| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verdacht auf TR/Kazy und PUP "Downloadsponsor.A"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.11.2013, 13:42
| #1 |
 |  Verdacht auf TR/Kazy und PUP "Downloadsponsor.A" Hallo, ich habe nach längerer Pause mal wieder meinen Laptop im Betrieb gehabt. Nachdem sich Avira (Premium) aktualisiert hatte, erhielt ich die Warnung, dass ein Trojaner auf meinem Rechner sei. Die Datei ist schon seit Anfang des Jahres auf dem Rechner, wurde bis jetzt aber nie beanstandet. Bei Virustotal schlugen vier von 49 Scannern auf sie an (später waren es 3/47, siehe Link), das Avira-Labor hat nach Einsendung bestätigt, dass es sich um Malware (TR/Kazy.251205) handele. Die Datei scheint im Zusammenhang mit VueScan zu stehen, das ich mir mal als Trial-Version heruntergeladen habe, entweder bei chip.de oder beim Hersteller selbst. Ich habe dann auch gleich noch Malwarebytes und E-Set drüber laufen lassen, die wiederum beide diese Datei nicht beanstanden, dafür aber ein- bzw. zweimal ein PUP "Downloadsponsor.A" finden. Ein solcher Hinweis bezieht sich auf den "ICQ Banner Remover", den ich vor längerer Zeit mal von chip.de bezogen haben müsste, den anderen kann ich nicht sicher zuordnen ("OCS"). Wenn ich die bisherigen Einträge zu dem Störenfried richtig verstehe, ist das aber "nur" Adware? Neu aufsetzen wäre für mich aber auch kein Weltuntergang und ziehe ich auf jeden Fall vor, wenn ein nennenswertes Sicherheitsrisiko besteht. Der Rechner wurde u. a. auch für Onlinebanking und -shopping verwendet, insofern wäre für mich natürlich auch wichtig zu wissen, ob ich besser meine Passwörter ändern sollte. Ansonsten: Vielen Dank für eure Hilfe! Hier der Link zum Virustotal-Ergebnis der möglichen Kazy-Datei: https://www.virustotal.com/de/file/f30c21fd7183971f69a7bb8309aa6c3c218af4e32d85199ffe3743d89f617457/analysis/1384259379/ Das Ergebnis von E-Set: C:\Users\**\AppData\Local\Temp\OCS\ocs_v6.exe Variante von Win32/DownloadSponsor.A Anwendung C:\Users\**\Downloads\ICQ_7.7_Build__6547_Banner_Remover_1.0_Setup.exe Variante von Win32/DownloadSponsor.A Anwendung Der Fund von Avira: Beginne mit der Desinfektion: C:\Users\**\AppData\Local\Temp\vsdel.exe [FUND] Ist das Trojanische Pferd TR/Kazy.251205 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57e83d99.qua' verschoben! Der Malwarebytes-Komplettscan: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.09.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 ** :: NOTEBOOK [Administrator] 11.11.2013 09:31:44 MBAM-log-2013-11-11 (11-45-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 554926 Laufzeit: 2 Stunde(n), 7 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\**\AppData\Local\Temp\OCS\ocs_v6.exe (PUP.Optional.DownloadSponsor.A) -> Keine Aktion durchgeführt. (Ende) |
|
12.11.2013, 14:30
| #2 |
| /// the machine /// TB-Ausbilder    | Verdacht auf TR/Kazy und PUP "Downloadsponsor.A" hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
12.11.2013, 15:02
| #3 |
| | Verdacht auf TR/Kazy und PUP "Downloadsponsor.A" Hi schrauber,
__________________und vielen Dank, dass Du mir hilfst! Ich habe das Programm jetzt vom betroffenen Rechner heruntergeladen und direkt ausgeführt, ich hoffe, das war okay. FRST.txt: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by ** (administrator) on NOTEBOOK on 12-11-2013 14:56:54
Running from C:\Users\**\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\windows\system32\atieclxx.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) D:\PhotoshopElements\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-11-13] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-05] (Hewlett-Packard)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [KSS] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
MountPoints2: {5ca6f7df-fe04-11e0-89bd-e02a820432a4} - E:\LaunchU3.exe -a
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [RUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKU\Präsentation\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-03-04] (Hewlett-Packard Company)
HKU\Präsentation\...\Run: [Akamai NetSession Interface] - C:\Users\Präsentation\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
Startup: C:\Users\Präsentation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
SearchScopes: HKLM - DefaultScope {F9A0E60D-A3FA-4869-9472-C1CCA6CE3F8E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {F9A0E60D-A3FA-4869-9472-C1CCA6CE3F8E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {F9A0E60D-A3FA-4869-9472-C1CCA6CE3F8E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\**\AppData\Roaming\Mozilla\Firefox\Profiles\8x945ige.default
FF user.js: detected! => C:\Users\**\AppData\Roaming\Mozilla\Firefox\Profiles\8x945ige.default\user.js
FF Homepage: www.spiegel.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Bitdefender QuickScan - C:\Users\**\AppData\Roaming\Mozilla\Firefox\Profiles\8x945ige.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Adblock Plus - C:\Users\**\AppData\Roaming\Mozilla\Firefox\Profiles\8x945ige.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Chrome In-App Payments service) - C:\Users\THOMAS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor9.0; D:\PhotoshopElements\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-18] (Avira Operations GmbH & Co. KG)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-11] (PDF Complete Inc)
S2 SeaPort; "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [x]
==================== Drivers (Whitelisted) ====================
S1 acedrv07; C:\windows\system32\drivers\acedrv07.sys [125440 2012-08-08] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-31] (Avira Operations GmbH & Co. KG)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [96384 2010-05-21] (Realtek Semiconductor Corp.)
S3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
S3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 TTUSB2BDA_NTAMD64; C:\Windows\System32\DRIVERS\ttusb2bda_amd64.sys [746400 2008-07-07] (TechnoTrend AG)
S3 GT680x; System32\Drivers\gt680x.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-12 14:37 - 2013-11-12 14:37 - 00000000 ____D C:\FRST
2013-11-12 14:36 - 2013-11-12 14:36 - 01957590 _____ (Farbar) C:\Users\**\Desktop\FRST64.exe
2013-11-12 04:20 - 2013-11-12 13:33 - 00782698 _____ C:\Users\**\Desktop\AVSCAN-20131111-114634-D61EDB46.LOG
2013-11-11 09:30 - 2013-11-12 13:32 - 00000213 _____ C:\Users\**\Desktop\eset.txt
2013-11-09 18:39 - 2013-11-09 18:40 - 02347384 _____ (ESET) C:\Users\**\Downloads\esetsmartinstaller_deu(1).exe
2013-11-09 18:36 - 2013-11-09 18:36 - 02347384 _____ (ESET) C:\Users\**\Downloads\esetsmartinstaller_deu.exe
2013-11-09 16:35 - 2013-11-09 18:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-09 16:06 - 2013-11-09 16:06 - 00001077 _____ C:\Users\**\Desktop\Kaspersky Security Scan.lnk
2013-11-09 16:06 - 2013-11-09 16:06 - 00000000 ____D C:\Users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2013-11-09 16:05 - 2013-11-09 16:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-09 16:05 - 2013-11-09 16:05 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-11-09 16:03 - 2013-11-09 16:03 - 00179984 _____ (Kaspersky Lab) C:\Users\**\Downloads\kss12.0.1.117mlg_en-de_ru-de_fr-de_de-de.exe
2013-11-09 16:01 - 2013-11-09 16:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\**\Downloads\HiJackThis204(2).exe
2013-10-20 15:52 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-10-20 15:52 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-10-20 15:52 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-10-20 15:52 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-10-20 15:52 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-10-20 15:52 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-10-20 15:52 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-10-20 15:52 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-10-20 15:52 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-10-20 15:52 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-10-20 15:52 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-10-20 15:52 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-10-20 15:52 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-10-20 15:52 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-10-20 15:52 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-10-20 15:52 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-10-20 15:52 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-10-20 15:52 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-10-20 15:52 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-10-20 15:52 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-10-20 15:52 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-10-20 15:52 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-10-20 15:52 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-20 15:51 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-10-20 15:51 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-10-20 15:51 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-10-20 15:51 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-10-20 15:51 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-10-20 15:51 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-10-20 15:51 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-10-20 15:51 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-10-19 20:06 - 2013-08-29 02:29 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbser.sys
