| |
| |||||||
Log-Analyse und Auswertung: Spyhunter entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.10.2013, 11:51
| #1 |
| |  Spyhunter entfernen Da ich plötzlich 'Delta Homes', eine Suchmaschine die ich nicht installiert hatte als Startseite angezeigt bekommen habe und diese auch nicht entfernen konnte hat mich google auf eine Seite weitergeleitet, die recht glaubhaft Spyhunter empfohlen hat um unerlaubte malware zu entfernen. Wie ich mich jetzt verfluche dass ich das Programm nicht vorher in anderen Foren überprüft habe! Ich wurde also misstrauisch nach dem Scan und hab danach gegoogelt und bin hier auf Friedrich23' topic 'spyhunter entfernen' gestoßen. Ich habe mir also Malwarebytes Anti-Rootkit heruntergeladen. Die Logs habe ich angehängt. Dann habe ich mir aswMBR.exe heruntergeladen, Logfiles ebenfalls angehängt. (habe nur die logfiles gespeichert, keinen fix button gedrückt) und als letztes habe ich mir TDSS-Killer installiert. ich bin also den anleitungen, die Friedrich23 gegeben wurden gefolgt, bis der Administrator Combofix vorgeschlagen hat und dies nach einem Programm aussah das man wohl nicht einfach so installieren sollte. Jetzt hoffe ich dass mir hier jemand mit meinem Problem helfen kann. Ich werde aus den Logfiles leider nicht schlau und vielleicht sieht der Lösungsweg bei mir auch völlig anders aus? Anders als Friedrich23 habe ich mir Spyhunter nämlich nicht gekauft. Ich danke für jegliche Hilfe! Bin wirklich ratlos. : / Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.28.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 saturn :: SATURN-PC [Administrator] Schutz: Aktiviert 28.09.2013 17:28:42 mbam-log-2013-09-28 (17-28-42).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 616707 Laufzeit: 3 Stunde(n), 43 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 2 C:\ProgramData\eSafe\eGdpSvc.exe (Trojan.Staser) -> 1380 -> Löschen bei Neustart. C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Esafe.A) -> 1380 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 11 HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc (Trojan.Staser) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} (PUP.Optional.BabylonToolBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc (PUP.Optional.Esafe.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Datamngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\BabSolution\Redir (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0F1H1TtGtCtH1M1R1H0StFzs -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc|ImagePath (PUP.Optional.Esafe.A) -> Daten: C:\ProgramData\eSafe\eGdpSvc.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 4 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=35e72046-7e17-45a8-b885-6b71e8133a77&searchtype=ds&q={searchTerms}&installDate=14/09/2013) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=35e72046-7e17-45a8-b885-6b71e8133a77&searchtype=ds&q={searchTerms}&installDate=14/09/2013) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=35e72046-7e17-45a8-b885-6b71e8133a77&searchtype=ds&q={searchTerms}&installDate=14/09/2013) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=35e72046-7e17-45a8-b885-6b71e8133a77&searchtype=ds&q={searchTerms}&installDate=14/09/2013) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 13 C:\Users\saturn\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\AppData\Roaming\DealPly (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\AppData\Roaming\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\AppData\Roaming\OpenCandy\467D14BD07EE432F88A82C0813D13A9A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\AppData\Roaming\OpenCandy\672F9C2FF77B45C38DAE8149CFD7F14D (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\AppData\Roaming\OpenCandy\F66B177A3EFD4CB6B87A4EA36B22AD8F (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\AppData\Roaming\OpenCandy\OpenCandy_672F9C2FF77B45C38DAE8149CFD7F14D (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Common Files\337\libcef (PUP.Optional.337Technologies.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123 (PUP.Optional.337Technologies.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\locales (PUP.Optional.337Technologies.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 53 C:\ProgramData\eSafe\eGdpSvc.exe (Trojan.Staser) -> Löschen bei Neustart. C:\$Recycle.Bin\S-1-5-21-2829833523-3526886384-908469177-1001\$RARXW0O.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\AMTLib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Adobe\Adobe Encore CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Adobe\Adobe Media Encoder CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Adobe\Adobe Premiere Pro CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Adobe\Adobe Audition CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Adobe\Adobe Bridge CS6\AMTLib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Adobe\Adobe Fireworks CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Adobe\Adobe Flash CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Adobe\Adobe InDesign CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Adobe\Adobe Prelude CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Adobe\CS3\KEYGEN Adobe Photoshop CS3 Extended\Adobe Photoshop CS3 Keygen.exe (RiskWare.Tool.HCK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\AppData\Roaming\eUpdate\E0D4959B26E8451785621335547C84A4\delta-homes.exe (PUP.Optional.Elex) -> Löschen bei Neustart. C:\Users\saturn\Desktop\Adobe CS6 Master Collection\Acrobat 11\adobe.acrobat.xi.pro.patch-MPT.7z (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\Desktop\Adobe CS6 Master Collection\Acrobat 11\ADOBE_ACROBAT_XI_PRO_MULTI-XFORCE.rar (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\Desktop\Adobe CS6 Master Collection\Acrobat 11\adobe.acrobat.xi.pro.patch-MPT\adobe.acrobat.xi.pro.patch-MPT\adobe.acrobat.xi.pro.patch-MPT.exe (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\Desktop\Adobe CS6 Master Collection\Cracks\Crack\Crack Adobe_CS6_amtlib.dll.rar (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\Desktop\Adobe CS6 Master Collection\Cracks\Crack\Crack Adobe_CS6_amtlib.dll\amtlib.dll\32-bit\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\Desktop\Adobe CS6 Master Collection\Cracks\Crack\Crack Adobe_CS6_amtlib.dll\amtlib.dll\64-bit\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\Desktop\Adobe-CS5-Crack\Crack.zip (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\Documents\notwendige Ordner\Arbeit\GooglePlayVectorLogoeps_downloader_by_Ventures101.exe (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\Downloads\FLV_Media_Player.exe (PUP.Optional.Solimba) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\Downloads\GooglePlayVectorLogoeps_downloader_by_Ventures101.exe (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\Downloads\Setup(1).exe (PUP.Optional.MSILLauncher.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\Downloads\Setup(2).exe (PUP.Optional.MSILLauncher.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\Downloads\Setup.exe (PUP.Optional.MSILLauncher.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\Downloads\sysrc_trial_6.21.exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\Downloads\VeohWebPlayer.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Esafe.A) -> Löschen bei Neustart. C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\AppData\Roaming\DealPly\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\AppData\Roaming\OpenCandy\467D14BD07EE432F88A82C0813D13A9A\3204.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\AppData\Roaming\OpenCandy\467D14BD07EE432F88A82C0813D13A9A\LatestDLMgr.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\AppData\Roaming\OpenCandy\467D14BD07EE432F88A82C0813D13A9A\OpenCandyU1Dlm.dll (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\AppData\Roaming\OpenCandy\467D14BD07EE432F88A82C0813D13A9A\speedupmypcROW.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\AppData\Roaming\OpenCandy\672F9C2FF77B45C38DAE8149CFD7F14D\IESwitch_p1v5.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\AppData\Roaming\OpenCandy\F66B177A3EFD4CB6B87A4EA36B22AD8F\driverscannerROW.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\AppData\Roaming\OpenCandy\F66B177A3EFD4CB6B87A4EA36B22AD8F\driverscannerROW_p2v0.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\AppData\Roaming\OpenCandy\F66B177A3EFD4CB6B87A4EA36B22AD8F\LatestDLMgr.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\icudt.dll (PUP.Optional.337Technologies.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\libcef.dll (PUP.Optional.337Technologies.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\locales\en-US.pak (PUP.Optional.337Technologies.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
09.10.2013, 17:04
| #2 | |
| /// TB-Ausbilder   | Spyhunter entfernen Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
auf deinem Rechner wird wahrscheinlich illegale Software verwendet: Zitat:
Sobald du jegliche illegale Software entfernt hast, können wir mit der Bereinigung fortfahren. Sollte ich dann jedoch noch einmal etwas entdecken, ist Schluss. Bitte lesen: Cracks, Keygens und andere illegale Software |
|
09.10.2013, 17:39
| #3 |
| | Spyhunter entfernen Hallo Matthias!
__________________Danke für deine Hilfe! Wie schlimm siehts denn aus? Ein Freund hat mir damals die gesamte Creative Suite installiert da ich diese für mein Studium (Architektur) benötige, es mir nicht leisten kann alle benötigten Programme zu installieren. Ich war ziemlich happy als er mir anbot die Programme zu installieren. Muss ich diese deinstallieren damit du mir hilfst? Ich hätte sie gerne behalten. Ohne photoshop, indesign und illustrator bin ich ziemlich aufgeschmissen. |
|
09.10.2013, 18:13
| #4 | ||
| /// TB-Ausbilder | Spyhunter entfernen Servus, Zitat:
Zitat:
Wir bereinigen deinen Rechner und während der Bereinigung mache ich dich ggf. auf Programme aufmerksam, die nicht legal erscheinen. Zudem bin ich mir nicht sicher, ob deine Adobe Produkte noch alle einwandfrei funktionieren, da MBAM doch schon etwas entfernt hat.  So gehts los: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
|
09.10.2013, 18:31
| #5 |
| | Spyhunter entfernen Vielen lieben Dank!  FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by saturn (administrator) on SATURN-PC on 09-10-2013 19:22:11
Running from C:\Users\saturn\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Users\saturn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hobbyist Software) C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
() C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe
(Dropbox, Inc.) C:\Users\saturn\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-08] (Google Inc.)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\saturn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1193176 2012-08-02] ()
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Hobbyist Software VLC Streamer] - C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe [1608008 2013-08-19] (Hobbyist Software)
HKCU\...\Run: [Google Update] - C:\Users\saturn\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-13] (Google Inc.)
