| |
| |||||||
Log-Analyse und Auswertung: Angeblich Zero Access - außerdem PUP.Optional.Iminent.AWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.09.2013, 13:42
| #1 |
 |  Angeblich Zero Access - außerdem PUP.Optional.Iminent.A Die Telekom hat uns mitgeteilt, dass wir uns den Zero Access Trojaner eingefangen hätten. Diverse Antivirenscanner (MBAM, Avast, EU Avira Cleaner) haben in der Richtung nichts gefunden. MBAM hat allerdings die Browser-Erweiterung Iminent gefunden, die ich nicht loswerde. Ich hatte mir die schonmal eingefangen und bin sie mit Eurer Hilfe losgeworden. Vielleicht klappt es ja nochmal. Interessanter wäre allerdings, ob ich tatsächlich einen Trojaner habe. Hier meine Logs: FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by XXXXX (ATTENTION: The logged in user is not administrator) on YYYYY on 28-09-2013 19:17:37
Running from C:\Users\XXXXX\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Runonce: [Del4923313] - cmd.exe /Q /D /c del "C:\Users\ZZZZZ\AppData\Local\Temp\0.del" [x]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0
HKCU\...\Run: [Google Update] - C:\Users\XXXXX\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-21] (Google Inc.)
HKCU\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [907808 2013-04-29] (Jumping Bytes)
HKCU\...\Run: [GoogleChromeAutoLaunch_50EA6731804A0FA2B2DE051BEA45E463] - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\chrome.exe [829392 2013-09-17] (Google Inc.)
HKCU\...\Run: [LogitechSoftwareUpdate] - "C:\Program Files (x86)\Logitech\Video\ManifestEngine.exe" boot
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
MountPoints2: {3e6ca5cc-2c10-11e1-b9d1-2c4138a5e006} - F:\pushinst.exe
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
AppInit_DLLs: [0 ] ()
Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Kopie 1).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6100 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6100\bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4B7642743061CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3&ref=toolbox&q={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL =
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3&ref=toolbox&q={searchTerms}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C8EA58FA-945C-4046-BE67-E4ECE452CFCD}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{DEEC3FF6-3BBC-43FA-8FE5-89649718BB32}: [NameServer]139.7.30.125 139.7.30.126
FireFox:
========
FF ProfilePath: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: StartWeb
FF Homepage: about:home
FF Keyword.URL: hxxp://google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\XXXXX\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\XXXXX\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: rssicon - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\homkrllr.default\Extensions\rssicon@jasnapaka.com.xpi
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\
Chrome:
=======
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=1191462C-82DA-4248-B777-5D728D511BD3", "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\XXXXX\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Simple Pass 2011) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\npwebsitelogon.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (Google Update) - C:\Users\XXXXX\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.5_0
CHR Extension: (YouTube) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Add to Amazon Wish List) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0
CHR Extension: (Google Search) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (FacebookBlocker) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnnaablhmcfdhiadamaoojjcdjhckcb\1.2.3_0
CHR Extension: (Bubble Shooter - Deluxe) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehebfpjkmkfjlfffcmnejglggpmpgclb\1.5_0
CHR Extension: (Facebook Disconnect) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0
CHR Extension: (Facebook Ads Blocker) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\eommhojjeeaapcofdjleiamnokcfdnna\1.1.0_0
CHR Extension: (AdBlock) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (Cut the Rope) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\16_0
CHR Extension: (avast! Online Security) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (Keep My Opt-Outs) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0
CHR Extension: (Flood-It!) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0
CHR Extension: (Disconnect) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0
CHR Extension: (Analytics Blocker) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcpbefnpobogldglnlikgojpaddibgb\1.0.1_0
CHR Extension: (Super Stacker 2) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\klemmckdcnieolllgjgbniaeehggmano\3.0_0
CHR Extension: (Bejeweled 2 Deluxe) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnoibnffbjdogihagbnommnbibljledh\1.8_0
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Doodle Jump) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nojaabckpfdijgbnlhdlhjheiappijbp\2.3.1_0
CHR Extension: (Psykopaint) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0
CHR Extension: (Gmail) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR StartMenuInternet: Google Chrome - C:\Users\ZZZZZ\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [654408 2012-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ServiceLayer; C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2013-09-15] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [413696 2011-04-18] (Huawei Technologies Co., Ltd.)