2013-10-19 20:06 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-10-19 20:06 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2013-10-19 20:06 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-10-19 20:06 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2013-10-19 20:06 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2013-10-19 20:06 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2013-10-19 20:06 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-10-19 20:06 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2013-10-19 20:06 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2013-10-19 20:06 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2013-10-19 20:06 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-10-19 20:06 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2013-10-19 20:06 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2013-10-19 20:05 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-10-19 20:05 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-10-19 20:05 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2013-10-19 20:05 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2013-10-19 20:05 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-10-19 20:05 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-10-19 20:05 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2013-10-19 20:05 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-10-19 20:05 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2013-10-19 20:05 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-10-19 20:05 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-10-19 20:05 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-10-19 20:05 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2013-10-19 20:05 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-10-19 20:05 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2013-10-19 20:05 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-10-19 20:05 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-10-19 20:05 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-10-19 20:05 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-10-19 20:05 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-10-19 20:05 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2013-10-19 20:05 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-10-19 20:05 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-19 20:05 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-19 20:05 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2013-10-19 20:05 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2013-10-19 20:05 - 2013-07-12 11:40 - 00109824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBAUDIO.sys
2013-10-19 20:05 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2013-10-19 20:05 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2013-10-19 20:05 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2013-10-19 20:05 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2013-10-19 20:05 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2013-10-19 20:05 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-10-19 20:05 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
==================== One Month Modified Files and Folders =======
2013-11-12 14:55 - 2010-12-10 01:16 - 00656746 _____ C:\windows\system32\perfh007.dat
2013-11-12 14:55 - 2010-12-10 01:16 - 00131088 _____ C:\windows\system32\perfc007.dat
2013-11-12 14:55 - 2009-07-14 06:13 - 01500294 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-12 14:54 - 2011-08-14 22:02 - 00001128 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-12 14:53 - 2011-01-18 21:18 - 01955566 _____ C:\windows\WindowsUpdate.log
2013-11-12 14:50 - 2011-08-14 22:02 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-12 14:50 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-12 14:50 - 2009-07-14 05:51 - 00098383 _____ C:\windows\setupact.log
2013-11-12 14:37 - 2013-11-12 14:37 - 00000000 ____D C:\FRST
2013-11-12 14:36 - 2013-11-12 14:36 - 01957590 _____ (Farbar) C:\Users\**\Desktop\FRST64.exe
2013-11-12 14:34 - 2012-05-12 21:13 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-12 13:33 - 2013-11-12 04:20 - 00782698 _____ C:\Users\**\Desktop\AVSCAN-20131111-114634-D61EDB46.LOG
2013-11-12 13:32 - 2013-11-11 09:30 - 00000213 _____ C:\Users\**\Desktop\eset.txt
2013-11-12 13:22 - 2009-07-14 05:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-12 13:22 - 2009-07-14 05:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-12 13:14 - 2012-05-05 21:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-12 03:11 - 2012-10-21 20:58 - 00000000 ____D C:\Users\**\AppData\Roaming\Spotify
2013-11-11 15:26 - 2012-10-21 20:59 - 00000000 ____D C:\Users\**\AppData\Local\Spotify
2013-11-11 05:50 - 2011-05-08 02:28 - 00000000 ____D C:\windows\rescache
2013-11-10 14:56 - 2011-05-17 17:23 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2013-11-10 14:56 - 2011-05-12 20:06 - 00000000 ____D C:\Users\**\AppData\Roaming\ICQ
2013-11-10 14:55 - 2011-10-23 21:45 - 00000000 _____ C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-09 18:40 - 2013-11-09 18:39 - 02347384 _____ (ESET) C:\Users\**\Downloads\esetsmartinstaller_deu(1).exe
2013-11-09 18:38 - 2013-11-09 16:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-09 18:36 - 2013-11-09 18:36 - 02347384 _____ (ESET) C:\Users\**\Downloads\esetsmartinstaller_deu.exe
2013-11-09 16:14 - 2012-05-05 21:40 - 00000000 ____D C:\Users\**\AppData\Roaming\QuickScan
2013-11-09 16:06 - 2013-11-09 16:06 - 00001077 _____ C:\Users\**\Desktop\Kaspersky Security Scan.lnk
2013-11-09 16:06 - 2013-11-09 16:06 - 00000000 ____D C:\Users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2013-11-09 16:05 - 2013-11-09 16:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-09 16:05 - 2013-11-09 16:05 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-11-09 16:03 - 2013-11-09 16:03 - 00179984 _____ (Kaspersky Lab) C:\Users\**\Downloads\kss12.0.1.117mlg_en-de_ru-de_fr-de_de-de.exe
2013-11-09 16:01 - 2013-11-09 16:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\**\Downloads\HiJackThis204(2).exe
2013-11-09 16:01 - 2013-04-08 20:27 - 00010780 _____ C:\Users\**\Downloads\hijackthis.log
2013-10-20 16:27 - 2011-05-07 20:31 - 00000000 ____D C:\Users\**\AppData\Local\Mozilla
2013-10-20 15:59 - 2009-07-14 05:45 - 00300480 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-20 15:55 - 2013-04-01 00:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-20 15:50 - 2013-04-01 00:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-20 15:45 - 2013-08-26 22:58 - 00000000 ____D C:\windows\system32\MRT
2013-10-20 15:37 - 2011-05-07 19:25 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-10-20 15:32 - 2013-09-26 18:10 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-19 21:07 - 2012-05-12 21:13 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-10-19 21:07 - 2012-05-12 21:12 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-10-19 21:07 - 2011-06-30 22:35 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-19 20:11 - 2013-09-28 12:09 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-19 19:49 - 2011-08-14 22:02 - 00004124 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-19 19:49 - 2011-08-14 22:02 - 00003872 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-19 00:38 - 2012-08-05 04:40 - 00394626 _____ C:\temp.raw
Files to move or delete:
====================
C:\Users\**\lame.exe
C:\Users\**\lame_enc.dll
Some content of TEMP:
====================
C:\Users\Präsentation\AppData\Local\Temp\AskSLib.dll
C:\Users\Präsentation\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\**\AppData\Local\Temp\AskSLib.dll
C:\Users\**\AppData\Local\Temp\Extract.exe
C:\Users\**\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\**\AppData\Local\Temp\HPQSi.exe
C:\Users\**\AppData\Local\Temp\install_flashplayer11x32au_mssd_aaa_aih.exe