MountPoints2: E - E:\LaunchU3.exe -a
MountPoints2: {177163e2-c004-11e0-abe4-705ab64bb5bd} - E:\AutoRun.exe
MountPoints2: {177163e7-c004-11e0-abe4-705ab64bb5bd} - E:\AutoRun.exe
MountPoints2: {a1515f12-1363-11e1-86b2-705ab64bb5bd} - G:\LaunchU3.exe -a
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [258560 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2011-10-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522744 2012-06-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SearchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1360192 2013-09-02] (Spigot, Inc.)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-01-15] ()
AppInit_DLLs: [0 ] ()
Startup: C:\Users\saturn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\saturn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST9500325AS_5VEC63E5XXXX5VEC63E5&ts=1380382444
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://de.search-results.com/?l=dis&o=41648036
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST9500325AS_5VEC63E5XXXX5VEC63E5&ts=1380382444
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST9500325AS_5VEC63E5XXXX5VEC63E5&ts=1380382444
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST9500325AS_5VEC63E5XXXX5VEC63E5&ts=1380382444
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST9500325AS_5VEC63E5XXXX5VEC63E5&ts=1380382444
URLSearchHook: (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=sc&from=newgdp&uid=ST9500325AS_5VEC63E5XXXX5VEC63E5&ts=1380223001
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=ds&from=newgdp&uid=ST9500325AS_5VEC63E5XXXX5VEC63E5&ts=1380223003&type=default&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=ds&from=newgdp&uid=ST9500325AS_5VEC63E5XXXX5VEC63E5&ts=1380223003&type=default&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=ds&from=newgdp&uid=ST9500325AS_5VEC63E5XXXX5VEC63E5&ts=1380223003&type=default&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=35e72046-7e17-45a8-b885-6b71e8133a77&searchtype=ds&q={searchTerms}&installDate=14/09/2013
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=ds&from=newgdp&uid=ST9500325AS_5VEC63E5XXXX5VEC63E5&ts=1380223003&type=default&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=ds&from=newgdp&uid=ST9500325AS_5VEC63E5XXXX5VEC63E5&ts=1380223003&type=default&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=ds&from=newgdp&uid=ST9500325AS_5VEC63E5XXXX5VEC63E5&ts=1380223003&type=default&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\7.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - !{47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - !{47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\7.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {55963676-2F5E-4BAF-AC28-CF26AA587566} https://asa05.lrz.de/CACHE/stc/1/binaries/vpnweb.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\v9f7wfnl.default
FF user.js: detected! => C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\v9f7wfnl.default\user.js
FF NewTab: hxxp://www.delta-homes.com/newtab/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=nt&from=newgdp&uid=ST9500325AS_5VEC63E5XXXX5VEC63E5&ts=1380382444
FF DefaultSearchEngine: delta-homes
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: delta-homes
FF Homepage: hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST9500325AS_5VEC63E5XXXX5VEC63E5&ts=1380382444
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\saturn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\saturn\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\saturn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\saturn\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\saturn\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\v9f7wfnl.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\delta-homes.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Print pages to PDF - C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\v9f7wfnl.default\Extensions\printPages2Pdf@reinhold.ripper
FF Extension: pdfforge - C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\v9f7wfnl.default\Extensions\pdfforge@mybrowserbar.com
FF Extension: No Name - C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\v9f7wfnl.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF HKLM-x32\...\Firefox\Extensions: [webbooster@iminent.com] - C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
Chrome:
=======
CHR HomePage: hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST9500325AS_5VEC63E5XXXX5VEC63E5&ts=1380223001
CHR RestoreOnStartup: "hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST9500325AS_5VEC63E5XXXX5VEC63E5&ts=1380223001"
CHR DefaultSearchURL: (delta-homes) - hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=ds&from=newgdp&uid=ST9500325AS_5VEC63E5XXXX5VEC63E5&ts=1380223003&type=default&q={searchTerms}
CHR DefaultSuggestURL: (delta-homes) - "suggest_url": ""
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\20.53263_0
CHR Extension: (YouTube) - C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0
CHR Extension: (DivX HiQ) - C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0
CHR Extension: (Gmail) - C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [866336 2010-03-17] (Acer Incorporated)
S3 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [238328 2009-10-10] (WildTangent, Inc.)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S3 InstallShield Licensing Service; C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe [78536 2011-06-23] (Macrovision )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 mi-raysat_3dsmax2012_64; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] ()
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-06] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 cpuz132; \??\C:\Users\saturn\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
U2 wuaserv;
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-09 19:21 - 2013-10-09 19:21 - 00000000 ____D C:\FRST
2013-10-09 19:20 - 2013-10-09 19:20 - 01954124 _____ (Farbar) C:\Users\saturn\Downloads\FRST64.exe
2013-10-09 13:27 - 2012-12-13 19:49 - 00000000 ____D C:\Users\saturn\Downloads\Photoshop 'amtlib.dll' 32bit and 64bit fix
2013-10-09 13:27 - 2012-12-13 19:49 - 00000000 ____D C:\Users\saturn\Desktop\fix
2013-10-08 20:04 - 2013-10-08 20:04 - 00001795 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-08 20:03 - 2013-10-08 20:04 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-08 20:03 - 2013-10-08 20:04 - 00000000 ____D C:\Program Files\iTunes
2013-10-08 20:03 - 2013-10-08 20:04 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-08 20:03 - 2013-10-08 20:03 - 00000000 ____D C:\Program Files\iPod
2013-10-08 20:00 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-08 20:00 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-08 20:00 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-08 20:00 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-08 20:00 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-08 20:00 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-08 20:00 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-08 20:00 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-08 20:00 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-08 20:00 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-08 20:00 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-08 20:00 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-08 20:00 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-08 20:00 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-08 20:00 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-08 20:00 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-08 20:00 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-08 20:00 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-08 20:00 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-08 20:00 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-08 20:00 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-08 20:00 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-08 20:00 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-08 20:00 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-08 20:00 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-08 20:00 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-08 20:00 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-08 20:00 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-08 20:00 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-08 20:00 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 20:00 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 20:00 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-08 20:00 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-08 20:00 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-08 20:00 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-08 20:00 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-08 20:00 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-08 20:00 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-08 20:00 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-08 20:00 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-08 20:00 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-08 20:00 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-08 20:00 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-08 20:00 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-08 20:00 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-08 20:00 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-08 20:00 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-08 20:00 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-08 20:00 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-08 20:00 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-08 20:00 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-08 20:00 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-08 20:00 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-08 20:00 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-08 20:00 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-08 19:31 - 2013-10-08 19:31 - 99859239 _____ C:\Windows\SysWOW64\뎐b
2013-10-01 20:58 - 2013-10-01 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-29 14:35 - 2013-09-29 14:35 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-09-29 14:17 - 2013-09-29 14:17 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\saturn\Downloads\tdsskiller.exe
2013-09-29 12:54 - 2013-09-29 12:54 - 00001914 _____ C:\Users\saturn\Desktop\aswMBR.txt
2013-09-29 12:54 - 2013-09-29 12:54 - 00000512 _____ C:\Users\saturn\Desktop\MBR.dat
2013-09-29 11:36 - 2013-10-01 23:10 - 00003669 _____ C:\Windows\IE10_main.log
2013-09-28 22:26 - 2013-09-28 22:26 - 04745728 _____ (AVAST Software) C:\Users\saturn\Downloads\aswMBR.exe
2013-09-28 22:17 - 2013-10-09 12:13 - 00000280 _____ C:\Windows\setupact.log
2013-09-28 22:17 - 2013-09-28 22:17 - 00018294 _____ C:\Windows\PFRO.log
2013-09-28 22:17 - 2013-09-28 22:17 - 00000000 _____ C:\Windows\setuperr.log
2013-09-28 18:48 - 2013-09-28 18:48 - 00000000 ____D C:\Users\saturn\AppData\Roaming\eUpdate
2013-09-28 16:29 - 2013-09-28 16:29 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-28 16:29 - 2013-09-28 16:29 - 00000000 ____D C:\Users\saturn\AppData\Roaming\Malwarebytes