R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] ()
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-09] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2013-09-15] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
U2 wuaserv;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST
2013-09-28 19:16 - 2013-09-28 19:16 - 01953880 _____ (Farbar) C:\Users\XXXXX\Downloads\FRST64.exe
2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\XXXXX\Downloads\defogger_disable.log
2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\XXXXX\Downloads\Defogger.exe
2013-09-28 19:09 - 2013-09-28 19:09 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-09-28 19:06 - 2013-09-28 19:06 - 00749248 _____ C:\Users\XXXXX\Downloads\ZipExtractorSetup(1).exe
2013-09-28 14:56 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-28 14:56 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-28 14:56 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-28 14:56 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-28 14:56 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-28 14:56 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-28 14:56 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-28 14:56 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-28 14:55 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-28 14:55 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-28 14:55 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-28 14:55 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-28 14:55 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-28 14:55 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-28 14:55 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-28 14:55 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-28 14:55 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle
2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de (1).exe
2013-09-28 12:56 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\avgchrome
2013-09-28 12:53 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-28 12:53 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-28 12:53 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-28 12:53 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-28 12:53 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-28 12:53 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-28 12:53 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-28 12:53 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-28 12:53 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-28 12:53 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-28 12:53 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-28 12:53 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-28 12:53 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-28 12:53 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-28 12:53 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-28 12:53 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-28 12:53 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-28 12:53 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-28 12:53 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-28 12:53 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-28 12:53 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\0D0S1L2Z1P1B
2013-09-28 12:49 - 2013-09-28 19:09 - 00000300 _____ C:\Windows\Tasks\DigitalSite.job
2013-09-28 12:49 - 2013-09-28 12:49 - 00001880 _____ C:\Users\ZZZZZ\Desktop\Search.lnk
2013-09-28 12:49 - 2013-09-28 12:49 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\DigitalSite
2013-09-28 12:49 - 2013-09-28 12:49 - 00000000 ____D C:\ProgramData\Babylon
2013-09-28 12:49 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-28 12:49 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-28 12:49 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-28 12:49 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-28 12:49 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-28 12:43 - 2013-09-28 12:43 - 00749248 _____ C:\Users\XXXXX\Downloads\ZipExtractorSetup.exe
2013-09-28 12:39 - 2013-09-28 13:24 - 00001986 _____ C:\Users\XXXXX\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-09-28 12:39 - 2013-09-28 13:24 - 00001930 _____ C:\Users\XXXXX\Desktop\Avira EU-Cleaner.lnk
2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de.exe
2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\Documents\Designer Files
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\ZZZZZ\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\XXXXX\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\Documents\Designer Files
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG
2013-09-25 22:54 - 2013-09-25 22:55 - 00000000 ____D C:\Program Files (x86)\fotobuch.de
2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks
2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\FLEXnet
2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\hpqLog