C:\Users\**\AppData\Local\Temp\install_reader10_de_mssd_aih.exe
C:\Users\**\AppData\Local\Temp\MSNADA.exe
C:\Users\**\AppData\Local\Temp\NEventMessages.dll
C:\Users\**\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\**\AppData\Local\Temp\pylC9D3.tmp.exe
C:\Users\**\AppData\Local\Temp\pylD71C.tmp.exe
C:\Users\**\AppData\Local\Temp\Resource.exe
C:\Users\**\AppData\Local\Temp\SP50291.exe
C:\Users\**\AppData\Local\Temp\SP50370.exe
C:\Users\**\AppData\Local\Temp\SP51129.exe
C:\Users\**\AppData\Local\Temp\SP51626.exe
C:\Users\**\AppData\Local\Temp\SP51765.exe
C:\Users\**\AppData\Local\Temp\SP51810.exe
C:\Users\**\AppData\Local\Temp\sp52110.exe.exe
C:\Users\**\AppData\Local\Temp\SP52407.exe
C:\Users\**\AppData\Local\Temp\sp54373.exe
C:\Users\**\AppData\Local\Temp\sp54620.exe
C:\Users\**\AppData\Local\Temp\SP54714.exe
C:\Users\**\AppData\Local\Temp\SP54922.exe
C:\Users\**\AppData\Local\Temp\SP57760.exe
C:\Users\**\AppData\Local\Temp\sp58915.exe
C:\Users\**\AppData\Local\Temp\tl7dknx8.dll
C:\Users\**\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\**\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\**\AppData\Local\Temp\vsdel.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-11 05:32
==================== End Of Log ============================
--- --- --- Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013 01
Ran by ** at 2013-11-12 14:58:04
Running from C:\Users\**\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 1.5.3.9130)
Adobe Community Help (x32 Version: 3.2.1)
Adobe Community Help (x32 Version: 3.2.1.650)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Photoshop Elements 9 (x32 Version: 9.0)
Adobe Reader XI (11.0.02) - Deutsch (x32 Version: 11.0.02)
Akamai NetSession Interface Service (x32)
Amazon MP3-Downloader 1.0.9 (x32)
ANSTOSS 2007 (Version 7.1.0.5) (x32 Version: 7.1.0.5)
ANSTOSS 3 (x32)
Apple Software Update (x32 Version: 2.1.3.127)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.16.1.0)
ATI Catalyst Install Manager (Version: 3.0.778.0)
Audacity 1.2.6 (x32)
Avira Antivirus Premium (x32 Version: 13.0.0.4052)
BearPaw 1200CU Plus v1.0 (x32)
Birth of the Federation (x32)
Broadcom 2070 Bluetooth 3.0 (Version: 6.3.0.6300)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)
calibre 64bit (Version: 0.9.25)
Call of Duty - United Offensive (x32 Version: 1.00.0000)
Call of Duty (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center InstallProxy (x32 Version: 2010.0805.358.5180)
Catalyst Control Center Localization All (x32 Version: 2010.0805.358.5180)
CCC Help Chinese Standard (x32 Version: 2010.0805.0357.5180)
CCC Help Chinese Traditional (x32 Version: 2010.0805.0357.5180)
CCC Help Czech (x32 Version: 2010.0805.0357.5180)
CCC Help Danish (x32 Version: 2010.0805.0357.5180)
CCC Help Dutch (x32 Version: 2010.0805.0357.5180)
CCC Help English (x32 Version: 2010.0805.0357.5180)
CCC Help Finnish (x32 Version: 2010.0805.0357.5180)
CCC Help French (x32 Version: 2010.0805.0357.5180)
CCC Help German (x32 Version: 2010.0805.0357.5180)
CCC Help Greek (x32 Version: 2010.0805.0357.5180)
CCC Help Hungarian (x32 Version: 2010.0805.0357.5180)
CCC Help Italian (x32 Version: 2010.0805.0357.5180)
CCC Help Japanese (x32 Version: 2010.0805.0357.5180)
CCC Help Korean (x32 Version: 2010.0805.0357.5180)
CCC Help Norwegian (x32 Version: 2010.0805.0357.5180)
CCC Help Polish (x32 Version: 2010.0805.0357.5180)
CCC Help Portuguese (x32 Version: 2010.0805.0357.5180)
CCC Help Russian (x32 Version: 2010.0805.0357.5180)
CCC Help Spanish (x32 Version: 2010.0805.0357.5180)
CCC Help Swedish (x32 Version: 2010.0805.0357.5180)
CCC Help Thai (x32 Version: 2010.0805.0357.5180)
CCC Help Turkish (x32 Version: 2010.0805.0357.5180)
ccc-core-static (x32 Version: 2010.0805.358.5180)
ccc-utility64 (Version: 2010.0805.358.5180)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.5080)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.5080)
Corel Home Office - CS Templates (x32 Version: 5.6.5)
Corel Home Office - CT Templates (x32 Version: 5.6.5)
Corel Home Office - IPM (x32 Version: 5.6.5)
Corel Home Office - JP Templates (x32 Version: 5.6.5)
Corel Home Office - KR Templates (x32 Version: 5.6.5)
Corel Home Office - Launcher (x32 Version: 5.6.5)
Corel Home Office - Templates RU (x32 Version: 5.6.5)
Corel Home Office - Templates1 (x32 Version: 5.6.5)
Corel Home Office (x32 Version: 5.0.87.621)
Corel Home Office (x32 Version: 5.6.5)
D3DX10 (x32 Version: 15.4.2368.0902)
DHTML Editing Component (x32 Version: 6.02.0001)
Earth 2160 (x32)
Elements 9 Organizer (x32 Version: 9.0)
Elements STI Installer (x32 Version: 1.0)
Energy Star Digital Logo (x32 Version: 1.0.1)
ESET Online Scanner v3 (x32)
Europa Universalis III (x32)
Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1)
FTL: Faster Than Light (x32)
Galactic Civilizations I: Ultimate Edition (x32)
Garmin Training Center (x32 Version: 3.4.5)
Garmin USB Drivers (x32 Version: 2.3.0.0)
GOG.com Planescape Torment
Google Chrome (x32 Version: 30.0.1599.101)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
Gothic 2 Gold (x32 Version: 1.0.0)
Hearts of Iron III (x32)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.5.0.0)
HP ESU for Microsoft Windows 7 (x32 Version: 1.1.8.1)
HP HotKey Support (Version: 4.0.3.1)
HP Product Detection (x32 Version: 10.7.9.0)
HP Setup (x32 Version: 8.5.4371.3505)
HP SoftPaq Download Manager (x32 Version: 3.0.5.0)
HP Software Framework (x32 Version: 4.1.13.1)
HP Software Setup (x32 Version: 7.0.1.6)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Web Camera (Version: 1.0.0)
HP Webcam (x32 Version: 1.0.25.0)
HP Wireless Assistant (Version: 4.0.6.0)
ICQ 7.7 Build #6547 Banner Remover 1.0 (x32)
ICQ7.7 (x32 Version: 7.7)
IDT Audio (x32 Version: 1.0.6300.0)
Jagged Alliance 2 - Wildfire (x32)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kaspersky Security Scan (x32 Version: 12.0.1.340)
KKND2 Krossfire (x32 Version: 2.0.0.7)
Leviathan: Warships (x32)
LightScribe System Software (x32 Version: 1.18.22.2)
LSI HDA Modem (Version: 2.2.98)
Making History: The Calm & The Storm (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.7015.1000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.126.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 25.0 (x86 de) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MPC-HC 1.6.6.6957 (3975d54) (64-bit) (Version: 1.6.6.6957)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nokia Connectivity Cable Driver (x32 Version: 7.1.45.0)
Nokia Ovi Suite (x32 Version: 3.1.1.90)
Nokia Ovi Suite Software Updater (x32 Version: 02.07.004.45780)
Norton Online Backup (x32 Version: 2.0.0.34)
NVIDIA PhysX (x32 Version: 9.10.0222)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Opera 12.00 (x32 Version: 12.00.1467)
Ovi Desktop Sync Engine (x32 Version: 1.5.266.0)
OviMPlatform (x32 Version: 2.7.72.0)
Paint.NET v3.5.10 (Version: 3.60.0)
PC Connectivity Solution (x32 Version: 11.4.21.0)
PDF Complete Special Edition (x32 Version: 4.0.64)
Planescape Torment (x32 Version: 2.0.0.8)
PlayReady PC Runtime amd64 (Version: 1.3.0)
R.U.S.E (x32)
Realtek Ethernet Controller All-In-One Windows Driver (x32 Version: 1.12.0011)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0)
Robin Hood (x32)
Roxio Activation Module (x32 Version: 1.0)
Roxio Creator Audio (x32 Version: 3.8.0)
Roxio Creator Business (x32 Version: 10.3.56.21)
Roxio Creator Business v10 (x32 Version: 3.8.0)
Roxio Creator Copy (x32 Version: 3.8.0)
Roxio Creator Data (x32 Version: 3.8.0)
Roxio Creator Tools (x32 Version: 3.8.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Safari (x32 Version: 5.34.57.2)
Sid Meier's Civilization V (x32)
SportTracks 2.1 (x32 Version: 2.1.3478)
Spotify (HKCU Version: 0.9.1.53.g876fa9df)
Star Wars: Knights of the Old Republic (x32)
Steam (x32 Version: 1.0.0.0)
SymSilent (x32)
Synaptics Pointing Device Driver (Version: 15.0.24.0)
Turbo Lister 2 (x32 Version: 2.00.0000)
Ubuntu (x32 Version: 12.10-rev273)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Uplink (x32)
USB2.0 UVC 1.3M WebCam (x32 Version: 6.1.7600.0049)
VLC media player 2.0.6 (Version: 2.0.6)
Windows 7 Default Setting (x32 Version: 1.0.1.7)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinZip 14.5 (x32 Version: 14.5.9095)
==================== Restore Points =========================
11-11-2013 23:00:02 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1331D776-F82A-497C-A715-5A445B667E3A} - System32\Tasks\{446A4079-CD1A-4C2B-8804-6991F040C60B} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {1A95656B-2DD3-4953-8E7C-6B850D43DA48} - System32\Tasks\AdobeAAMUpdater-1.0-Notebook-** => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {2491F0CA-34A8-4A5B-9790-B83F8C0F9D12} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14] (Google Inc.)