2013-09-28 16:29 - 2013-09-28 16:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-28 16:29 - 2013-09-28 16:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-28 16:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-28 16:24 - 2013-09-28 16:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\saturn\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-28 16:16 - 2013-09-28 16:16 - 98430869 _____ C:\Windows\SysWOW64\痢黹™
2013-09-28 10:37 - 2013-09-28 10:37 - 00000000 _____ C:\autoexec.bat
2013-09-28 10:36 - 2013-09-28 10:36 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-28 10:35 - 2013-09-28 17:34 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-28 10:16 - 2013-09-28 10:16 - 98372650 _____ C:\Windows\SysWOW64\㮕휿Š
2013-09-21 15:48 - 2013-09-21 15:48 - 98547399 _____ C:\Windows\SysWOW64\ƾ鍗¥
2013-09-20 23:37 - 2013-09-20 23:37 - 00000000 ____D C:\Users\saturn\AppData\Local\AskPartnerNetwork
2013-09-15 18:11 - 2013-10-09 19:16 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001UA.job
2013-09-15 18:11 - 2013-10-09 18:19 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001Core.job
2013-09-15 18:11 - 2013-09-15 18:11 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001UA
2013-09-15 18:11 - 2013-09-15 18:11 - 00003704 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001Core
2013-09-15 17:37 - 2013-09-15 17:37 - 97671483 _____ C:\Windows\SysWOW64\Š
2013-09-14 14:30 - 2013-09-14 14:31 - 00000000 ____D C:\Users\saturn\Documents\Bluetooth(3.0)_Broadcom_6.3.0.6000_W7x64
2013-09-14 14:15 - 2013-09-26 21:17 - 00001480 _____ C:\Users\saturn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-09-13 20:18 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-13 20:17 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 20:17 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 20:17 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-13 20:17 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 20:17 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-13 20:17 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 20:17 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-13 20:17 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 20:17 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-13 20:17 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-13 20:17 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-13 20:06 - 2013-09-14 10:07 - 97519942 _____ C:\Windows\SysWOW64\潪핐L
2013-09-11 20:22 - 2013-09-11 20:22 - 97170353 _____ C:\Windows\SysWOW64\䐁뾟Ž
==================== One Month Modified Files and Folders =======
2013-10-09 19:21 - 2013-10-09 19:21 - 00000000 ____D C:\FRST
2013-10-09 19:20 - 2013-10-09 19:20 - 01954124 _____ (Farbar) C:\Users\saturn\Downloads\FRST64.exe
2013-10-09 19:19 - 2010-10-26 21:27 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-09 19:18 - 2010-11-04 19:11 - 00000000 ____D C:\Users\saturn\AppData\Roaming\Skype
2013-10-09 19:16 - 2013-09-15 18:11 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001UA.job
2013-10-09 18:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-10-09 18:49 - 2013-02-03 06:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-09 18:22 - 2010-08-31 05:39 - 00711466 _____ C:\Windows\system32\perfh007.dat
2013-10-09 18:22 - 2010-08-31 05:39 - 00154420 _____ C:\Windows\system32\perfc007.dat
2013-10-09 18:22 - 2009-07-14 07:13 - 01652222 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-09 18:19 - 2013-09-15 18:11 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001Core.job
2013-10-09 18:19 - 2010-08-30 19:47 - 01841997 _____ C:\Windows\WindowsUpdate.log
2013-10-09 12:25 - 2011-11-12 13:30 - 00000000 ____D C:\Users\saturn\AppData\Local\DDEBD4B5-9B42-4244-A53F-90AEF2922E2B.aplzod
2013-10-09 12:24 - 2010-10-26 19:09 - 00000000 ____D C:\Users\saturn\AppData\Local\Adobe
2013-10-09 12:24 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-09 12:24 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-09 12:19 - 2010-10-26 21:27 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-09 12:18 - 2011-07-30 20:12 - 00000000 ____D C:\Users\saturn\AppData\Roaming\Dropbox
2013-10-09 12:16 - 2011-07-30 20:15 - 00000000 ___RD C:\Users\saturn\Dropbox
2013-10-09 12:13 - 2013-09-28 22:17 - 00000280 _____ C:\Windows\setupact.log
2013-10-09 12:13 - 2012-01-03 12:51 - 00131072 _____ C:\Windows\system32\Ikeext.etl
2013-10-09 12:13 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-09 12:13 - 2009-07-14 06:45 - 05131600 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-08 23:19 - 2010-04-26 07:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-08 23:16 - 2013-03-13 15:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-08 23:16 - 2013-03-13 15:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-08 23:14 - 2011-11-14 22:21 - 01630116 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-08 20:21 - 2013-08-19 20:54 - 00002503 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-08 20:04 - 2013-10-08 20:04 - 00001795 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-08 20:04 - 2013-10-08 20:03 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-08 20:04 - 2013-10-08 20:03 - 00000000 ____D C:\Program Files\iTunes
2013-10-08 20:04 - 2013-10-08 20:03 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-08 20:03 - 2013-10-08 20:03 - 00000000 ____D C:\Program Files\iPod
2013-10-08 19:49 - 2013-02-03 06:14 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 19:49 - 2013-02-03 06:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 19:49 - 2013-02-03 06:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 19:31 - 2013-10-08 19:31 - 99859239 _____ C:\Windows\SysWOW64\뎐b
2013-10-08 19:28 - 2012-04-26 21:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-01 23:10 - 2013-09-29 11:36 - 00003669 _____ C:\Windows\IE10_main.log
2013-10-01 23:08 - 2013-10-01 20:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-01 23:08 - 2011-05-21 17:38 - 00000000 ____D C:\Users\saturn\AppData\Local\Mozilla
2013-09-29 14:35 - 2013-09-29 14:35 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-09-29 14:17 - 2013-09-29 14:17 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\saturn\Downloads\tdsskiller.exe
2013-09-29 12:54 - 2013-09-29 12:54 - 00001914 _____ C:\Users\saturn\Desktop\aswMBR.txt
2013-09-29 12:54 - 2013-09-29 12:54 - 00000512 _____ C:\Users\saturn\Desktop\MBR.dat
2013-09-28 22:26 - 2013-09-28 22:26 - 04745728 _____ (AVAST Software) C:\Users\saturn\Downloads\aswMBR.exe
2013-09-28 22:17 - 2013-09-28 22:17 - 00018294 _____ C:\Windows\PFRO.log
2013-09-28 22:17 - 2013-09-28 22:17 - 00000000 _____ C:\Windows\setuperr.log
2013-09-28 22:17 - 2013-08-24 18:14 - 00000000 ____D C:\ProgramData\eSafe
2013-09-28 21:38 - 2012-11-13 08:29 - 00000000 ____D C:\Users\saturn\Desktop\Adobe-CS5-Crack
2013-09-28 18:48 - 2013-09-28 18:48 - 00000000 ____D C:\Users\saturn\AppData\Roaming\eUpdate
2013-09-28 17:54 - 2010-10-26 21:00 - 00000000 ____D C:\Users\saturn\AppData\Local\CrashDumps
2013-09-28 17:34 - 2013-09-28 10:35 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-28 16:29 - 2013-09-28 16:29 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-28 16:29 - 2013-09-28 16:29 - 00000000 ____D C:\Users\saturn\AppData\Roaming\Malwarebytes
2013-09-28 16:29 - 2013-09-28 16:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-28 16:29 - 2013-09-28 16:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-28 16:24 - 2013-09-28 16:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\saturn\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-28 16:16 - 2013-09-28 16:16 - 98430869 _____ C:\Windows\SysWOW64\痢黹™
2013-09-28 10:37 - 2013-09-28 10:37 - 00000000 _____ C:\autoexec.bat
2013-09-28 10:36 - 2013-09-28 10:36 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-28 10:17 - 2011-05-21 17:38 - 00000000 ____D C:\Users\saturn\AppData\Roaming\Mozilla
2013-09-28 10:16 - 2013-09-28 10:16 - 98372650 _____ C:\Windows\SysWOW64\㮕휿Š
2013-09-26 21:17 - 2013-09-14 14:15 - 00001480 _____ C:\Users\saturn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-09-21 15:48 - 2013-09-21 15:48 - 98547399 _____ C:\Windows\SysWOW64\ƾ鍗¥
2013-09-20 23:37 - 2013-09-20 23:37 - 00000000 ____D C:\Users\saturn\AppData\Local\AskPartnerNetwork
2013-09-20 23:37 - 2010-10-26 19:22 - 00000000 ____D C:\Users\saturn\AppData\Local\Google
2013-09-15 18:11 - 2013-09-15 18:11 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001UA
2013-09-15 18:11 - 2013-09-15 18:11 - 00003704 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001Core
2013-09-15 17:37 - 2013-09-15 17:37 - 97671483 _____ C:\Windows\SysWOW64\Š
2013-09-14 18:09 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-14 18:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-14 14:31 - 2013-09-14 14:30 - 00000000 ____D C:\Users\saturn\Documents\Bluetooth(3.0)_Broadcom_6.3.0.6000_W7x64
2013-09-14 14:17 - 2013-08-24 18:15 - 00000000 ____D C:\Users\saturn\AppData\Roaming\player
2013-09-14 13:51 - 2011-01-15 20:59 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-09-14 10:49 - 2010-10-23 13:45 - 00000000 ___RD C:\Users\saturn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-14 10:49 - 2010-10-23 13:45 - 00000000 ___RD C:\Users\saturn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-14 10:07 - 2013-09-13 20:06 - 97519942 _____ C:\Windows\SysWOW64\潪핐L
2013-09-14 03:10 - 2013-10-08 20:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-09-11 20:22 - 2013-09-11 20:22 - 97170353 _____ C:\Windows\SysWOW64\䐁뾟Ž
Files to move or delete:
====================
C:\ProgramData\PKP_DLbz.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
Some content of TEMP:
====================
C:\Users\saturn\AppData\Local\Temp\Quarantine.exe
C:\Users\saturn\AppData\Local\Temp\SHSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-01 22:27
==================== End Of Log ============================
und die addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by saturn at 2013-10-09 19:24:02
Running from C:\Users\saturn\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 9.20 (x32)
Adobe Acrobat XI Pro (x32 Version: 11.0.00)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Anchor Service CS4 (x32 Version: 2.0)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe Bridge CS4 (x32 Version: 3)
Adobe CMaps CS4 (x32 Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0)
Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0)
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0)
Adobe Color NA Extra Settings CS4 (x32 Version: 2.0)
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe CSI CS4 (x32 Version: 1)
Adobe CSI CS4 x64 (Version: 1)
Adobe Default Language CS4 (x32 Version: 2.0)
Adobe Device Central CS4 (x32 Version: 2)
Adobe Download Assistant (x32 Version: 1.0.6)
Adobe Drive CS4 (x32 Version: 1)
Adobe Drive CS4 x64 (Version: 1)
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0)
Adobe Extension Manager CS4 (x32 Version: 2.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Fonts All (x32 Version: 2.0)
Adobe Fonts All x64 (Version: 2.0)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Linguistics CS4 (x32 Version: 4.0.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe Output Module (x32 Version: 2.0)
Adobe PDF Library Files CS4 (x32 Version: 9.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Photoshop CS4 (x32 Version: 11.0)
Adobe Photoshop CS4 Support (x32 Version: 11.0)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Adobe Search for Help (x32 Version: 1.0)
Adobe Service Manager Extension (x32 Version: 1.0)
Adobe Setup (x32 Version: 2.0)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133)