2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Vodafone
2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-09-15 15:51 - 2011-04-18 15:43 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01007.dll
2013-09-15 15:51 - 2011-04-18 15:43 - 00413696 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00219008 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00085504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-09-15 15:51 - 2011-04-18 15:43 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk
2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2013-09-15 15:48 - 2013-09-17 20:32 - 00000000 ____D C:\ProgramData\Vodafone
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone
2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Downloaded Installations
2013-09-02 21:09 - 2013-09-25 22:33 - 00002323 _____ C:\Users\XXXXX\Desktop\Google Chrome.lnk
2013-09-02 20:57 - 2013-09-15 16:56 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Iminent
2013-09-02 20:57 - 2013-09-02 21:02 - 00000866 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-09-02 20:53 - 2013-09-02 20:53 - 00000866 _____ C:\Users\ZZZZZ\Desktop\FTDownloader.lnk
2013-09-02 20:53 - 2013-09-02 20:53 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
2013-09-02 20:53 - 2013-09-02 20:53 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Cool_Mirage
==================== One Month Modified Files and Folders =======
2013-09-28 19:17 - 2013-09-28 19:17 - 00000000 ____D C:\FRST
2013-09-28 19:16 - 2013-09-28 19:16 - 01953880 _____ (Farbar) C:\Users\XXXXX\Downloads\FRST64.exe
2013-09-28 19:13 - 2013-09-28 19:13 - 00000476 _____ C:\Users\XXXXX\Downloads\defogger_disable.log
2013-09-28 19:12 - 2013-09-28 19:12 - 00050477 _____ C:\Users\XXXXX\Downloads\Defogger.exe
2013-09-28 19:09 - 2013-09-28 19:09 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-09-28 19:09 - 2013-09-28 12:49 - 00000300 _____ C:\Windows\Tasks\DigitalSite.job
2013-09-28 19:07 - 2012-08-27 19:36 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-28 19:06 - 2013-09-28 19:06 - 00749248 _____ C:\Users\XXXXX\Downloads\ZipExtractorSetup(1).exe
2013-09-28 19:06 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-28 19:06 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-28 19:01 - 2011-12-21 22:13 - 01645224 _____ C:\Windows\WindowsUpdate.log
2013-09-28 18:57 - 2012-08-27 19:35 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-28 18:55 - 2011-12-09 02:35 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-28 18:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-28 18:55 - 2009-07-14 06:51 - 00080023 _____ C:\Windows\setupact.log
2013-09-28 18:50 - 2011-12-09 02:23 - 00697072 _____ C:\Windows\system32\perfh007.dat
2013-09-28 18:50 - 2011-12-09 02:23 - 00148110 _____ C:\Windows\system32\perfc007.dat
2013-09-28 18:50 - 2009-07-14 07:13 - 01614036 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-28 18:48 - 2011-12-21 23:00 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000UA.job
2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-28 18:46 - 2011-12-21 22:33 - 00000000 ___RD C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-28 18:44 - 2009-07-14 06:45 - 00428496 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-28 18:40 - 2010-11-21 05:47 - 00428150 _____ C:\Windows\PFRO.log
2013-09-28 14:55 - 2013-08-03 11:51 - 00000000 ____D C:\Windows\system32\MRT
2013-09-28 14:55 - 2012-10-22 19:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-28 14:55 - 2011-12-24 14:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-28 14:55 - 2011-02-11 19:15 - 01640718 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-28 14:54 - 2012-04-11 11:22 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-28 14:54 - 2012-01-07 21:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-28 14:32 - 2011-12-27 15:41 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Adobe
2013-09-28 14:29 - 2011-12-21 23:53 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002UA.job
2013-09-28 14:17 - 2013-09-28 14:17 - 00001981 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-28 14:16 - 2011-12-09 02:48 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-28 13:53 - 2011-12-09 02:46 - 00000000 ____D C:\Program Files (x86)\HP Games
2013-09-28 13:51 - 2011-12-09 02:46 - 00002589 _____ C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-28 13:27 - 2013-09-28 13:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-28 13:24 - 2013-09-28 12:39 - 00001986 _____ C:\Users\XXXXX\Desktop\Entfernen des Avira EU-Cleaners.lnk
2013-09-28 13:24 - 2013-09-28 12:39 - 00001930 _____ C:\Users\XXXXX\Desktop\Avira EU-Cleaner.lnk
2013-09-28 13:19 - 2013-09-28 13:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-28 13:19 - 2013-09-28 13:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-28 13:19 - 2013-09-28 13:19 - 00000000 ____D C:\ProgramData\Oracle