Task: {2A662C67-5C2C-4D24-91F2-41CB17D86870} - System32\Tasks\{B4CF0EF0-E790-4843-84E2-8FEF16F9E8FC} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {2FF2C6DF-F3AE-4632-90B8-05A1D617898B} - System32\Tasks\{299A06CD-D1FD-47DE-91C5-8DDBD6A8A2C0} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {34DD88D0-EA2D-49A8-A6FE-E28AE34B4B4F} - System32\Tasks\{432ADFD2-7C44-426B-ACB6-618817A5EC43} => C:\Program Files (x86)\ASCARON Entertainment\Anstoss 3\anstoss3.exe [2003-07-02] (ASCARON Software GmbH)
Task: {36FFC33D-D230-4581-B8B0-670368D03DD2} - System32\Tasks\{B4F40616-EBCA-492F-AB15-AD1BF0E473E7} => G:\Autorun.exe
Task: {3F790A0D-E446-4585-951A-E46F2DDE8CBD} - System32\Tasks\{D982940F-A6AE-410F-8751-377642DE442B} => G:\Run.EXE
Task: {40AB9C2A-FBDF-4E59-8C63-C31697F7E0BD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4DBFA6E7-6C0A-4433-BEFB-AC6A40805E9F} - System32\Tasks\{F149C798-3633-4502-9C1A-49ADE59F16F7} => C:\Program Files (x86)\ASCARON Entertainment\Anstoss 3\anstoss3.exe [2003-07-02] (ASCARON Software GmbH)
Task: {5A094BF3-DA5A-4461-B37A-5D6DD291EF36} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {793173F8-A379-4DA4-9595-23C0052052C6} - System32\Tasks\{584911E0-3058-4970-85CB-417B7D3D4D67} => G:\Autorun.exe
Task: {7F05D3C6-8FDB-44BC-9A7A-D835B124F008} - System32\Tasks\{9E535AC0-2FE0-40AA-88CA-A1A8E2A3932D} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {8085563E-707F-486B-841D-7BD7273A840B} - System32\Tasks\{A8D7645B-2A28-416A-8DEF-921695206A06} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {86AB55B5-4A42-46AB-9C9B-2B1727BF8AB3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {884260F4-AE00-457E-B02A-FF6B3FD10A80} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {90266ED1-80BF-4939-B6CA-99FA8D41B03E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Restart => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {91317E14-35F7-4AAF-9960-2904BED5BE2A} - System32\Tasks\{9DDA7528-4526-416A-9317-032E0B446969} => G:\Autorun.exe
Task: {9819D256-E3EF-496B-9BEC-FC7CF9E1A005} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-19] (Adobe Systems Incorporated)
Task: {983F3CA3-E63E-45D8-923A-A6547F421F05} - System32\Tasks\{62433C29-8D20-49C1-9830-ACB97E63F946} => C:\Users\**\Downloads\Web.EXE [2013-01-20] ()
Task: {9CADA944-05B9-451E-89CD-BE22609B3A6F} - System32\Tasks\{9B6198CF-46CF-45A9-AB27-9F2F8BAA4A62} => G:\Autorun.exe
Task: {A5B62E9D-1961-407C-8C12-FA8E3775C497} - System32\Tasks\{BDA512CD-3728-44E8-865B-C97995F96098} => G:\Autorun.exe
Task: {AC643865-7BED-4948-B9B1-97E978C31324} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {B1C9E923-66F4-4033-9146-7A9D5F2EBF61} - System32\Tasks\{A87CE0E8-714E-466E-B4E7-C55C3FB27DE2} => G:\Autorun.exe
Task: {C1307FBF-DBF5-4F0F-A5AD-E464F2BD93E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {D15EC214-5828-4FD7-BFF3-B76727221EB7} - System32\Tasks\{CB832584-F699-4A60-A1C0-376330FCCA89} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {D5632BA9-3FF5-4CB2-B81F-A8FCD94E986F} - System32\Tasks\{9661DF42-723F-499E-8186-A67E13E865F1} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {D814E471-E3C4-486B-9FFB-CD4997F48C40} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {D909A142-B583-445F-948C-3E034926785B} - System32\Tasks\{40DA9DB5-DB69-4E0E-AB48-7FC989FE0590} => G:\Run.EXE
Task: {DDF7196C-2EAA-492A-B640-FDBB4897091A} - System32\Tasks\{4CD4C0B0-E449-42D7-8847-5774944477A2} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {E755E7B3-C7AD-4582-A399-D442BBD0E932} - System32\Tasks\{2D54BE24-AA8C-4158-9D0A-871EF4DEB6FE} => C:\Users\**\Downloads\Web.EXE [2013-01-20] ()
Task: {EB6E65A6-D1FD-4882-A9BA-E08E9198F83E} - System32\Tasks\{BE5444FF-31A1-4CF8-9C1D-BB74BBB7F571} => G:\Run.EXE
Task: {F0840821-EF33-4E02-BF0D-C366D1E6B956} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14] (Google Inc.)
Task: {F5165A04-A9DD-4DEA-B93C-3C08F919C1D4} - System32\Tasks\{67695EDE-9506-4C3F-9DBF-C9E574D121BA} => G:\Autorun.exe
Task: {FD061F33-92F9-40D6-98A6-A96DC249192F} - System32\Tasks\{B644EF79-BE31-4397-A884-07B08E06D6C3} => G:\Run.EXE
Task: {FD881D04-07F6-4BAE-BBB8-9DD07D49CFE6} - System32\Tasks\{2DB988D8-23A1-43C7-8DF8-C6BA3D88A02B} => C:\Users\**\Downloads\web(1).exe [2013-01-20] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-07-30 04:39 - 2010-07-30 04:39 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-04-13 01:59 - 2010-04-13 01:59 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-05 12:57 - 2010-08-05 12:57 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-04-05 20:12 - 2010-04-05 20:12 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-04-05 20:11 - 2010-04-05 20:11 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-04-05 20:12 - 2010-04-05 20:12 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2012-12-01 15:49 - 2012-12-01 15:41 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 02126264 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 07422392 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 02453944 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 01270200 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 00192952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 00795064 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll
2013-11-09 16:35 - 2013-11-09 16:35 - 03368048 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/12/2013 02:36:34 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/12/2013 02:36:34 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/11/2013 05:42:59 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/11/2013 05:42:59 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/11/2013 05:42:46 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/11/2013 05:42:46 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/11/2013 05:42:42 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/11/2013 05:42:36 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/11/2013 05:37:18 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/11/2013 05:36:16 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (11/12/2013 02:50:41 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv07
Error: (11/12/2013 02:50:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/12/2013 02:44:03 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{B6191BF7-035A-4DDF-8874-F82B8BC6681C}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (11/12/2013 01:15:07 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv07
Error: (11/12/2013 01:14:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/10/2013 07:14:52 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (11/09/2013 04:40:38 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ELMOS_PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{B6191BF7-035A-4DDF-8874-F82B8BC6681C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (11/09/2013 03:35:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/09/2013 03:35:44 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht.
Error: (11/09/2013 03:34:13 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv07
Microsoft Office Sessions:
=========================
Error: (11/12/2013 02:36:34 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\**\Downloads\esetsmartinstaller_deu(1).exe
Error: (11/12/2013 02:36:34 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\**\Downloads\esetsmartinstaller_deu.exe
Error: (11/11/2013 05:42:59 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\**\downloads\esetsmartinstaller_deu.exe
Error: (11/11/2013 05:42:59 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\**\downloads\esetsmartinstaller_deu(1).exe
Error: (11/11/2013 05:42:46 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\**\downloads\esetsmartinstaller_deu.exe
Error: (11/11/2013 05:42:46 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\**\downloads\esetsmartinstaller_deu(1).exe
Error: (11/11/2013 05:42:42 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\**\downloads\esetsmartinstaller_deu(1).exe
Error: (11/11/2013 05:42:36 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\**\downloads\esetsmartinstaller_deu.exe
Error: (11/11/2013 05:37:18 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (11/11/2013 05:36:16 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
CodeIntegrity Errors:
===================================
Date: 2013-11-12 14:49:56.968
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-12 14:49:56.407
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-12 13:14:11.391
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-12 13:14:10.830
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-09 15:32:53.010
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-09 15:32:52.464
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-09 07:31:49.433
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-09 07:31:48.903
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-20 16:58:45.276
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-20 16:58:44.730
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 43%
Total physical RAM: 3836.56 MB
Available physical RAM: 2180.21 MB
Total Pagefile: 7671.3 MB
Available Pagefile: 5422.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:152.35 GB) (Free:53.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Volume) (Fixed) (Total:128.44 GB) (Free:28.18 GB) NTFS
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.94 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: CFA7A8FA)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=300 MB) - (Type=42)
Partition 3: (Not Active) - (Size=152 GB) - (Type=42)
Partition 4: (Not Active) - (Size=145 GB) - (Type=42)
==================== End Of Log ============================
|
|
13.11.2013, 08:59
| #4 |
| /// the machine /// TB-Ausbilder | Verdacht auf TR/Kazy und PUP "Downloadsponsor.A" hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.11.2013, 16:08
| #5 |
| | Verdacht auf TR/Kazy und PUP "Downloadsponsor.A" Hallo schrauber, eventuell hat das noch nicht richtig geklappt. Ich habe bei AntiVir alle drei Scanner deaktiviert (Häkchen war weg, Schirm zu), dennoch hat AntiVir zu Beginn des Scans von ComboFix gemeldet, dass es den Zugriff auf die Registrierung verhindert hätte. ComboFix selbst ist allerdings ohne Murren durchgelaufen. Muss ich es noch mal versuchen und etwas anders machen, oder ist das okay so? Als ComboFix fertig war und nach dem Reboot wollte AntiVir sich nicht starten lassen. Ich habe dann selbst noch mal neugebootet, jetzt ist es wieder aktiv. Ich füge mal den Scanlog an, in der Hoffnung, dass der Durchlauf so doch schon okay war: Code:
ATTFilter ComboFix 13-11-12.01 - ** 13.11.2013 15:30:02.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3837.2202 [GMT 1:00]
ausgeführt von:: c:\users\**\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vpnagent
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-10-13 bis 2013-11-13 ))))))))))))))))))))))))))))))
.