Adobe Type Support CS4 (x32 Version: 9.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe Update Manager CS4 (x32 Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Adobe XMP Panels CS4 (x32 Version: 2.0)
AdobeColorCommonSetCMYK (x32 Version: 2.0)
Advertising Center (x32 Version: 0.0.0.2)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
AutoCAD 2011 - Deutsch (Version: 18.1.49.0)
AutoCAD 2011 Language Pack - Deutsch (Version: 18.1.49.0)
Autodesk 3ds Max 2012 64-bit - German (Version: 14.0)
Autodesk Backburner 2012.0.0 (x32 Version: 2012.0.0)
Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
Autodesk Material Library 2011 Base Image library (x32 Version: 2.0.0.49)
Autodesk Material Library 2012 (x32 Version: 2.5.0.8)
Autodesk Material Library Base Resolution Image Library 2012 (x32 Version: 2.5.0.8)
Autodesk Material Library Medium Resolution Image Library 2012 (x32 Version: 2.5.0.8)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.2.663)
Backup Manager Basic (x32 Version: 2.0.0.60)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82)
bl (x32 Version: 1.0.0)
Blasterball 3 (x32 Version: 2.2.0.82)
Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.82)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit NetLink Controller (Version: 12.52.04)
Build-a-lot 2 (x32 Version: 2.2.0.82)
CCleaner (Version: 4.04)
Chicken Invaders 3 - Revenge of the Yolk (x32 Version: 2.2.0.82)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.08057)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.08057)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Composite 2012 64-bit (Version: 7.0.0)
Connect (x32 Version: 1.0.0.1)
DivX-Setup (x32 Version: 2.5.0.8)
DMUninstaller (x32)
Dropbox (HKCU Version: 2.0.22)
EPSON Scan (x32)
Escape Rosecliff Island (x32 Version: 2.2.0.82)
Faerie Solitaire (x32 Version: 2.2.0.82)
FARO LS 1.1.406.58 (x32 Version: 4.6.58.2)
FileZilla Client 3.5.1 (x32 Version: 3.5.1)
FlipBook Maker 3.6.8 (x32 Version: 3.6.8)
Free YouTube to MP3 Converter version 3.11.37.1212 (x32 Version: 3.11.37.1212)
Google Chrome (x32 Version: 30.0.1599.69)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Talk Plugin (x32 Version: 4.7.0.15362)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.153)
iCloud (Version: 3.0.2.163)
Identity Card (x32 Version: 1.00.3003)
ImagXpress (x32 Version: 7.0.74.0)
Insaniquarium Deluxe (x32 Version: 2.2.0.82)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.5.6.1001)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.01.01.1007)
iTunes (Version: 11.1.1.11)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Jewel Quest (x32 Version: 2.2.0.82)
Jewel Quest Solitaire 3 (x32 Version: 2.2.0.82)
Junk Mail filter update (x32 Version: 14.0.8089.726)
K-Lite Mega Codec Pack 7.6.0 (x32 Version: 7.6.0)
kuler (x32 Version: 2.0)
Launch Manager (x32 Version: 4.0.8)
Mahjongg Artifacts (x32 Version: 2.2.0.82)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Microsoft .NET Framework 1.1 German Language Pack (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Language Pack 2007 - German/Deutsch (x32 Version: 12.0.6612.1000)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32)
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Report Viewer Redistributable 2008 (KB971119) (x32 Version: 9.0.30731)
Microsoft Report Viewer Redistributable 2008 (KB971119) (x32)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 9 Essentials (x32)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero DiscSpeed (x32 Version: 5.4.13.100)
Nero DiscSpeed Help (x32 Version: 5.4.4.100)
Nero DriveSpeed (x32 Version: 4.4.12.100)
Nero DriveSpeed Help (x32 Version: 4.4.4.100)
Nero Express Help (x32 Version: 9.6.2.101)
Nero InfoTool (x32 Version: 6.4.12.100)
Nero InfoTool Help (x32 Version: 6.4.4.100)
Nero Installer (x32 Version: 4.4.9.0)
Nero Online Upgrade (x32 Version: 1.3.0.0)
Nero StartSmart (x32 Version: 9.4.37.100)
Nero StartSmart Help (x32 Version: 9.4.27.100)
Nero StartSmart OEM (x32 Version: 9.4.10.100)
NeroExpress (x32 Version: 9.4.33.100)
neroxml (x32 Version: 1.0.0)
Nikon Message Center 2 (x32 Version: 2.1.0)
NVIDIA Drivers (Version: 1.10.59.37)
NVIDIA Updatus (x32 Version: 1.0.3)
Packard Bell Game Console (x32)
Packard Bell Games (x32 Version: 1.0.0.80)
Packard Bell InfoCentre (x32 Version: 3.02.3000)
Packard Bell MyBackup (x32 Version: 2.0.0.60)
Packard Bell Power Management (x32 Version: 5.00.3003)
Packard Bell Recovery Management (x32 Version: 4.05.3011)
Packard Bell Registration (x32 Version: 1.03.3002)
Packard Bell ScreenSaver (x32 Version: 1.1.0414.2010)
Packard Bell Social Networks (x32 Version: 1.0.1517)
Packard Bell Updater (x32 Version: 1.02.3001)
PDF Reader (HKCU)
PDF Settings CS4 (x32 Version: 9.0)
PDF Settings CS6 (x32 Version: 11.0)
PDFCreator (x32 Version: 1.0.2)
pdfforge Toolbar v7.6 (x32 Version: 7.6)
Penguins! (x32 Version: 2.2.0.82)
ph (x32 Version: 1.0.0)
Photoshop Camera Raw (x32 Version: 5.0)
Photoshop Camera Raw_x64 (Version: 5.0)
Picture Control Utility (x32 Version: 1.4.3)
Polar Bowler (x32 Version: 2.2.0.82)
Polar Golfer (x32 Version: 2.2.0.82)
Polar Pool (x32 Version: 2.2.0.82)
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6015)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30113)
Rhino RDK (x32)
Rhinoceros 4.0 (x32 Version: 4.0.20118)
SketchUp 8 (x32 Version: 3.0.16944)
Skype™ 6.6 (x32 Version: 6.6.106)
Spotify (HKCU Version: 0.8.4.107.g4fa0003f)
Suite Shared Configuration CS4 (x32 Version: 1.0)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 14.0.19.0)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0)
Vectorworks 2012 Hilfe (x32 Version: 1.0)
Video Web Camera (x32 Version: 2.0.3.3)
Virtual Families (x32 Version: 2.2.0.82)
Virtual Villagers - A New Home (x32 Version: 2.2.0.82)
VLC media player 2.0.0 (x32 Version: 2.0.0)
VLC Streamer 4.15 (x32)
V-Ray for Rhinoceros 4.0 (x32 Version: 1.00.0000)
Welcome Center (x32 Version: 1.01.3002)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Yahtzee (x32 Version: 2.2.0.82)
Zuma Deluxe (x32 Version: 2.2.0.82)
==================== Restore Points =========================
19-09-2013 22:15:32 Windows Update
20-09-2013 21:38:48 Windows Update
21-09-2013 21:31:36 Windows Update
26-09-2013 22:16:44 Windows Update
28-09-2013 08:35:51 Installed SpyHunter
28-09-2013 15:30:38 Removed SpyHunter
29-09-2013 09:34:44 Windows Update
29-09-2013 21:51:12 Windows Update
01-10-2013 21:09:17 Windows Update
08-10-2013 17:59:23 Windows Update
08-10-2013 20:59:26 Windows Update
==================== Hosts content: ==========================
2013-02-01 11:08 - 2013-04-05 06:20 - 00004281 ____A C:\Windows\system32\Drivers\etc\hosts
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.164 asa04.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.165 asa05.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.40 asa01.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.163 asa03.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.164 asa04.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.165 asa05.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
There are 74 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {1C09DFB7-D82B-46C5-8DF2-D62124988980} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {2DD05681-42E4-47DE-BDB6-09790B2B7AFA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001Core => C:\Users\saturn\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-13] (Google Inc.)
Task: {374B69E4-BFCB-4BB3-A84E-DF3999DBA0E2} - System32\Tasks\AdobeAAMUpdater-1.0-saturn-PC-saturn => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {41815D00-A2C0-44D5-9451-FB324EFFDE1A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {44AB9E03-64E9-4F93-A47F-5178AFE0A221} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
Task: {54A8D289-3810-43A2-892B-761511BCB84A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {62ADAD9B-0AB3-4B40-BFD6-E78BA40B5C07} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001UA => C:\Users\saturn\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-13] (Google Inc.)
Task: {64920CF9-244A-4F04-9041-7B3A85AE97D8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9CB5BD02-5976-4BAD-AE72-90A29231BE80} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe
Task: {D98D2AC1-8A67-46AC-9ACC-2124E7CAD10E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-08] (Google Inc.)
Task: {F959BDDC-E0C2-4352-A4C6-A56D089289A3} - System32\Tasks\{CF72507C-65E1-47AC-8241-7F5F7140C4AF} => C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe
Task: {FBF55C94-8C9C-4F45-8267-52B03EBFDA0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-08] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001Core.job => C:\Users\saturn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001UA.job => C:\Users\saturn\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-08-06 23:50 - 2013-08-06 23:44 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-09 02:18 - 2010-03-09 02:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
2010-03-09 02:13 - 2010-03-09 02:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\ACE.dll
2010-04-26 06:55 - 2009-12-24 02:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\saturn\AppData\Roaming\Dropbox\bin\libcef.dll
2010-04-26 07:37 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2011-03-21 20:57 - 2011-03-21 20:57 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-10-01 20:58 - 2013-10-01 20:59 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-08 19:49 - 2013-10-08 19:49 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
2011-08-28 23:19 - 2011-08-28 23:19 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2012-09-23 14:43 - 2012-09-23 14:43 - 03989656 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll
2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2012-09-23 14:43 - 2012-09-23 14:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\sqlite.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Program Files\Common Files\System:NIP5s98bg3RLqexCIr2GE10bNx58
AlternateDataStreams: C:\ProgramData\Microsoft:0wCA5dfu4z8oRyENgGrlNqSR
AlternateDataStreams: C:\ProgramData\Microsoft:S9pQTypQBvDE9sVMFIk
AlternateDataStreams: C:\Users\saturn\AppData\Local\Temp:1IeW9beUZjw2GZAiQ12BUfAv
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/09/2013 06:18:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4946683
Error: (10/09/2013 06:18:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4946683
Error: (10/09/2013 06:18:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/09/2013 06:18:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4945669
Error: (10/09/2013 06:18:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4945669
Error: (10/09/2013 06:18:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/09/2013 06:18:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4944670
Error: (10/09/2013 06:18:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4944670
Error: (10/09/2013 06:18:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/09/2013 06:18:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4943641
System errors:
=============
Error: (10/09/2013 00:18:31 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070006
Error: (10/09/2013 00:17:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSDP-Suche" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/09/2013 00:17:14 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SSDP-Suche erreicht.
Error: (10/09/2013 00:11:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023544.