2013-09-28 13:19 - 2012-01-12 21:16 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-28 13:11 - 2011-12-21 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-28 12:59 - 2013-09-28 12:59 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de (1).exe
2013-09-28 12:55 - 2013-09-28 12:55 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\avgchrome
2013-09-28 12:50 - 2013-09-28 12:50 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\0D0S1L2Z1P1B
2013-09-28 12:49 - 2013-09-28 12:49 - 00001880 _____ C:\Users\ZZZZZ\Desktop\Search.lnk
2013-09-28 12:49 - 2013-09-28 12:49 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\DigitalSite
2013-09-28 12:49 - 2013-09-28 12:49 - 00000000 ____D C:\ProgramData\Babylon
2013-09-28 12:43 - 2013-09-28 12:43 - 00749248 _____ C:\Users\XXXXX\Downloads\ZipExtractorSetup.exe
2013-09-28 12:39 - 2013-09-28 12:39 - 02209056 _____ C:\Users\XXXXX\Downloads\avira-eu-cleaner_de.exe
2013-09-28 11:56 - 2012-04-12 09:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-28 11:56 - 2011-12-09 02:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-28 11:38 - 2013-09-28 11:38 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-28 11:34 - 2011-12-21 22:18 - 00001423 _____ C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-28 11:34 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-28 11:34 - 2011-12-21 22:18 - 00000000 ___RD C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-28 11:27 - 2011-12-09 02:54 - 00000000 ____D C:\ProgramData\truesuite
2013-09-25 23:21 - 2012-05-21 11:56 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\vlc
2013-09-25 23:05 - 2011-12-22 00:13 - 00118800 _____ C:\Users\XXXXX\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\Documents\Designer Files
2013-09-25 22:58 - 2013-09-25 22:58 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\ZZZZZ\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00002037 _____ C:\Users\XXXXX\Desktop\Designer 2.0.lnk
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\Documents\Designer Files
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\fotobuch.de AG
2013-09-25 22:56 - 2013-09-25 22:56 - 00000000 ____D C:\ProgramData\fotobuch.de AG
2013-09-25 22:55 - 2013-09-25 22:54 - 00000000 ____D C:\Program Files (x86)\fotobuch.de
2013-09-25 22:54 - 2013-09-25 22:54 - 00000000 ____D C:\Windows\SysWOW64\artworks
2013-09-25 22:33 - 2013-09-02 21:09 - 00002323 _____ C:\Users\XXXXX\Desktop\Google Chrome.lnk
2013-09-23 22:29 - 2012-02-08 18:07 - 00008704 _____ C:\Users\XXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-23 21:29 - 2011-12-21 23:53 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002Core.job
2013-09-23 20:48 - 2011-12-21 23:00 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000Core.job
2013-09-17 20:42 - 2013-09-17 20:42 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\FLEXnet
2013-09-17 20:32 - 2013-09-17 20:32 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\hpqLog
2013-09-17 20:32 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\Vodafone
2013-09-17 20:26 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-15 16:56 - 2013-09-02 20:57 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Iminent
2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Vodafone
2013-09-15 15:51 - 2013-09-15 15:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-09-15 15:50 - 2013-09-15 15:50 - 00039552 _____ C:\Windows\system32\Drivers\tcpipBM.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00016512 _____ C:\Windows\system32\Drivers\BMLoad.sys
2013-09-15 15:50 - 2013-09-15 15:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2013-09-15 15:49 - 2013-09-15 15:49 - 00002747 _____ C:\Users\Public\Desktop\SMS.lnk
2013-09-15 15:49 - 2013-09-15 15:49 - 00002158 _____ C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-15 15:48 - 2013-09-15 15:48 - 00000000 ____D C:\Program Files (x86)\Vodafone
2013-09-15 15:47 - 2013-09-15 15:47 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Downloaded Installations
2013-09-09 07:08 - 2012-04-19 19:51 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-09 07:08 - 2011-12-24 15:56 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-09-09 07:08 - 2011-12-24 13:27 - 00000000 ____D C:\Users\WWWWW
2013-09-09 07:08 - 2011-12-23 16:06 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\IrfanView
2013-09-09 07:08 - 2011-12-21 22:14 - 00000000 ____D C:\Users\ZZZZZ
2013-09-09 07:08 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-09 07:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-09-08 21:10 - 2011-12-21 22:33 - 00000000 ____D C:\Users\XXXXX
2013-09-02 21:02 - 2013-09-02 20:57 - 00000866 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-09-02 20:53 - 2013-09-02 20:53 - 00000866 _____ C:\Users\ZZZZZ\Desktop\FTDownloader.lnk
2013-09-02 20:53 - 2013-09-02 20:53 - 00000000 ____D C:\Users\ZZZZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
2013-09-02 20:53 - 2013-09-02 20:53 - 00000000 ____D C:\Users\ZZZZZ\AppData\Local\Cool_Mirage