.
2013-11-12 13:37 . 2013-11-12 13:37 -------- d-----w- C:\FRST
2013-11-09 15:05 . 2013-11-09 15:05 -------- d-----w- c:\programdata\Kaspersky Lab
2013-11-09 15:05 . 2013-11-09 15:05 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2013-11-09 06:40 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68CF42B9-3C86-4B3E-8FD9-68FFD73BB444}\mpengine.dll
2013-10-20 14:51 . 2013-09-22 22:55 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-10-20 14:51 . 2013-09-22 22:54 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-10-20 14:51 . 2013-09-22 23:28 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-10-20 14:51 . 2013-09-22 22:55 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-10-20 14:51 . 2013-09-22 22:54 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-10-20 14:51 . 2013-09-22 22:54 19252224 ----a-w- c:\windows\system32\mshtml.dll
2013-10-19 19:05 . 2013-07-12 10:41 185344 ----a-w- c:\windows\system32\drivers\usbvideo.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-20 14:37 . 2011-05-07 18:25 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-19 20:07 . 2012-05-12 20:12 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-19 20:07 . 2011-06-30 21:35 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-18 18:38 . 2013-05-08 18:41 81112 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-09-18 18:38 . 2013-03-31 14:46 132088 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-09-18 18:38 . 2013-03-31 14:46 105344 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-09-03 12:35 . 2011-05-07 17:47 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 01:48 . 2013-10-19 19:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-12-07 202328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-05 98304]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-10-01 256056]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-18 347192]
"RUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
.
c:\users\Präsentation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys;c:\windows\SYSNATIVE\Drivers\MHIKEY10x64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3hub.sys [x]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3xhc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TTUSB2BDA_NTAMD64;TTUSB2BDA USB 2.0 Driver AMD64;c:\windows\system32\DRIVERS\ttusb2bda_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\ttusb2bda_amd64.sys [x]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys;c:\windows\SYSNATIVE\DRIVERS\vpcuxd.sys [x]
R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;d:\photoshopelements\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;d:\photoshopelements\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-19 19:07 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 20:07]
.
2013-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14 21:02]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14 21:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-11-13 489472]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\**\AppData\Roaming\Mozilla\Firefox\Profiles\8x945ige.default\
FF - prefs.js: browser.startup.homepage - www.spiegel.de
FF - user.js: general.useragent.extra.brc -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-BearPaw 1200CU Plus v1.0 - c:\progra~2\BEARPA~1\Driver\UNINST.EXE
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-11-13 15:49:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-11-13 14:49
.
Vor Suchlauf: 15 Verzeichnis(se), 56.910.274.560 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 58.806.951.936 Bytes frei
.
- - End Of File - - 2CAFE3266726154D102E3A8F1A5975FA
A36C5E4F47E84449FF07ED3517B43A31
|
|
14.11.2013, 09:15
| #6 |
| /// the machine /// TB-Ausbilder | Verdacht auf TR/Kazy und PUP "Downloadsponsor.A" Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Verdacht auf TR/Kazy und PUP "Downloadsponsor.A" |
|
14.11.2013, 18:16
| #7 |
| | Verdacht auf TR/Kazy und PUP "Downloadsponsor.A" Hi schrauber, ich muss nur noch das neue FRST-Log erstellen, allerdings werde ich jetzt beim Start des Programms gewarnt, dass es nicht zertifziert werden könne, und danach teilt FRST mir mit, dass ich eine veraltete Version verwenden würde und empfiehlt mir, die neue Version herunterzuladen. Wie soll ich hier vorgehen? Ach ja, und soll / kann ich die bei Avira in Quarantäne befindliche Datei, in der angeblich der Trojaner schlummert, von Avira löschen lassen, oder was soll hiermit passieren? Gruß, aethelstan |
|
15.11.2013, 12:03
| #8 |
| /// the machine /// TB-Ausbilder | Verdacht auf TR/Kazy und PUP "Downloadsponsor.A" Quarantäne kannste löschen. FRST updaten, er sollte dich autoamtisch zum Download bei BlepingComputer führen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.11.2013, 17:34
| #9 |
| | Verdacht auf TR/Kazy und PUP "Downloadsponsor.A" Hi schrauber, anscheinend hatte ich, nachdem ich die Datei wiederhergestellt hatte, um sie bei Virustotal hochzuladen, sie gar nicht wieder in Quarantäne genommen... :-/ Jedenfalls steht dort bei Avira nichts mehr. An ihrem Ursprungsort ist sie aber auch nicht mehr, und Avira meldet sich auch nicht mehr, weder der Echtzeit-Guard, noch der Scan, den ich gestern mal gemacht habe. Ich hoffe, der Bösewicht ist also unschädlich gemacht? Liegt / lag denn ein größeres Problem vor, so dass ich Passwörter etc. besser ändern sollte? Ach ja, und noch eine Frage: Nach dem Combofix-Durchlauf waren zeitweilig die Items in der Taskleiste falsch und ließen sich tlw. auch nicht korrigieren. Inzwischen scheint wieder alles okay zu sein. Das ist hoffentlich auch nichts Bedenkliches gewesen? Ansonsten dann jetzt hier die diversen Logfiles: Malwarebytes hat nichts mehr gefunden: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.14.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16736 ** :: NOTEBOOK [Administrator] 14.11.2013 15:38:33 mbam-log-2013-11-14 (15-38-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 561954 Laufzeit: 2 Stunde(n), 3 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.012 - Bericht erstellt am 14/11/2013 um 17:49:07
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ** - NOTEBOOK
# Gestartet von : C:\Users\**\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\**\AppData\Roaming\Mozilla\Firefox\Profiles\8x945ige.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16736
-\\ Mozilla Firefox v25.0 (de)
[ Datei : C:\Users\**\AppData\Roaming\Mozilla\Firefox\Profiles\8x945ige.default\prefs.js ]
[ Datei : C:\Users\Präsentation\AppData\Roaming\Mozilla\Firefox\Profiles\6a6we80f.default\prefs.js ]
-\\ Google Chrome v30.0.1599.101
[ Datei : C:\Users\**\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1793 octets] - [14/11/2013 17:47:47]
AdwCleaner[S0].txt - [1660 octets] - [14/11/2013 17:49:07]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1720 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by ** on 14.11.2013 at 17:58:53,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{006A47AA-5154-48E2-8326-F0633069C4D3}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{006D19C3-AEBF-4343-B66B-EE929FC459F9}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{0161BB29-CCDE-4CAA-A7CB-F91BE6A3C881}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{016467CA-FED4-4248-880C-842743FE027A}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{01BD71E8-A648-4BAC-96A2-9814B1246E99}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{02E791DA-4250-4D31-94C7-A6F9D2E98F44}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{031C1AC3-9881-409A-BB7F-6C534784D8A1}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{03B25AE5-62F7-4676-BC45-F19E017676EF}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{056D6712-D6F6-4395-BBD6-7A269911D11A}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{0579BF27-0A36-46F9-B267-7E829A614950}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{068B8CD0-0BC1-4760-8011-0269D1C588CF}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{0BAC39F0-12B5-400F-AAFC-3FF1E1C0F1B6}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{0BB2E70B-D797-4A1F-92DE-38E489D9A03E}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{0BD1C885-DD8C-4046-8FE0-8F10F52F94A5}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{0CC60239-F201-42E9-B445-A32262BCD343}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{0D1F471C-E1C0-4D92-93CC-BE0B67633CBD}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{10F9E8EF-462C-48AB-9CA1-BF96A751F2D8}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{1116648A-C8DC-4395-B30A-85E8E309897C}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{1365C44D-1D88-4FC4-B2CE-3BCEED075865}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{13A6A502-31E8-417F-B52F-2A96446BCDB1}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{152A34EA-7282-42F1-A7EC-D764BB47C05C}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{15E25FDB-1B68-4F87-B400-B8A033580A10}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{1658A67C-F196-4473-B714-833C168D4D8C}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{173897D4-C01B-41B7-ACCA-A30686BBE02A}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{17BCB87F-0DF4-4BC6-8860-4FAE1355F28A}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{17CBB8DE-9AC8-4D6E-A92B-C2684BF856F5}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{199917B5-88A1-459D-A779-27983A2F54EC}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{1A102236-8781-456F-AE3E-EB438D8D8C06}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{1A2F38E5-F481-441D-BEBB-8C3AC44AEE24}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{1A85D8A4-C4DB-4060-8F63-33D2CC2A0284}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{1B243000-EF9C-421C-BDA1-4F761726025B}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{1C01DD29-2639-4F16-9C77-8F8B719B1413}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{1C3A65B5-8E55-4C78-9852-21AD832B4120}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{1C459325-AFF3-42D8-B535-46DB31A40F39}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{1C5F25BA-BFF1-46A9-BC02-56774A4973CF}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{2048AF05-71C4-4311-AFA5-BB0A21B981E6}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{2163B279-6EAF-4A52-95B8-EFB47EBAF070}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{21954805-C0E0-4978-9ECE-83A20627CCC4}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{21EABC72-B199-4375-BA67-A3CFD109C301}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{21F659B3-E2D5-49C2-9291-D71E87AAB3CA}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{227F4F30-5A48-42F9-B1CE-6444D06F4F24}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{228406C6-FD2E-4011-81C5-604A4FEEAAF9}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{2298E504-7303-4E1D-90A8-6BECF6068920}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{22E370FF-1A5B-4246-82E9-B1DA00E17B9E}