Error: (10/09/2013 00:11:20 PM) (Source: Microsoft-Windows-Bits-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147943752.
Error: (10/08/2013 10:58:14 PM) (Source: DCOM) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (10/08/2013 07:36:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (10/08/2013 07:34:23 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070006
Error: (10/08/2013 07:33:19 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error: (10/08/2013 07:32:18 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Microsoft Office Sessions:
=========================
Error: (10/04/2012 09:59:21 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 16346 seconds with 1800 seconds of active time. This session ended with a crash.
Error: (01/09/2012 00:02:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 45 seconds with 0 seconds of active time. This session ended with a crash.
Error: (12/12/2011 11:41:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2796 seconds with 1740 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 66%
Total physical RAM: 3958.71 MB
Available physical RAM: 1316.71 MB
Total Pagefile: 7915.6 MB
Available Pagefile: 4469.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Packard Bell) (Fixed) (Total:451.99 GB) (Free:103.9 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C53C334E)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
09.10.2013, 18:37
| #6 |
| /// TB-Ausbilder | Spyhunter entfernen Servus, Schritt 1 SpyHunter entfernen Die folgende Datei hilft dir das Programm restlos zu deinstallieren:
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4 Downloade Dir bitte  Malwarebytes Anti-Malware
Bitte poste mit deiner nächsten Antwort
|
|
09.10.2013, 19:39
| #7 |
| | Spyhunter entfernen also: spyhunterkiller berichtet dass spyhunter nicht läuft. avira hat mich vor adwcleaner gewarnt und wollte es in die quarantäne schieben. (habe es erstmal ignoriert) adwcleaner logfile: Code:
ATTFilter # AdwCleaner v3.007 - Bericht erstellt am 09/10/2013 um 19:48:30
# Updated 09/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : saturn - SATURN-PC
# Gestartet von : C:\Users\saturn\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : Application Updater
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\Application Updater
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\optimizer pro
Ordner Gelöscht : C:\Program Files (x86)\pdfforge Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Plasmoo
Ordner Gelöscht : C:\Program Files (x86)\Common Files\spigot
Ordner Gelöscht : C:\Users\saturn\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\saturn\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\saturn\AppData\Local\Temp\eIntaller
Ordner Gelöscht : C:\Users\saturn\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\saturn\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\saturn\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\saturn\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\saturn\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\saturn\AppData\Roaming\eUpdate
Datei Gelöscht : C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\v9f7wfnl.default\Extensions\pdfforge@mybrowserbar.com
Datei Gelöscht : C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\v9f7wfnl.default\invalidprefs.js
Datei Gelöscht : C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\v9f7wfnl.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\v9f7wfnl.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\LaunchApp
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell - Security & Support\Contact.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\saturn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\saturn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\saturn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\saturn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_adobe-illustrator_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_adobe-illustrator_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-download_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-download_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hamster-free-video-converter_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hamster-free-video-converter_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\smartbar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Zugo
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\Application Updater
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\delta-homesSoftware
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\Uniblue\DriverScanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DomaIQ
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16618
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page Restore]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\v9f7wfnl.default\prefs.js ]
Zeile gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.delta-homes.com/newtab/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=nt&from=newgdp&uid=ST9500325AS_5VEC63E5XXXX5VEC63E5&ts=1380382444");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST9500325AS_5VEC63E5XXXX5VEC63E5&ts=1380382444");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.babExt", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.babTrack", "affID=110141");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 3);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.hmpg", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.id", "dc2df727000000000000701a04ebf85d");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15432");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 3);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1722:12:57");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "11.0");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.newTab", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.propectorlck", 72010202);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1722:12:57");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819&tt=171011_prot~171011_prot");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "dc2df727000000000000701a04ebf85d");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.id", "dc2df727000000000000701a04ebf85d");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15435");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=171011_prot~171011_prot&babsrc=NT_ss&mntrId=dc2df727000000000000701a04ebf85d");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.ovrDmn", "isearch.babylon.com");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:56:16");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "dc2df727000000000000701a04ebf85d");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15941");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.618:14:35");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=120524&tt=200813_246&tsp=4984");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
-\\ Google Chrome v30.0.1599.69
[ Datei : C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
Gelöscht : search_url
Gelöscht : keyword
Gelöscht : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [30125 octets] - [09/10/2013 19:45:17]
AdwCleaner[S0].txt - [26758 octets] - [09/10/2013 19:48:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26819 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by saturn on 09.10.2013 at 20:03:31,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2829833523-3526886384-908469177-1001\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\saturn\AppData\Roaming\mozilla\firefox\profiles\v9f7wfnl.default\minidumps [280 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\saturn\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.10.2013 at 20:17:43,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.09.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 saturn :: SATURN-PC [Administrator] Schutz: Aktiviert 09.10.2013 20:22:00 mbam-log-2013-10-09 (20-22-00).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 215201 Laufzeit: 12 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\$Recycle.Bin\S-1-5-21-2829833523-3526886384-908469177-1001\$R80I84B.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-21-2829833523-3526886384-908469177-1001\$RKO0XSX.rar (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\saturn\Downloads\SoftonicDownloader_fuer_hamster-free-video-converter.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
10.10.2013, 18:18
| #8 | |
| /// TB-Ausbilder | Spyhunter entfernen Servus, Zitat:
Wie läuft der Rechner momentan? Gibt es noch Probleme mit Malware? Wenn ja, welche? Kontrollscan mit FRST Führe wie zuvor beschrieben einen Scan mit FRST aus. Setze dazu eine Haken bei Addition.txt rechts unten und klicke auf Scan. Es werden wieder zwei Logdateien erzeugt. Poste mir diese. |
|
14.10.2013, 13:12
| #9 |
| /// TB-Ausbilder | Spyhunter entfernen Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
15.10.2013, 16:19
| #10 |
| | Spyhunter entfernen Hi Matthias! Hast du meine Nachricht bekommen? Tut mir leid, bin erst gestern wieder aus einem spontanen Wochenendrip zurückgekommen und hatte vergessen dir zu schreiben. However, hier sind die beiden logfiles: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by saturn (administrator) on SATURN-PC on 15-10-2013 17:12:39
Running from C:\Users\saturn\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Users\saturn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hobbyist Software) C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
() C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe
(Dropbox, Inc.) C:\Users\saturn\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems
Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-08] (Google Inc.)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\saturn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1193176 2012-08-02] ()
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Hobbyist Software VLC Streamer] - C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe [1608008 2013-08-19]
(Hobbyist Software)
HKCU\...\Run: [Google Update] - C:\Users\saturn\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-13] (Google Inc.)
MountPoints2: E - E:\LaunchU3.exe -a
MountPoints2: {177163e2-c004-11e0-abe4-705ab64bb5bd} - E:\AutoRun.exe
MountPoints2: {177163e7-c004-11e0-abe4-705ab64bb5bd} - E:\AutoRun.exe
MountPoints2: {a1515f12-1363-11e1-86b2-705ab64bb5bd} - G:\LaunchU3.exe -a
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [258560 2010-03-09] (NewTech
Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2011-10-17] (Adobe Systems
Incorporated)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522744
2012-06-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems
Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-01-15] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-01-15] ()
AppInit_DLLs: [0 ] ()
Startup: C:\Users\saturn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\saturn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft
Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live
\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX
\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX
\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - !{47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - !{47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX
\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {55963676-2F5E-4BAF-AC28-CF26AA587566} https://asa05.lrz.de/CACHE/stc/1/binaries/vpnweb.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\v9f7wfnl.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\saturn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\saturn\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\saturn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\saturn\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\saturn\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\delta-homes.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Print pages to PDF - C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\v9f7wfnl.default\Extensions\printPages2Pdf@reinhold.ripper
FF Extension: No Name - C:\Users\saturn\AppData\Roaming\Mozilla\Firefox\Profiles\v9f7wfnl.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (delta-homes) - hxxp://www.google.com
CHR DefaultSuggestURL: (delta-homes) - "suggest_url": ""