2013-09-02 20:53 - 2011-12-09 02:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-02 20:48 - 2011-12-09 02:44 - 00000000 ____D C:\ProgramData\CyberLink
2013-09-02 20:43 - 2013-08-25 16:59 - 00000000 ____D C:\Program Files (x86)\Logitech
Some content of TEMP:
====================
C:\Users\XXXXX\AppData\Local\Temp\PureSyncInst.exe
C:\Users\XXXXX\AppData\Local\Temp\SkypeSetup.exe
C:\Users\XXXXX\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\ZZZZZ\AppData\Local\Temp\uninst1.exe
C:\Users\ZZZZZ\AppData\Local\Temp\uninstall.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2013 02
Ran by XXXXX at 2013-09-28 19:18:15
Running from C:\Users\XXXXX\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (x32 Version: 7.0.0)
Adobe AIR (x32 Version: 2.6.0.19120)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Photoshop 7.0.1 (x32 Version: 7.0.1)
Adobe Reader XI (11.0.04) - Deutsch (x32 Version: 11.0.04)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17)
Amazon Music Importer (x32 Version: 2.1.0)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 2.0 (x32)
AuthenTec TrueAPI (Version: 1.3.0.116)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
AVM FRITZ!WLAN (x32)
Bejeweled 3 (x32 Version: 2.2.0.97)
Blasterball 3 (x32 Version: 2.2.0.97)
Bonjour (Version: 3.0.0.10)
Botanicula (x32 Version: 1.0)
Bounce Symphony (x32 Version: 2.2.0.97)
Browser Hijack Recover(BHR) 3.0 (x32)
Cake Mania (x32 Version: 2.2.0.95)
Chronicles of Albian (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Citavi (x32 Version: 3.2.0.0)
Cradle of Rome 2 (x32 Version: 2.2.0.95)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Designer 2.0 (x32 Version: 7.9.4)
Dropbox (HKCU Version: 1.4.7)
ESET Online Scanner v3 (x32)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.97)
FormatFactory 2.80 (x32 Version: 2.80)
Free Video Converter V 3.1 (x32 Version: 3.1.0.0)
Google Chrome (HKCU Version: 29.0.1547.76)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000)
HijackThis 2.0.2 (x32 Version: 2.0.2)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Games (x32 Version: 1.0.2.5)
HP LinkUp (x32 Version: 2.01.028)
HP Odometer (x32 Version: 2.10.0000)
HP Officejet 6100 - Grundlegende Software für das Gerät (Version: 25.0.617.0)
HP Officejet 6100 Hilfe (x32 Version: 140.0.2.2)
HP Setup (x32 Version: 8.7.4747.3786)
HP Setup Manager (x32 Version: 1.1.13880.3792)
HP SimplePass PE 2011 (x32 Version: 5.3.0.194)
HP Support Assistant (x32 Version: 6.0.4.1)
HP Support Information (x32 Version: 10.1.1000)
HP Update (x32 Version: 5.003.001.001)
HP Vision Hardware Diagnostics (Version: 2.9.0.0)
Intel(R) Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
IrfanView (remove only) (x32 Version: 4.32)
iTunes (Version: 10.7.0.21)
Java 7 Update 40 (x32 Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.8)
Java(TM) 6 Update 31 (x32 Version: 6.0.310)
Jewel Quest Solitaire (x32 Version: 2.2.0.95)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LAME v3.99.3 (for Windows) (x32)
Malwarebytes Anti-Malware Version 1.61.0.1400 (x32 Version: 1.61.0.1400)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Mendeley Desktop 1.3.1 (x32 Version: 1.3.1)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mathematics (x32 Version: 4.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 9.0.1 (x86 de) (x32 Version: 9.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
No23 Recorder (x32 Version: 2.1.0.3)
Nokia Connectivity Cable Driver (Version: 7.1.32.69)
Nokia Connectivity Cable Driver (x32 Version: 6.81.1.2)
Nokia PC Connectivity Solution (x32 Version: 6.23.9.0)
Nokia PC Suite (x32 Version: 6.81.13.0)
Nokia Phone Browser 64-bit (Version: 6.81.13.0)
NVIDIA 3D Vision Driver 267.95 (Version: 267.95)
NVIDIA Control Panel 267.95 (Version: 267.95)
NVIDIA Graphics Driver 267.95 (Version: 267.95)
NVIDIA Install Application (Version: 2.265.41.0)
NVIDIA PhysX (x32 Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6795)
PC Connectivity Solution 64-bit components (Version: 6.23.9.0)
PDF-Viewer (Version: 2.5.201.0)
Picasa 3 (x32 Version: 3.9)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PureSync (x32 Version: 3.7.6)
PureSync 3.7.6 (x32 Version: 3.7.6)
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6378)
Recovery Manager (x32 Version: 5.5.0.4320)
Remote Graphics Receiver (x32 Version: 5.4.5)
Skype™ 5.10 (x32 Version: 5.10.116)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update Installer for WildTangent Games App (x32)
VIP Access SDK (1.0.1.4) (x32 Version: 1.0.1.4)
VLC media player 2.0.1 (x32 Version: 2.0.1)
Vodafone Mobile Broadband (x32 Version: 10.2.103.31248)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows Searchqu Toolbar (x32 Version: 3.0.0.115676)
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)
WISO Steuer-Sparbuch 2012 (x32 Version: 19.00.7303)
WISO Steuer-Sparbuch 2013 (x32 Version: 20.00.8137)
Zinio Reader 4 (x32 Version: 4.2.4164)
==================== Restore Points =========================
Could not list Restore Points.
