliz.dll
2013-04-12 22:33 - 2013-02-22 05:38 - 01104384 _____ (Microsoft Corporation) C:\Windows\syswow64\urlmon.dll
2012-01-18 20:36 - 2009-07-20 05:00 - 00010752 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\x86\IMHook.dll
2012-01-18 20:36 - 2009-07-20 05:00 - 00013824 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\x86\AdobeHookDll.dll
2012-01-18 20:36 - 2009-07-20 05:00 - 00014336 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\x86\AOLHookDll.dll
2012-01-18 20:36 - 2009-07-20 05:00 - 00069632 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\x86\MessengerHook.dll
2012-01-18 20:36 - 2009-07-20 05:00 - 00012288 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\x86\HookDll.dll
2012-01-18 20:36 - 2009-07-20 05:00 - 00027648 _____ (Logitech, Inc.) G:\mausscheisse\SetPoint\x86\KEMHook.dll
2009-07-14 01:16 - 2009-07-14 03:16 - 01668608 _____ (Microsoft Corporation) C:\Windows\syswow64\setupapi.dll
2013-09-20 09:17 - 2013-09-17 03:23 - 03231688 _____ (Microsoft Corporation) C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\D3DCompiler_46.dll
2013-09-20 09:17 - 2013-09-17 05:20 - 00709584 _____ () C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\libglesv2.dll
2013-09-20 09:17 - 2013-09-17 05:20 - 00099792 _____ () C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\libegl.dll
2013-07-15 23:09 - 2013-07-15 23:09 - 00318864 _____ (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll
2013-09-20 09:17 - 2013-09-17 05:21 - 04053456 _____ () C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
2013-09-20 09:17 - 2013-09-17 05:21 - 00410576 _____ () C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
2013-09-20 09:17 - 2013-09-17 05:20 - 02110928 _____ (Google Inc.) C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\libpeerconnection.dll
2013-09-20 09:17 - 2013-09-17 05:20 - 01604560 _____ () C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
2013-09-20 09:18 - 2013-09-17 05:21 - 13611984 _____ () C:\Users\Flores\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/24/2013 05:41:34 PM) (Source: MsiInstaller) (User: WINDOWSPC)
Description: Product: Ad-Aware Antivirus -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an administrator, or contact your technical support group for assistance.
System errors:
=============
Error: (09/24/2013 05:41:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/24/2013 05:41:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" ist vom Dienst "HTTP" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (09/24/2013 05:41:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuchanbieter-Host" ist vom Dienst "HTTP" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (09/24/2013 05:41:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "HTTP" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (09/24/2013 05:41:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "HTTP" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (09/24/2013 05:34:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "HTTP" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (09/24/2013 05:33:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (09/24/2013 05:33:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (09/24/2013 05:31:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/24/2013 05:31:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" ist vom Dienst "HTTP" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Microsoft Office Sessions:
=========================
Error: (11/02/2011 10:56:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 111 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 12286.18 MB
Available physical RAM: 10047.57 MB
Total Pagefile: 24570.5 MB
Available Pagefile: 22184.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:105.11 GB) (Free:1.33 GB) NTFS
Drive d: () (Fixed) (Total:149 GB) (Free:48.96 GB) NTFS
Drive f: (COSMOPOLITAN) (CDROM) (Total:4.19 GB) (Free:0 GB) UDF
Drive g: (Volume) (Fixed) (Total:781.25 GB) (Free:658.19 GB) NTFS
Drive h: (Volume) (Fixed) (Total:488.28 GB) (Free:350.75 GB) NTFS
Drive i: (Volume) (Fixed) (Total:488.28 GB) (Free:228.11 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C9A48BB1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=105 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=781 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=977 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 149 GB) (Disk ID: AFCBAFCB)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 149 GB) (Disk ID: 0009EA20)
Partition 1: (Not Active) - (Size=93 MB) - (Type=83)
Partition 2: (Not Active) - (Size=977 MB) - (Type=82)
Partition 3: (Not Active) - (Size=55 GB) - (Type=83)
Partition 4: (Not Active) - (Size=93 GB) - (Type=83)
==================== End Of Log ============================
|
|
25.09.2013, 14:16
| #6 |
| /// Malwareteam | Windows 7 64bit - Win32.downloader.gen (C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll) durch Spybot gefunden Hi wir sind noch nicht durch  Absicherung kommt späterSchritt 1: Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 2: ESET Online Scanner
Schritt 3: poste bitte ein neues FRST Logfile
__________________ --> Windows 7 64bit - Win32.downloader.gen (C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll) durch Spybot gefunden |
|
28.09.2013, 12:55
| #7 |
| /// Malwareteam | Windows 7 64bit - Win32.downloader.gen (C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll) durch Spybot gefundenich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos. Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen. |
|
29.09.2013, 20:49
| #8 |
| /// Malwareteam | Windows 7 64bit - Win32.downloader.gen (C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll) durch Spybot gefundenFehlende RückmeldungDieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen |
|
| Themen zu Windows 7 64bit - Win32.downloader.gen (C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll) durch Spybot gefunden |
| .dll, 64bit, anleitung, appdatalow, browser, community, farbar, farbar recovery scan tool, fehlen, fehlercode 1, files, firefox, forum, fund, helfer, heute, hoffe, logfiles, minidump, msiinstaller, newtab, nicht installiert, plug-in, poste, program, safer networking, scan, schnell, spybot, suche, troja, win, windows, windows 7, windowspc, zusammen |
Gruß Aneri 
Linear-Darstellung