CHR Extension: (YouTube) - C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj
\11.0.0.379_0
CHR Extension: (DivX HiQ) - C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
\0.0.4.11_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions
\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0
CHR Extension: (Gmail) - C:\Users\saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [866336 2010-03-17] (Acer Incorporated)
S3 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [238328 2009-10-10] (WildTangent, Inc.)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S3 InstallShield Licensing Service; C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe [78536 2011-06-23]
(Macrovision )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 mi-raysat_3dsmax2012_64; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] ()
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-06] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 cpuz132; \??\C:\Users\saturn\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
U2 wuaserv;
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-15 16:48 - 2013-10-15 16:48 - 101148298 _____ C:\Windows\SysWOW64\祊Ž
2013-10-09 20:17 - 2013-10-09 20:17 - 00002021 _____ C:\Users\saturn\Desktop\JRT.txt
2013-10-09 20:03 - 2013-10-09 20:03 - 00000000 ____D C:\Windows\ERUNT
2013-10-09 20:02 - 2013-10-09 20:02 - 00027156 _____ C:\Users\saturn\Desktop\AdwCleaner[S0].txt
2013-10-09 20:01 - 2013-10-09 20:01 - 01032220 _____ (Thisisu) C:\Users\saturn\Downloads\JRT.exe
2013-10-09 19:45 - 2013-10-09 19:48 - 00000000 ____D C:\AdwCleaner
2013-10-09 19:43 - 2013-10-09 19:43 - 01048960 _____ C:\Users\saturn\Downloads\adwcleaner.exe
2013-10-09 19:41 - 2013-10-09 19:41 - 00464381 ____N C:\Users\saturn\Downloads\SpyHunterKiller.exe
2013-10-09 19:29 - 2013-10-09 19:29 - 00059723 _____ C:\Users\saturn\Desktop\FRST.txt
2013-10-09 19:27 - 2013-10-09 19:27 - 00029958 _____ C:\Users\saturn\Desktop\Addition.txt
2013-10-09 19:24 - 2013-10-09 19:25 - 00029958 _____ C:\Users\saturn\Downloads\Addition.txt
2013-10-09 19:21 - 2013-10-09 19:21 - 00000000 ____D C:\FRST
2013-10-09 19:20 - 2013-10-09 19:20 - 01954124 _____ (Farbar) C:\Users\saturn\Downloads\FRST64.exe
2013-10-09 13:27 - 2012-12-13 19:49 - 00000000 ____D C:\Users\saturn\Downloads\Photoshop 'amtlib.dll' 32bit and 64bit fix
2013-10-09 13:27 - 2012-12-13 19:49 - 00000000 ____D C:\Users\saturn\Desktop\fix
2013-10-08 20:04 - 2013-10-08 20:04 - 00001795 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-08 20:03 - 2013-10-08 20:04 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-08 20:03 - 2013-10-08 20:04 - 00000000 ____D C:\Program Files\iTunes
2013-10-08 20:03 - 2013-10-08 20:04 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-08 20:03 - 2013-10-08 20:03 - 00000000 ____D C:\Program Files\iPod
2013-10-08 20:00 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-08 20:00 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-08 20:00 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-08 20:00 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-08 20:00 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-08 20:00 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-08 20:00 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-08 20:00 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-08 20:00 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-08 20:00 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-08 20:00 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-08 20:00 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-08 20:00 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-08 20:00 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-08 20:00 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-08 20:00 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-08 20:00 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-08 20:00 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-08 20:00 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-08 20:00 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-08 20:00 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-08 20:00 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-08 20:00 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-08 20:00 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-08 20:00 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-08 20:00 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-08 20:00 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-08 20:00 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-08 20:00 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-08 20:00 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 20:00 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 20:00 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-08 20:00 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-08 20:00 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-08 20:00 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-08 20:00 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-08 20:00 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-08 20:00 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-08 20:00 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-08 20:00 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-08 20:00 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-08 20:00 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-08 20:00 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-08 20:00 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-08 20:00 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-08 20:00 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-08 20:00 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-08 20:00 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-08 20:00 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-08 20:00 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-08 20:00 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-08 20:00 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-08 20:00 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-08 20:00 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-08 20:00 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-08 19:31 - 2013-10-08 19:31 - 99859239 _____ C:\Windows\SysWOW64\뎐b
2013-10-01 20:58 - 2013-10-01 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-29 14:35 - 2013-09-29 14:35 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-09-29 14:17 - 2013-09-29 14:17 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\saturn\Downloads\tdsskiller.exe
2013-09-29 12:54 - 2013-09-29 12:54 - 00001914 _____ C:\Users\saturn\Desktop\aswMBR.txt
2013-09-29 12:54 - 2013-09-29 12:54 - 00000512 _____ C:\Users\saturn\Desktop\MBR.dat
2013-09-29 11:36 - 2013-10-01 23:10 - 00003669 _____ C:\Windows\IE10_main.log
2013-09-28 22:26 - 2013-09-28 22:26 - 04745728 _____ (AVAST Software) C:\Users\saturn\Downloads\aswMBR.exe
2013-09-28 22:17 - 2013-10-15 16:47 - 00000560 _____ C:\Windows\setupact.log
2013-09-28 22:17 - 2013-10-09 20:36 - 00019922 _____ C:\Windows\PFRO.log
2013-09-28 22:17 - 2013-09-28 22:17 - 00000000 _____ C:\Windows\setuperr.log
2013-09-28 16:29 - 2013-09-28 16:29 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-28 16:29 - 2013-09-28 16:29 - 00000000 ____D C:\Users\saturn\AppData\Roaming\Malwarebytes
2013-09-28 16:29 - 2013-09-28 16:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-28 16:29 - 2013-09-28 16:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-28 16:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-28 16:24 - 2013-09-28 16:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\saturn\Downloads\mbam-setup-
1.75.0.1300.exe
2013-09-28 16:16 - 2013-09-28 16:16 - 98430869 _____ C:\Windows\SysWOW64\痢黹™
2013-09-28 10:37 - 2013-09-28 10:37 - 00000000 _____ C:\autoexec.bat
2013-09-28 10:35 - 2013-09-28 17:34 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-28 10:16 - 2013-09-28 10:16 - 98372650 _____ C:\Windows\SysWOW64\㮕휿Š
2013-09-21 15:48 - 2013-09-21 15:48 - 98547399 _____ C:\Windows\SysWOW64\ƾ鍗¥
2013-09-20 23:37 - 2013-09-20 23:37 - 00000000 ____D C:\Users\saturn\AppData\Local\AskPartnerNetwork
2013-09-15 18:11 - 2013-10-14 23:41 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001UA.job
2013-09-15 18:11 - 2013-10-14 23:41 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001Core.job
2013-09-15 18:11 - 2013-10-14 23:36 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001UA
2013-09-15 18:11 - 2013-10-14 23:36 - 00003704 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001Core
2013-09-15 17:37 - 2013-09-15 17:37 - 97671483 _____ C:\Windows\SysWOW64\Š
==================== One Month Modified Files and Folders =======
2013-10-15 17:09 - 2011-11-12 13:30 - 00000000 ____D C:\Users\saturn\AppData\Local\DDEBD4B5-9B42-4244-A53F-90AEF2922E2B.aplzod
2013-10-15 17:09 - 2010-11-04 19:11 - 00000000 ____D C:\Users\saturn\AppData\Roaming\Skype
2013-10-15 17:08 - 2011-07-30 20:15 - 00000000 ___RD C:\Users\saturn\Dropbox
2013-10-15 17:08 - 2011-07-30 20:12 - 00000000 ____D C:\Users\saturn\AppData\Roaming\Dropbox
2013-10-15 17:08 - 2010-10-26 21:27 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-15 17:08 - 2010-08-30 19:47 - 02057109 _____ C:\Windows\WindowsUpdate.log
2013-10-15 16:55 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-15 16:55 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-15 16:49 - 2013-02-03 06:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-15 16:48 - 2013-10-15 16:48 - 101148298 _____ C:\Windows\SysWOW64\祊Ž
2013-10-15 16:47 - 2013-09-28 22:17 - 00000560 _____ C:\Windows\setupact.log
2013-10-15 16:47 - 2012-01-03 12:51 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-10-15 16:47 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-15 00:19 - 2010-10-26 21:27 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-14 23:41 - 2013-09-15 18:11 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001UA.job
2013-10-14 23:41 - 2013-09-15 18:11 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001Core.job
2013-10-14 23:36 - 2013-09-15 18:11 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001UA
2013-10-14 23:36 - 2013-09-15 18:11 - 00003704 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001Core
2013-10-14 15:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-10-14 14:34 - 2010-10-26 19:09 - 00000000 ____D C:\Users\saturn\AppData\Local\Adobe
2013-10-10 18:21 - 2010-08-31 05:39 - 00711466 _____ C:\Windows\system32\perfh007.dat
2013-10-10 18:21 - 2010-08-31 05:39 - 00154420 _____ C:\Windows\system32\perfc007.dat
2013-10-10 18:21 - 2009-07-14 07:13 - 01652222 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-09 22:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-10-09 20:36 - 2013-09-28 22:17 - 00019922 _____ C:\Windows\PFRO.log
2013-10-09 20:17 - 2013-10-09 20:17 - 00002021 _____ C:\Users\saturn\Desktop\JRT.txt
2013-10-09 20:03 - 2013-10-09 20:03 - 00000000 ____D C:\Windows\ERUNT
2013-10-09 20:02 - 2013-10-09 20:02 - 00027156 _____ C:\Users\saturn\Desktop\AdwCleaner[S0].txt
2013-10-09 20:01 - 2013-10-09 20:01 - 01032220 _____ (Thisisu) C:\Users\saturn\Downloads\JRT.exe
2013-10-09 19:48 - 2013-10-09 19:45 - 00000000 ____D C:\AdwCleaner
2013-10-09 19:48 - 2013-09-14 14:15 - 00001091 _____ C:\Users\saturn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-10-09 19:48 - 2013-08-19 20:54 - 00001298 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-09 19:43 - 2013-10-09 19:43 - 01048960 _____ C:\Users\saturn\Downloads\adwcleaner.exe
2013-10-09 19:41 - 2013-10-09 19:41 - 00464381 ____N C:\Users\saturn\Downloads\SpyHunterKiller.exe
2013-10-09 19:29 - 2013-10-09 19:29 - 00059723 _____ C:\Users\saturn\Desktop\FRST.txt
2013-10-09 19:27 - 2013-10-09 19:27 - 00029958 _____ C:\Users\saturn\Desktop\Addition.txt
2013-10-09 19:25 - 2013-10-09 19:24 - 00029958 _____ C:\Users\saturn\Downloads\Addition.txt
2013-10-09 19:21 - 2013-10-09 19:21 - 00000000 ____D C:\FRST
2013-10-09 19:20 - 2013-10-09 19:20 - 01954124 _____ (Farbar) C:\Users\saturn\Downloads\FRST64.exe