==================== Hosts content: ==========================
2009-07-14 04:34 - 2012-04-18 19:02 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\DigitalSite.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000Core.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1000UA.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002Core.job => C:\Users\XXXXX\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1637889394-955452023-4095234677-1002UA.job => C:\Users\XXXXX\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/28/2013 01:51:30 PM) (Source: Application Hang) (User: )
Description: Programm Updater.exe, Version 1.0.2.48 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 490
Startzeit: 01cebc40ea06375a
Endzeit: 2
Anwendungspfad: C:\ProgramData\WildTangent\WildTangent Games\App\Update\Updater.exe
Berichts-ID:
Error: (09/28/2013 01:23:21 PM) (Source: Application Hang) (User: )
Description: Programm msiexec.exe, Version 5.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1c2c
Startzeit: 01cebc3d058b1779
Endzeit: 2
Anwendungspfad: C:\Windows\SysWOW64\msiexec.exe
Berichts-ID: 5914f079-2830-11e3-b0c6-bc054305c3e5
Error: (09/28/2013 00:01:39 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/25/2013 11:05:52 PM) (Source: VmbService) (User: )
Description: GetClient
Error: (09/25/2013 11:03:59 PM) (Source: Application Hang) (User: )
Description: Programm iTunes.exe, Version 10.7.0.21 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 155c
Startzeit: 01ceba293ed02739
Endzeit: 29162
Anwendungspfad: C:\Program Files (x86)\iTunes\iTunes.exe
Berichts-ID:
Error: (09/25/2013 11:02:25 PM) (Source: Application Hang) (User: )
Description: Programm designer.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2380
Startzeit: 01ceba32789067a4
Endzeit: 11
Anwendungspfad: C:\Program Files (x86)\fotobuch.de\Designer 2.0\designer.exe
Berichts-ID: c1caa2dd-2625-11e3-8e2b-001e101f63cf
Error: (09/25/2013 10:58:43 PM) (Source: Application Hang) (User: )
Description: Programm designer.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2030
Startzeit: 01ceba31ed6bedc3
Endzeit: 11
Anwendungspfad: C:\Program Files (x86)\fotobuch.de\Designer 2.0\designer.exe
Berichts-ID: 3ffff178-2625-11e3-8e2b-001e101f63cf
Error: (09/25/2013 10:58:00 PM) (Source: Application Hang) (User: )
Description: Programm designer.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 11a0
Startzeit: 01ceba31ad705c3d
Endzeit: 12
Anwendungspfad: C:\Program Files (x86)\fotobuch.de\Designer 2.0\designer.exe
Berichts-ID: 23074a30-2625-11e3-8e2b-001e101f63cf
Error: (09/25/2013 10:41:02 PM) (Source: Application Hang) (User: )
Description: Programm PicasaPhotoViewer.exe, Version 3.9.136.20 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f88
Startzeit: 01ceba2f7c4fb3c2
Endzeit: 4
Anwendungspfad: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe
Berichts-ID: c82dc8b0-2622-11e3-8e2b-001e101f63cf
Error: (09/25/2013 10:12:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 47127
System errors:
=============
Error: (09/28/2013 06:42:53 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b
Error: (09/25/2013 11:05:53 PM) (Source: Application Popup) (User: )
Description: Treiber USB hat eine ungültige ID für das untergeordnete Gerät (09020000000111436600000298) zurückgegeben.