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{23F72814-2EEB-4E2A-9262-4081A632D0A7}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{26131EBD-8DE0-4521-A4C1-8E6C53B556B8}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{26612F8B-0B44-4074-856C-94E361E9B8E5}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{26D730FA-0BC0-4B50-BF5C-B9D1E307768B}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{27E18C6E-A55A-45F6-A408-DF19D3A98160}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{27FD247B-C9C8-48FA-8C40-7678D045AF87}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{287F4783-F6DF-4B29-B76C-D14BBBADBA57}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{29CD900E-35F5-4793-9A26-F49EC0380ABB}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{2A4C551A-5078-405C-948E-C485DAE434C3}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{2AA1B42F-C036-4DA4-99BD-BDE72DA90ABF}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{2B00E696-19A2-4A86-A58F-D474AB37C36F}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{2BE9FB8D-5D4B-4E88-9445-5E1C72C1F369}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{2C98FC1D-66AF-4FEF-A5E6-F11DBFE3448C}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{2CC7F30A-2C01-4E69-B75B-B7A03329C390}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{2CCE75F6-0B5A-45F2-AA53-6D15F071E0C9}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{2D0631A1-CCB7-4241-9DB4-0E8A7C627B86}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{2EB58B1D-56D2-4A2B-B1E5-71F511F3AD56}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{2EC8E759-90F2-4287-8C95-900C422B34D3}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{2F283E06-A078-41DF-B4E2-B016591B9C80}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{2F57A137-6C6E-45F5-8EE0-60F9A2FA9C27}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{2F6E79AF-3582-457F-9607-7DA895469D66}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{2FC7094D-BDDC-4DE4-A490-515426A0958B}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{3056D991-C44F-4CBF-BAFC-DC22F53B4C25}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{31827AD9-5841-4889-A49B-BCCD4DCE6346}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{31AD47FC-2DA7-4C0E-8C8F-12DEAA539313}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{31F15543-C325-4634-B62D-0F3A350AAB63}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{326379CB-9199-487C-9948-C8937B06D752}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{331C1E1C-AB1B-49AF-81B3-BB3A41B82D96}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{3339C27B-36BF-4DB9-BEE6-A0BFE0C90B19}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{3344505D-E163-45B8-981F-5B59170AA334}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{33765640-6572-4DFA-976A-C1A0FD556568}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{343F5539-3F00-490F-9655-18FCB7CAB6CE}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{35D2F4C4-C4B2-4F6E-9E24-C9118BF983FE}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{36485FF8-B735-42EC-B6C3-662879A292F7}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{368A7D84-1AA2-4F01-A85F-18C7C1DF7B09}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{37420859-EA5D-4FBD-B46F-87AC2F9A6D23}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{37F9E6A2-3993-4A3E-82FD-B3379B1F4A00}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{38AA7CB2-9487-47CB-9FC9-9093713E2F33}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{38E65C26-A4F6-4315-B794-7FC52CD1D189}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{392E6790-711F-4F87-B6DB-F50EBDBB1729}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{3A917AD3-9445-4437-8F4C-7EA802C9FC18}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{3CCBB5F5-D7D0-434E-8CE9-7EE6BC029EB2}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{3D9C891F-A9F4-47EA-A22C-51B7DCD7FE13}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{3EB33283-E95D-4E53-A263-B2DB59F996F6}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{3ECCEAD8-6381-4ED5-ACF8-09591702F60D}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{3F2C3E7A-12DB-41BC-A759-28DB6181FD40}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{3F4DE0DD-CE70-4C73-8DA1-BD02E139CE59}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{4487DBC3-A5A0-4900-AE00-E7EB41735FE5}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{4501C518-5204-4899-8221-06D1D8475B54}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{45069C98-C343-45C6-90DB-459326C493D4}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{469F28EE-41F6-429A-B54D-9CE4F62E266D}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{47E53CAB-ECE9-47B8-A0C0-0E5BEF183A5A}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{49785A61-9249-4AB1-8BFD-D5D8268B6B5F}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{4B76CAA5-AF85-4818-A184-684714FF490B}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{4CB2C292-7ACF-41AA-82ED-9DD62166EDFD}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{4F18CAD5-BBE7-4224-8697-4EF4DA6BC804}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{4F269592-E8FE-4B15-B281-FF336645A97D}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{4F77605B-7616-4554-9D8C-45694227A529}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{51517736-EF07-4F8A-8762-D542D3B20F31}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{52FCCFDF-323C-4ED2-A3E0-92C64DAA033B}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{534B60B2-274A-400A-822C-CEE1E5014D96}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{54238A95-EAB2-4B9C-94F6-3059216B1838}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{549F311C-6BBF-4047-8703-400697460804}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{54EE5F2D-8129-4747-B591-19AC63E36FFB}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{55102C74-3D08-4816-AB7B-B9E7957F1D65}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{557BD9D2-B957-4414-B6FF-AF6EF6B12727}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{572E91D9-47AF-4E76-9791-34E45F377C17}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{57A8DB90-894B-4E04-973B-E518AC247B62}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{57D0858A-F592-4852-8EAC-20E1307180CB}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{57FB3119-3285-4F49-818F-F84941FACEB1}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{588F62A6-6F71-428B-9719-A83C1C50AFF5}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{5A60CA6F-56A4-4A2C-A0FE-5637C3DCA62B}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{5C5F6F8B-D81B-4B7D-8C2C-D172DEEE3144}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{5CA270DF-C8B8-4BF9-8ABF-8F35B8826823}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{5CA74C5C-B1AE-4564-AE1C-310E38F7B58F}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{5DFC41EC-638D-48AE-9A69-03997749C7AF}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{5E0AF10B-E881-48DA-93BB-B2AC72B82D8C}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{5ED2B759-CE2D-4074-9C55-9D630CCC05D7}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{6062865B-EE62-4DFA-9470-6C26447CAD0B}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{60C09F8B-75D7-4A2A-8904-17405F826183}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{61632505-63E3-4D19-90BC-9BB00D37436C}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{6187EE05-EC9C-4723-93EE-B2330873B036}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{62D1E47B-CE57-4733-BEB4-C773FA5C7B0F}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{64B02375-B800-428C-8B44-FAA0E64C2893}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{64C71F06-9493-4239-B58A-DBF13A7107C8}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{64FA8848-4523-477C-83B7-BD0F2161CA9E}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{66EF7401-0DBB-453B-A2FA-F0A61F3D1BAB}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{680562CE-AD76-470C-947C-04744C691E68}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{6B0179DE-AAFA-4B97-9BA2-7D1F2F16E58E}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{6B8F0E15-6BE8-4C45-9696-7D156D3086FD}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{6C7D6CA6-51E5-44A4-91F3-2A16561F9E32}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{6E6F8336-FA52-4710-A002-9E94A8FFDD65}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{702239D6-6BD5-4D93-963B-72B88B4D2268}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{70ADB69F-6A96-4254-9681-C4EBDCF89FCD}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{72BA54A4-3EA1-493B-8915-33C3C21BA325}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{73EB38B4-77B7-4A82-B469-26C6F7107067}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{744A9256-2D5D-4E0D-83CF-98BA8829EB6D}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{7457AE0F-C2FB-4DD4-B83F-920845A6B2E9}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{746E032B-BA75-496E-B4D8-F9B4BD2CE500}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{76731263-CB6E-432D-B30C-764598725A54}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{76A3049E-0C55-4AA9-8965-F681FE8AFD23}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{776425E8-0AB9-4005-80F7-8ABD4BFDC324}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{787A7963-8B9C-4E3A-9E9C-33F962156E9F}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{79C61B3E-680B-4B6A-B808-DB4349F2AFD1}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{7A4BADD2-1B2A-45DB-9289-D604ADEAF0C5}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{7C5860EB-F7AD-424F-8F9A-706492275E69}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{7C655C16-D61A-4D11-BDB3-A01A36ACC502}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{7CEB0C85-0B70-46AB-A4AC-9C57CF929182}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{7DE6D902-245E-43B6-BF63-2592B937D133}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{7E072ABA-670B-4B65-8D2C-13986D7FA4B7}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{7F583669-F178-46A3-AB92-511D53E30E62}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{7F75E6FD-FC93-4764-AE8D-5466A4B56693}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{7F872368-49B3-4517-B9B7-A8893E5FBA6D}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{80B1F182-3369-4AF1-9D04-EF501310D9EC}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{80CCB455-49ED-41AF-8448-F18B72277979}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{80D7FAE7-D35F-490D-B77E-7E16B5722151}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{80EBB6DF-D996-42F9-B765-B27DED9D4CA0}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{82E1F3D4-953A-4197-A3C4-69426D336CFC}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{8335984E-4318-4B5A-A2D7-4476D3748F4B}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{8458B0E9-CF5B-4E63-BFF6-51DF6D132191}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