2013-10-09 12:13 - 2009-07-14 06:45 - 05131600 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-08 23:19 - 2010-04-26 07:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-08 23:16 - 2013-03-13 15:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-08 23:16 - 2013-03-13 15:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-08 23:14 - 2011-11-14 22:21 - 01630116 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-08 20:04 - 2013-10-08 20:04 - 00001795 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-08 20:04 - 2013-10-08 20:03 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-08 20:04 - 2013-10-08 20:03 - 00000000 ____D C:\Program Files\iTunes
2013-10-08 20:04 - 2013-10-08 20:03 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-08 20:03 - 2013-10-08 20:03 - 00000000 ____D C:\Program Files\iPod
2013-10-08 19:49 - 2013-02-03 06:14 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 19:49 - 2013-02-03 06:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 19:49 - 2013-02-03 06:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 19:31 - 2013-10-08 19:31 - 99859239 _____ C:\Windows\SysWOW64\뎐b
2013-10-08 19:28 - 2012-04-26 21:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-01 23:10 - 2013-09-29 11:36 - 00003669 _____ C:\Windows\IE10_main.log
2013-10-01 23:08 - 2013-10-01 20:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-01 23:08 - 2011-05-21 17:38 - 00000000 ____D C:\Users\saturn\AppData\Local\Mozilla
2013-09-29 14:35 - 2013-09-29 14:35 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-09-29 14:17 - 2013-09-29 14:17 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\saturn\Downloads\tdsskiller.exe
2013-09-29 12:54 - 2013-09-29 12:54 - 00001914 _____ C:\Users\saturn\Desktop\aswMBR.txt
2013-09-29 12:54 - 2013-09-29 12:54 - 00000512 _____ C:\Users\saturn\Desktop\MBR.dat
2013-09-28 22:26 - 2013-09-28 22:26 - 04745728 _____ (AVAST Software) C:\Users\saturn\Downloads\aswMBR.exe
2013-09-28 22:17 - 2013-09-28 22:17 - 00000000 _____ C:\Windows\setuperr.log
2013-09-28 21:38 - 2012-11-13 08:29 - 00000000 ____D C:\Users\saturn\Desktop\Adobe-CS5-Crack
2013-09-28 17:54 - 2010-10-26 21:00 - 00000000 ____D C:\Users\saturn\AppData\Local\CrashDumps
2013-09-28 17:34 - 2013-09-28 10:35 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-28 16:29 - 2013-09-28 16:29 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-28 16:29 - 2013-09-28 16:29 - 00000000 ____D C:\Users\saturn\AppData\Roaming\Malwarebytes
2013-09-28 16:29 - 2013-09-28 16:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-28 16:29 - 2013-09-28 16:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-28 16:24 - 2013-09-28 16:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\saturn\Downloads\mbam-setup-
1.75.0.1300.exe
2013-09-28 16:16 - 2013-09-28 16:16 - 98430869 _____ C:\Windows\SysWOW64\痢黹™
2013-09-28 10:37 - 2013-09-28 10:37 - 00000000 _____ C:\autoexec.bat
2013-09-28 10:17 - 2011-05-21 17:38 - 00000000 ____D C:\Users\saturn\AppData\Roaming\Mozilla
2013-09-28 10:16 - 2013-09-28 10:16 - 98372650 _____ C:\Windows\SysWOW64\㮕휿Š
2013-09-21 15:48 - 2013-09-21 15:48 - 98547399 _____ C:\Windows\SysWOW64\ƾ鍗¥
2013-09-20 23:37 - 2013-09-20 23:37 - 00000000 ____D C:\Users\saturn\AppData\Local\AskPartnerNetwork
2013-09-20 23:37 - 2010-10-26 19:22 - 00000000 ____D C:\Users\saturn\AppData\Local\Google
2013-09-15 17:37 - 2013-09-15 17:37 - 97671483 _____ C:\Windows\SysWOW64\Š
Files to move or delete:
====================
C:\ProgramData\PKP_DLbz.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
Some content of TEMP:
====================
C:\Users\saturn\AppData\Local\Temp\Quarantine.exe
C:\Users\saturn\AppData\Local\Temp\SHSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-14 15:30
==================== End Of Log ============================
und die addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by saturn at 2013-10-15 17:14:25
Running from C:\Users\saturn\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 9.20 (x32)
Adobe Acrobat XI Pro (x32 Version: 11.0.00)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Anchor Service CS4 (x32 Version: 2.0)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe Bridge CS4 (x32 Version: 3)
Adobe CMaps CS4 (x32 Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0)
Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0)
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0)
Adobe Color NA Extra Settings CS4 (x32 Version: 2.0)
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe CSI CS4 (x32 Version: 1)
Adobe CSI CS4 x64 (Version: 1)
Adobe Default Language CS4 (x32 Version: 2.0)
Adobe Device Central CS4 (x32 Version: 2)
Adobe Download Assistant (x32 Version: 1.0.6)
Adobe Drive CS4 (x32 Version: 1)
Adobe Drive CS4 x64 (Version: 1)
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0)
Adobe Extension Manager CS4 (x32 Version: 2.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Fonts All (x32 Version: 2.0)
Adobe Fonts All x64 (Version: 2.0)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Linguistics CS4 (x32 Version: 4.0.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe Output Module (x32 Version: 2.0)
Adobe PDF Library Files CS4 (x32 Version: 9.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Photoshop CS4 (x32 Version: 11.0)
Adobe Photoshop CS4 Support (x32 Version: 11.0)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Adobe Search for Help (x32 Version: 1.0)
Adobe Service Manager Extension (x32 Version: 1.0)
Adobe Setup (x32 Version: 2.0)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133)
Adobe Type Support CS4 (x32 Version: 9.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe Update Manager CS4 (x32 Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Adobe XMP Panels CS4 (x32 Version: 2.0)
AdobeColorCommonSetCMYK (x32 Version: 2.0)
Advertising Center (x32 Version: 0.0.0.2)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
AutoCAD 2011 - Deutsch (Version: 18.1.49.0)
AutoCAD 2011 Language Pack - Deutsch (Version: 18.1.49.0)
Autodesk 3ds Max 2012 64-bit - German (Version: 14.0)
Autodesk Backburner 2012.0.0 (x32 Version: 2012.0.0)
Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
Autodesk Material Library 2011 Base Image library (x32 Version: 2.0.0.49)
Autodesk Material Library 2012 (x32 Version: 2.5.0.8)
Autodesk Material Library Base Resolution Image Library 2012 (x32 Version: 2.5.0.8)
Autodesk Material Library Medium Resolution Image Library 2012 (x32 Version: 2.5.0.8)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.2.663)
Backup Manager Basic (x32 Version: 2.0.0.60)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82)
bl (x32 Version: 1.0.0)
Blasterball 3 (x32 Version: 2.2.0.82)
Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.82)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit NetLink Controller (Version: 12.52.04)
Build-a-lot 2 (x32 Version: 2.2.0.82)
CCleaner (Version: 4.04)
Chicken Invaders 3 - Revenge of the Yolk (x32 Version: 2.2.0.82)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.08057)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.08057)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Composite 2012 64-bit (Version: 7.0.0)
Connect (x32 Version: 1.0.0.1)
DivX-Setup (x32 Version: 2.5.0.8)
DMUninstaller (x32)
Dropbox (HKCU Version: 2.0.22)
EPSON Scan (x32)
Escape Rosecliff Island (x32 Version: 2.2.0.82)
Faerie Solitaire (x32 Version: 2.2.0.82)
FARO LS 1.1.406.58 (x32 Version: 4.6.58.2)
FileZilla Client 3.5.1 (x32 Version: 3.5.1)
FlipBook Maker 3.6.8 (x32 Version: 3.6.8)
Free YouTube to MP3 Converter version 3.11.37.1212 (x32 Version: 3.11.37.1212)
Google Chrome (x32 Version: 30.0.1599.69)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Talk Plugin (x32 Version: 4.7.0.15362)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
iCloud (Version: 3.0.2.163)
Identity Card (x32 Version: 1.00.3003)
ImagXpress (x32 Version: 7.0.74.0)
Insaniquarium Deluxe (x32 Version: 2.2.0.82)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.5.6.1001)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.01.01.1007)
iTunes (Version: 11.1.1.11)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Jewel Quest (x32 Version: 2.2.0.82)
Jewel Quest Solitaire 3 (x32 Version: 2.2.0.82)
Junk Mail filter update (x32 Version: 14.0.8089.726)
K-Lite Mega Codec Pack 7.6.0 (x32 Version: 7.6.0)
kuler (x32 Version: 2.0)
Launch Manager (x32 Version: 4.0.8)
Mahjongg Artifacts (x32 Version: 2.2.0.82)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Microsoft .NET Framework 1.1 German Language Pack (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Language Pack 2007 - German/Deutsch (x32 Version: 12.0.6612.1000)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32)
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Report Viewer Redistributable 2008 (KB971119) (x32 Version: 9.0.30731)
Microsoft Report Viewer Redistributable 2008 (KB971119) (x32)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 9 Essentials (x32)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero DiscSpeed (x32 Version: 5.4.13.100)
Nero DiscSpeed Help (x32 Version: 5.4.4.100)
Nero DriveSpeed (x32 Version: 4.4.12.100)
Nero DriveSpeed Help (x32 Version: 4.4.4.100)
Nero Express Help (x32 Version: 9.6.2.101)
Nero InfoTool (x32 Version: 6.4.12.100)
Nero InfoTool Help (x32 Version: 6.4.4.100)
Nero Installer (x32 Version: 4.4.9.0)
Nero Online Upgrade (x32 Version: 1.3.0.0)
Nero StartSmart (x32 Version: 9.4.37.100)
Nero StartSmart Help (x32 Version: 9.4.27.100)
Nero StartSmart OEM (x32 Version: 9.4.10.100)
NeroExpress (x32 Version: 9.4.33.100)
neroxml (x32 Version: 1.0.0)
Nikon Message Center 2 (x32 Version: 2.1.0)
NVIDIA Drivers (Version: 1.10.59.37)
NVIDIA Updatus (x32 Version: 1.0.3)
Packard Bell Game Console (x32)
Packard Bell Games (x32 Version: 1.0.0.80)
Packard Bell InfoCentre (x32 Version: 3.02.3000)
Packard Bell MyBackup (x32 Version: 2.0.0.60)
Packard Bell Power Management (x32 Version: 5.00.3003)
Packard Bell Recovery Management (x32 Version: 4.05.3011)
Packard Bell Registration (x32 Version: 1.03.3002)
Packard Bell ScreenSaver (x32 Version: 1.1.0414.2010)
Packard Bell Social Networks (x32 Version: 1.0.1517)
Packard Bell Updater (x32 Version: 1.02.3001)
PDF Reader (HKCU)
PDF Settings CS4 (x32 Version: 9.0)
PDF Settings CS6 (x32 Version: 11.0)
PDFCreator (x32 Version: 1.0.2)
pdfforge Toolbar v7.6 (x32 Version: 7.6)
Penguins! (x32 Version: 2.2.0.82)
ph (x32 Version: 1.0.0)
Photoshop Camera Raw (x32 Version: 5.0)
Photoshop Camera Raw_x64 (Version: 5.0)
Picture Control Utility (x32 Version: 1.4.3)
Polar Bowler (x32 Version: 2.2.0.82)
Polar Golfer (x32 Version: 2.2.0.82)
Polar Pool (x32 Version: 2.2.0.82)
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6015)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30113)
Rhino RDK (x32)
Rhinoceros 4.0 (x32 Version: 4.0.20118)
SketchUp 8 (x32 Version: 3.0.16944)
Skype™ 6.6 (x32 Version: 6.6.106)
Spotify (HKCU Version: 0.8.4.107.g4fa0003f)
Suite Shared Configuration CS4 (x32 Version: 1.0)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 14.0.19.0)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0)
Vectorworks 2012 Hilfe (x32 Version: 1.0)
Video Web Camera (x32 Version: 2.0.3.3)
Virtual Families (x32 Version: 2.2.0.82)
Virtual Villagers - A New Home (x32 Version: 2.2.0.82)
VLC media player 2.0.0 (x32 Version: 2.0.0)
VLC Streamer 4.15 (x32)
V-Ray for Rhinoceros 4.0 (x32 Version: 1.00.0000)
Welcome Center (x32 Version: 1.01.3002)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Yahtzee (x32 Version: 2.2.0.82)
Zuma Deluxe (x32 Version: 2.2.0.82)
==================== Restore Points =========================
14-10-2013 12:34:41 Windows Update
15-10-2013 14:52:16 Windows Update
==================== Hosts content: ==========================
2013-02-01 11:08 - 2013-04-05 06:20 - 00004281 ____A C:\Windows\system32\Drivers\etc\hosts
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.164 asa04.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.165 asa05.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.40 asa01.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.163 asa03.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.164 asa04.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.165 asa05.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
129.187.254.28 asa-cluster.lrz.de
There are 74 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {1C09DFB7-D82B-46C5-8DF2-D62124988980} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared
\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {2DD05681-42E4-47DE-BDB6-09790B2B7AFA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001Core => C:\Users\saturn\AppData
\Local\Google\Update\GoogleUpdate.exe [2013-07-13] (Google Inc.)