Error: (09/25/2013 10:58:16 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error: (09/25/2013 10:23:41 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (09/25/2013 10:22:11 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (09/25/2013 10:21:13 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (09/25/2013 10:20:15 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (09/25/2013 10:19:16 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (09/25/2013 10:18:18 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (09/25/2013 10:16:00 PM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Microsoft Office Sessions:
=========================
Error: (09/28/2013 01:51:30 PM) (Source: Application Hang)(User: )
Description: Updater.exe1.0.2.4849001cebc40ea06375a2C:\ProgramData\WildTangent\WildTangent Games\App\Update\Updater.exe
Error: (09/28/2013 01:23:21 PM) (Source: Application Hang)(User: )
Description: msiexec.exe5.0.7601.175141c2c01cebc3d058b17792C:\Windows\SysWOW64\msiexec.exe5914f079-2830-11e3-b0c6-bc054305c3e5
Error: (09/28/2013 00:01:39 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (09/25/2013 11:05:52 PM) (Source: VmbService)(User: )
Description: GetClient
Error: (09/25/2013 11:03:59 PM) (Source: Application Hang)(User: )
Description: iTunes.exe10.7.0.21155c01ceba293ed0273929162C:\Program Files (x86)\iTunes\iTunes.exe
Error: (09/25/2013 11:02:25 PM) (Source: Application Hang)(User: )
Description: designer.exe0.0.0.0238001ceba32789067a411C:\Program Files (x86)\fotobuch.de\Designer 2.0\designer.exec1caa2dd-2625-11e3-8e2b-001e101f63cf
Error: (09/25/2013 10:58:43 PM) (Source: Application Hang)(User: )
Description: designer.exe0.0.0.0203001ceba31ed6bedc311C:\Program Files (x86)\fotobuch.de\Designer 2.0\designer.exe3ffff178-2625-11e3-8e2b-001e101f63cf
Error: (09/25/2013 10:58:00 PM) (Source: Application Hang)(User: )
Description: designer.exe0.0.0.011a001ceba31ad705c3d12C:\Program Files (x86)\fotobuch.de\Designer 2.0\designer.exe23074a30-2625-11e3-8e2b-001e101f63cf
Error: (09/25/2013 10:41:02 PM) (Source: Application Hang)(User: )
Description: PicasaPhotoViewer.exe3.9.136.20f8801ceba2f7c4fb3c24C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exec82dc8b0-2622-11e3-8e2b-001e101f63cf
Error: (09/25/2013 10:12:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 47127
==================== Memory info ===========================
Percentage of memory in use: 31%
Total physical RAM: 8172.83 MB
Available physical RAM: 5614.92 MB
Total Pagefile: 16343.85 MB
Available Pagefile: 13230.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:482.72 GB) (Free:414.49 GB) NTFS
Drive d: (Volume) (Fixed) (Total:1367.19 GB) (Free:274.23 GB) NTFS
Drive r: (HP_RECOVERY) (Fixed) (Total:13.01 GB) (Free:1.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-28 19:48:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.MN6O 1863,02GB
Running: 8n831bpw.exe; Driver: C:\Users\Jolanda\AppData\Local\Temp\fxliqpod.sys
---- Threads - GMER 2.1 ----
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4928:3852] 0000000074ee7587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4928:1916] 0000000066870cb3
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4928:2100] 0000000076fc2e65
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4928:6056] 0000000076fc3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4928:6140] 0000000076fc3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4928:5800] 0000000076fc3e85
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 78
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 717506
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060d03c3c
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 78
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 717506
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060d03c3c (not active ControlSet)
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2013.09.08.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.10.9200.16686 XXXX:: YYYY[limited] Protection: Enabled 29.09.2013 14:11:02 mbam-log-2013-09-29 (14-11-02).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 198291 Time elapsed: 2 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Delete on reboot. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Delete on reboot. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Delete on reboot. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter *
* avast! Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Prüfungsname: Schnelle Überprüfung
* Start: Sonntag, 29. September 2013 14:31:08
* VPS: 130928-1, 28.09.2013
*
Infizierte Dateien: 0
Dateien gesamt: 53273
Ordner gesamt: 41931
Gesamtgröße: 30,7 GB
*
* Prüfung beendet: Sonntag, 29. September 2013 14:36:58
* Laufzeit war 5 Minute(n), 50 Sekunde(n)
*
Der EU-Avira Cleaner scheint keine Logfiles zu schreiben. Zumindest habe ich keine gefunden. Danke und Gruß |
| Themen zu Angeblich Zero Access - außerdem PUP.Optional.Iminent.A |
| adblock, antivirus, avira, converter, desktop, diagnostics, entfernen, excel, farbar, farbar recovery scan tool, firefox, flash player, google, helper, hijack, homepage, imminent, msiexec.exe, netzwerk, object, officejet, plug-in, plugin, pup.optional.delta.a, pup.optional.iminent.a, registry, richtlinie, scan, software, stick, super, svchost.exe, tracker, trojaner, wildtangent games, zeroacces |
Baum-Darstellung