{84F8C1B7-75BF-48FE-B4E9-60498BF2156B}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{8521FB36-A9D9-411B-926D-E3F0C1DB9CFB}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{8862D304-30B4-47C7-8772-7DE7B2CB3FD6}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{88B8EF6C-9855-488D-A911-2CBB34D83F38}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{8A9E3C5B-C253-4A30-B1F6-829A83ED5FBD}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{8BF37A6D-0180-46ED-896A-D52C9046E81C}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{8C2D4EF9-DFF0-4DAB-85CF-86D489A9D2C9}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{8C8F0865-F945-4A49-B7AB-022DB3402A83}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{8DFFA09C-51A6-4754-953B-442D18F51DA6}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{8E7ACBA0-CDFC-40A7-8018-2C913ACDE614}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{8F162EA2-2E0F-4717-8F8B-0D2C35B721B9}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{8F3D89D7-1F34-43C4-8764-79689A9D4E77}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{8FF5BFCC-363E-4A37-AD62-3103D86B9369}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{9054A3C2-3A20-43DB-B8BA-77EA4DDE5B9C}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{907BBB32-C7B2-4E50-9FFF-09FE7EF56BDA}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{90B58099-81D9-42B8-B557-777742B61818}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{93D3E110-4DF6-43E7-B6C0-F30F5601CF69}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{95FBEB04-2168-457C-B9B0-72D47BED58D6}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{972ABD58-F413-47D6-8C9E-28D31079CF47}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{973DA806-D630-41E6-A267-EF312CF90661}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{983F9582-2716-435A-855B-AF53C6210D90}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{9B25F9DE-B310-454A-B3DC-D1236A711860}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{9CA08A5B-95BD-4675-B540-A3C0BE1295B7}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{9DB39537-BC46-4435-8F60-B61290FAEFC3}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{9DF52DD3-E243-4B2D-9C59-F5851E0E1415}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{9ED5BFED-C7BB-490C-B7B2-C2218B64B7F4}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{9FB5DD2A-FCC5-4827-8755-E5E39503A3D7}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{A0053FDD-9EC8-46C2-981A-05CF78F890B7}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{A25DDEEA-FA37-4C9A-8F30-6ACC50E76230}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{A32B4ACB-48C6-4796-A14B-FDA49644F266}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{A4CE0D03-A43E-4E84-AF4F-9EDC49179E5F}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{A4E53FD0-FFB1-4F15-9557-58777B968D37}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{A4E66AD7-C146-4CDB-959F-6875313EA5E4}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{A56B7727-A332-40A2-AC90-9DDD58820502}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{A575C7FC-359F-4952-9749-44C7D3F4F514}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{A8036BE2-5AC0-45C2-B543-C21946615F41}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{AA34C7E2-770D-49D9-BCFB-BF05335C679E}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{AB5F55A5-8BD0-4C81-8844-E61C4EE7D11E}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{AB7AD101-65E9-4A94-BC1B-4CF867E2D829}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{AC66BD27-A4FF-403F-8A0D-06473EB27C42}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{ACE42313-A3D3-4068-A24E-1E27616EE473}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{AD660CEA-ADA2-495E-8EA0-DA1C2B583E63}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{AE94FE1C-AF44-4986-A8E5-E869E69CC0A9}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{AF71EFA5-9BAA-46F5-90EA-6F55B764CBF4}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{AF7814A1-CAFF-4547-A502-2F901F1A4138}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{AF96669B-FBC6-4A7D-B777-C6DAF719F259}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{B07A286F-2551-401B-9158-076D27C6FE56}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{B0CA1CE4-8C72-4898-BA07-454ECD4FB579}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{B129C0A3-3692-412B-8746-0EF26BA262D8}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{B198E357-834C-4B8D-9144-A2A85AFC3DC3}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{B230E136-48BF-4529-906E-C39AB2841F36}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{B6674418-CEF2-4E85-8525-A13F5CC65763}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{B6A19CDC-9E2A-405A-A9C8-86C0273851DE}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{B70CB04A-5A16-46FE-942E-FF4CC901EE5E}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{B7165A74-0F07-45AB-9EF4-C24915CF3E0F}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{B7AAABC0-74C2-44C8-865B-DA8ADDAA91E7}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{B92B9C67-7782-4F8C-8BE1-22BD836B2FB9}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{B99BEAB4-4315-45F9-8085-CF35D7A61D1B}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{BAAE7785-7C93-486B-B7FF-ADBC3AAC1A29}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{BC800D73-87D9-43B6-8D08-1F12C79D4508}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{BC8280B0-A1FF-4FD6-B073-055FDCBBC6EA}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{BC90A0E1-C760-421E-9FDB-7D19DFDDC9BD}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{C0748229-D805-493D-8911-405D0B36BC31}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{C0B85D0A-267F-4A60-B326-B76700594C22}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{C1D3DC26-5CA1-4EB4-87B0-156344187731}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{C685B8CC-67B6-4403-871F-D17739B64398}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{C6EDB21E-B985-4894-9155-BD53721E9ECD}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{C89C055E-0CBD-42DB-B66E-ED1FD480F5CF}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{C8B76780-7FE0-4B12-B78E-23CD0BABA942}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{C91B9460-4527-48F0-986C-303FCAEFAD80}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{C9DB6D58-821A-4568-8457-B782D56F20C8}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{CAD64F09-E560-4F79-A956-C73D0DB80D2F}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{CC0E005F-1AA8-44A3-A820-8EB1E7EFFE45}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{CD0CB723-5FE5-4E1D-B5A7-26EA6C344F97}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{CEABB302-964F-4240-9888-A2680C2496F5}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{CEC80F66-3834-4757-A867-4CE2E72BF635}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{CF08E121-E484-4BFC-9B55-AFADC8D773E3}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{CFAD6D73-4482-4005-AFF3-EA596D3D774C}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{CFD89F08-431C-4003-B6A6-8101D4B36D7F}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{D1567965-12BE-45FF-9945-F0B1A17F60E6}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{D24B22DD-ADC3-47E1-8FA8-6527B399DF9A}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{D2DCB869-2E41-448D-A4DD-0690C93FA624}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{D3856021-281A-4AC2-BAD1-90205BFDCDD5}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{D4455A2A-C411-42A2-B0E2-821D24E4B559}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{D4A6AED7-1E2C-4EB6-9FF8-334E881D8EB8}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{D5B04DC7-3692-42A6-8BB8-EF95EFD8EFEF}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{D62597E3-DE61-4DE2-BCAF-521DAB5D47E8}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{D68880A6-9D8A-44A6-9184-172E889E2136}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{D6A68533-33DA-4C47-B65E-E74E30622F75}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{D76BA353-A456-4822-9EB5-6C636812DABF}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{D9CE4AD0-AB35-4C18-8A64-AD4CD2A7B5CE}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{DA3F708D-2F2A-486D-936E-CC80F6F52E71}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{DBD4D791-8765-42DA-A9AC-7F0F26BAD970}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{DBDE21B1-74D0-4B96-A49A-A8070082C366}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{DC5C8156-C201-4837-855A-58D7A5743912}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{DCEAB2D0-87F4-4384-9CA2-287464C32156}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{DD1FA0A2-8D18-42DB-8555-D5D74179C54A}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{DDEAC8F8-C873-43B8-A0A7-630A51E46C75}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{DE44FDB6-8274-468A-BF13-DDAC91F64B02}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{DFE20BDB-A941-44C9-9685-DCEDC053F257}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{E16F9E9F-FC3B-4022-ABF5-ABA3164CA603}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{E18FD15B-B215-417B-B7CF-370ADD96338E}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{E29CD09F-0220-4B47-B8F0-0EC8D75C8BEA}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{E33677BF-37C3-4F34-A6AE-F99BD9F7AF0B}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{E3B95950-C27C-43AB-AF59-ADBA7CF97079}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{E49A872C-1093-4426-B441-FE9D785CB2BC}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{E4D6D50B-5EF5-4561-8BE0-EB94EBC1D50C}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{E54CA9B3-F084-4EBF-876B-D71AECEBABEA}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{E5A60F3E-E6EA-4806-853E-B54D6A4E316D}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{E5B4EC33-6285-4B9F-8AC4-C790745C80EA}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{E630674A-A479-4F90-93B8-8F7750D72875}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{E761C705-FC9B-45F3-88D7-0B2047A4F606}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{E8C45278-FA5A-4930-9353-B3C7293C86FE}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{E9167B3B-51B5-4241-B84F-4487372F325F}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{E92EB225-F27D-4CCF-B68F-DF21014437B9}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{EBD4405C-98A5-4BD3-B66A-805E65394C5C}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{EC3A0CBD-6B4E-45AA-874C-ADD05C2434DB}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{EC63E2B7-A29F-47ED-9EF1-C89DB89C62C1}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{ED87F8EF-791C-4075-92E6-461869821041}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{EEC95F0B-6C25-4EFF-9A88-57C7A9DFEB75}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{F0D64F85-D3FC-4283-80BD-FD1D378094A3}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{F21CD732-692A-49A9-8687-FE12C6342BF1}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{F4C2F7F8-5407-429F-B148-BE29098B458F}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{F72444F2-DEA5-4C66-80EF-FBEAA1938CB0}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{F73E3400-0568-4B48-B378-AA7F83B93A53}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{F98EBD47-C4D8-4596-B0B6-8B56DF845E0E}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{FA8CC632-B57A-4734-9CA6-786A6271B796}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{FAFD9CBA-383B-43A2-9474-5E6839D33704}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{FB2F26D0-61CB-42E2-8F5F-4A3765ABEEA3}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{FC2EB7B5-06A0-4085-9879-594DFDE5E14F}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{FCDFF507-CF4F-4B92-9DAA-DDA619EE039C}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{FD3FFEA0-C896-4514-BF8B-95B199ED19E5}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{FD7E107D-33B9-4108-992F-C591E320E6A6}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{FE0D4562-9968-4C0F-B2D4-4D8E8E6F8C74}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{FF9BD669-DC22-48F2-9289-33877FEDD6A6}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{FFDDD573-8215-4030-99AD-C1B578048B7C}