Task: {374B69E4-BFCB-4BB3-A84E-DF3999DBA0E2} - System32\Tasks\AdobeAAMUpdater-1.0-saturn-PC-saturn => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA
\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {41815D00-A2C0-44D5-9451-FB324EFFDE1A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {44AB9E03-64E9-4F93-A47F-5178AFE0A221} - \LaunchApp No Task File
Task: {54A8D289-3810-43A2-892B-761511BCB84A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-
10-08] (Adobe Systems Incorporated)
Task: {62ADAD9B-0AB3-4B40-BFD6-E78BA40B5C07} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001UA => C:\Users\saturn\AppData\Local
\Google\Update\GoogleUpdate.exe [2013-07-13] (Google Inc.)
Task: {64920CF9-244A-4F04-9041-7B3A85AE97D8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-
06-01] (Apple Inc.)
Task: {9CB5BD02-5976-4BAD-AE72-90A29231BE80} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe
Task: {D98D2AC1-8A67-46AC-9ACC-2124E7CAD10E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-08]
(Google Inc.)
Task: {F959BDDC-E0C2-4352-A4C6-A56D089289A3} - System32\Tasks\{CF72507C-65E1-47AC-8241-7F5F7140C4AF} => C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support
Files\Contents\Windows\Illustrator.exe
Task: {FBF55C94-8C9C-4F45-8267-52B03EBFDA0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-08]
(Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001Core.job => C:\Users\saturn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2829833523-3526886384-908469177-1001UA.job => C:\Users\saturn\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-08-06 23:50 - 2013-08-06 23:44 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-09 02:18 - 2010-03-09 02:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
2010-03-09 02:13 - 2010-03-09 02:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\ACE.dll
2010-04-26 06:55 - 2009-12-24 02:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\saturn\AppData\Roaming\Dropbox\bin\libcef.dll
2010-04-26 07:37 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2011-03-21 20:57 - 2011-03-21 20:57 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-10-01 20:58 - 2013-10-01 20:59 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2012-09-23 14:43 - 2012-09-23 14:43 - 03989656 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll
2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-10-08 19:49 - 2013-10-08 19:49 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Program Files\Common Files\System:NIP5s98bg3RLqexCIr2GE10bNx58
AlternateDataStreams: C:\ProgramData\Microsoft:0wCA5dfu4z8oRyENgGrlNqSR
AlternateDataStreams: C:\ProgramData\Microsoft:S9pQTypQBvDE9sVMFIk
AlternateDataStreams: C:\Users\saturn\AppData\Local\Temp:1IeW9beUZjw2GZAiQ12BUfAv
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/14/2013 11:35:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29035124
Error: (10/14/2013 11:35:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 29035124
Error: (10/14/2013 11:35:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/14/2013 11:35:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29034048
Error: (10/14/2013 11:35:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 29034048
Error: (10/14/2013 11:35:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/14/2013 03:31:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7145
Error: (10/14/2013 03:31:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7145
Error: (10/14/2013 03:31:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/14/2013 03:31:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6146
System errors:
=============
Error: (10/15/2013 04:54:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Internet Explorer 10 für Windows 7 für x64-
basierte Systeme
Error: (10/15/2013 04:50:29 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070006
Error: (10/14/2013 02:29:04 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070006
Error: (10/14/2013 02:26:06 PM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (10/14/2013 02:26:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/14/2013 02:26:05 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (10/14/2013 02:25:19 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (10/14/2013 02:25:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/14/2013 02:25:19 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (10/10/2013 06:18:29 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Microsoft Office Sessions:
=========================
Error: (10/04/2012 09:59:21 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted
16346 seconds with 1800 seconds of active time. This session ended with a crash.
Error: (01/09/2012 00:02:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted
45 seconds with 0 seconds of active time. This session ended with a crash.
Error: (12/12/2011 11:41:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted
2796 seconds with 1740 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 51%
Total physical RAM: 3958.71 MB
Available physical RAM: 1932.38 MB
Total Pagefile: 7915.6 MB
Available Pagefile: 5497.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Packard Bell) (Fixed) (Total:451.99 GB) (Free:114.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C53C334E)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Probleme bemerke ich soweit keine... weiß jedoch auch nicht wie ich nach viren-verursachten Problemen suchen sollte...? |
|
15.10.2013, 16:57
| #11 |
| /// TB-Ausbilder | Spyhunter entfernen Servus, wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
HKLM-x32\...\Run: [] - [x]
AppInit_DLLs: [0 ] ()
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
Toolbar: HKLM - No Name - !{47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKLM-x32 - No Name - !{47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\delta-homes.xml
C:\ProgramData\PKP_DLbz.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
Task: {44AB9E03-64E9-4F93-A47F-5178AFE0A221} - \LaunchApp No Task File
Task: {9CB5BD02-5976-4BAD-AE72-90A29231BE80} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe
C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
C:\Program Files (x86)\Desk 365
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
18.10.2013, 10:28
| #12 |
| | Spyhunter entfernen fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by saturn at 2013-10-15 19:09:09 Run:1
Running from C:\Users\saturn\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] - [x]
AppInit_DLLs: [0 ] ()
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
Toolbar: HKLM - No Name - !{47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKLM-x32 - No Name - !{47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\delta-homes.xml
C:\ProgramData\PKP_DLbz.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
Task: {44AB9E03-64E9-4F93-A47F-5178AFE0A221} - \LaunchApp No Task File
Task: {9CB5BD02-5976-4BAD-AE72-90A29231BE80} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe
C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
C:\Program Files (x86)\Desk 365
end
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
HKCR\CLSID\!{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\!{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{41564952-412D-5637-00A7-7A786E7484D7} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{41564952-412D-5637-00A7-7A786E7484D7} => Value deleted successfully.
HKCR\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\delta-homes.xml => Moved successfully.
C:\ProgramData\PKP_DLbz.DAT => Moved successfully.
C:\ProgramData\PKP_DLes.DAT => Moved successfully.
C:\ProgramData\PKP_DLet.DAT => Moved successfully.
C:\ProgramData\PKP_DLev.DAT => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44AB9E03-64E9-4F93-A47F-5178AFE0A221} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44AB9E03-64E9-4F93-A47F-5178AFE0A221} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CB5BD02-5976-4BAD-AE72-90A29231BE80} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CB5BD02-5976-4BAD-AE72-90A29231BE80} => Key deleted successfully.
C:\Windows\System32\Tasks\Desk 365 RunAsStdUser => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser => Key deleted successfully.
"C:\Windows\System32\Tasks\Desk 365 RunAsStdUser" => File/Directory not found.
"C:\Program Files (x86)\Desk 365" => File/Directory not found.
==== End of Fixlog ====
eset logfile (hat fast einen ganzen Tag gekostet) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=59ddddb2b22f5448b89d57815bd55ca3
# engine=15497
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-17 06:32:26
# local_time=2013-10-17 08:32:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 186226 152706051 179007 0
# compatibility_mode=5893 16776574 100 94 185786 133664596 0 0
# scanned=422626
# found=1
# cleaned=0
# scan_time=2078
sh=C871F2F22BE62631F3C01F91378419D32AFFA8E8 ft=1 fh=1495b2591e0e47a0 vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptimizerPro.exe.vir"
Code:
ATTFilter Results of screen317's Security Check version 0.99.74 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.9.900.117 Adobe Reader XI Mozilla Firefox (24.0) Google Chrome 30.0.1599.101 Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
18.10.2013, 17:56
| #13 |
| /// TB-Ausbilder | Spyhunter entfernen Servus, Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Die Reihenfolge ist hier entscheidend.
Schritt 2 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von Registry Cleanern. Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link: Miekemoes Blogspot ( MVP ) Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
20.10.2013, 22:18
| #14 |
| | Spyhunter entfernen Hallo Matthias! Tausend Dank für deine Hilfe! Ich finde es toll wie ihr hier PC-Blondinen wie mir selbstlos helft Dankeschoen Ich habe die aufgelisteten Addons und Programme installiert und hoffe dass jetzt mit ein bisschen mehr Vorsicht nichts mehr derartiges passiert =) |
|
21.10.2013, 13:39
| #15 |
| /// TB-Ausbilder | Spyhunter entfernen Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
Linear-Darstellung