Successfully deleted: [Empty Folder] C:\Users\**\appdata\local\{FFE35488-B77B-4BBA-AADB-54AFB8EBE505}
~~~ FireFox
Emptied folder: C:\Users\**\AppData\Roaming\mozilla\firefox\profiles\8x945ige.default\minidumps [87 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.11.2013 at 18:07:24,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by ** (administrator) on NOTEBOOK on 15-11-2013 17:10:02
Running from C:\Users\**\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) D:\PhotoshopElements\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-11-13] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKCU\...\Run: [KSS] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex [829832 2013-10-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [RUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKU\Präsentation\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-03-04] (Hewlett-Packard Company)
HKU\Präsentation\...\Run: [Akamai NetSession Interface] - C:\Users\Präsentation\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
Startup: C:\Users\Präsentation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {F9A0E60D-A3FA-4869-9472-C1CCA6CE3F8E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {F9A0E60D-A3FA-4869-9472-C1CCA6CE3F8E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\**\AppData\Roaming\Mozilla\Firefox\Profiles\8x945ige.default
FF Homepage: www.spiegel.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Bitdefender QuickScan - C:\Users\**\AppData\Roaming\Mozilla\Firefox\Profiles\8x945ige.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Adblock Plus - C:\Users\**\AppData\Roaming\Mozilla\Firefox\Profiles\8x945ige.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Chrome In-App Payments service) - C:\Users\THOMAS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor9.0; D:\PhotoshopElements\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-18] (Avira Operations GmbH & Co. KG)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-11] (PDF Complete Inc)
S2 SeaPort; "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [x]
==================== Drivers (Whitelisted) ====================
S1 acedrv07; C:\windows\system32\drivers\acedrv07.sys [125440 2012-08-08] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-31] (Avira Operations GmbH & Co. KG)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [96384 2010-05-21] (Realtek Semiconductor Corp.)
S3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
S3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 TTUSB2BDA_NTAMD64; C:\Windows\System32\DRIVERS\ttusb2bda_amd64.sys [746400 2008-07-07] (TechnoTrend AG)
S3 GT680x; System32\Drivers\gt680x.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-15 17:10 - 2013-11-15 17:10 - 00015299 _____ C:\Users\**\Desktop\FRST.txt
2013-11-15 17:09 - 2013-11-15 17:09 - 01957794 _____ (Farbar) C:\Users\**\Desktop\FRST64.exe
2013-11-15 07:18 - 2013-11-15 09:18 - 104371820 _____ C:\windows\SysWOW64\宾흯ང™
2013-11-14 18:11 - 2013-11-14 17:54 - 00001743 _____ C:\Users\**\Desktop\AdwCleaner[S0].txt
2013-11-14 18:07 - 2013-11-14 18:07 - 00035695 _____ C:\Users\**\Desktop\JRT.txt
2013-11-14 17:58 - 2013-11-14 17:58 - 00000000 ____D C:\windows\ERUNT
2013-11-14 17:57 - 2013-11-14 17:58 - 01034531 _____ (Thisisu) C:\Users\**\Downloads\JRT.exe
2013-11-14 17:55 - 2013-11-14 17:57 - 01034531 _____ (Thisisu) C:\Users\**\Desktop\JRT.exe
2013-11-14 17:47 - 2013-11-14 17:49 - 00000000 ____D C:\AdwCleaner
2013-11-14 17:46 - 2013-11-14 17:46 - 01085542 _____ C:\Users\**\Desktop\adwcleaner.exe
2013-11-14 17:45 - 2013-11-14 17:45 - 00016287 _____ C:\Users\**\Desktop\QiriZls0.htm
2013-11-14 09:56 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-11-14 09:56 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-14 09:56 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-11-14 09:56 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2013-11-14 09:56 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 03:09 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-14 03:09 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-14 03:09 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-14 03:09 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-14 03:09 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-14 03:09 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-14 03:09 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-14 03:09 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-14 03:09 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-14 03:09 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-14 03:09 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-14 03:09 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-14 03:09 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-14 03:09 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-14 03:09 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-14 03:09 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-14 03:09 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-14 03:09 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-14 03:09 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-14 03:09 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 16:03 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-13 16:03 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-13 16:03 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 16:03 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-11-13 16:03 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-13 16:03 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 16:03 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-11-13 16:03 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2013-11-13 16:03 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-13 16:02 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-13 16:02 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-11-13 16:02 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-11-13 16:02 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-11-13 16:02 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-11-13 16:02 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-11-13 16:02 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-11-13 16:02 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-13 16:02 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-11-13 16:02 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-11-13 16:02 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2013-11-13 16:02 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-13 16:02 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2013-11-13 16:02 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2013-11-13 16:02 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-11-13 16:02 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2013-11-13 15:49 - 2013-11-13 15:49 - 00018993 _____ C:\ComboFix.txt
2013-11-13 15:24 - 2013-11-13 15:49 - 00000000 ____D C:\Qoobox
2013-11-13 15:24 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2013-11-13 15:24 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2013-11-13 15:24 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-11-13 15:24 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-11-13 15:24 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-11-13 15:24 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2013-11-13 15:24 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2013-11-13 15:24 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2013-11-13 15:23 - 2013-11-13 15:48 - 00000000 ____D C:\windows\erdnt
2013-11-13 15:21 - 2013-11-13 15:22 - 05147957 ____R (Swearware) C:\Users\**\Desktop\ComboFix.exe
2013-11-12 14:37 - 2013-11-12 14:37 - 00000000 ____D C:\FRST
2013-11-09 18:39 - 2013-11-09 18:40 - 02347384 _____ (ESET) C:\Users\**\Downloads\esetsmartinstaller_deu(1).exe
2013-11-09 18:36 - 2013-11-09 18:36 - 02347384 _____ (ESET) C:\Users\**\Downloads\esetsmartinstaller_deu.exe
2013-11-09 16:35 - 2013-11-09 18:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-09 16:06 - 2013-11-09 16:06 - 00001077 _____ C:\Users\**\Desktop\Kaspersky Security Scan.lnk
2013-11-09 16:06 - 2013-11-09 16:06 - 00000000 ____D C:\Users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2013-11-09 16:05 - 2013-11-09 16:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-09 16:05 - 2013-11-09 16:05 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-11-09 16:03 - 2013-11-09 16:03 - 00179984 _____ (Kaspersky Lab) C:\Users\**\Downloads\kss12.0.1.117mlg_en-de_ru-de_fr-de_de-de.exe
2013-11-09 16:01 - 2013-11-09 16:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\**\Downloads\HiJackThis204(2).exe
2013-10-19 20:06 - 2013-08-29 02:29 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbser.sys
2013-10-19 20:06 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-10-19 20:06 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2013-10-19 20:06 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-10-19 20:06 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2013-10-19 20:06 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2013-10-19 20:06 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2013-10-19 20:06 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-10-19 20:06 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2013-10-19 20:06 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2013-10-19 20:06 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2013-10-19 20:06 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-10-19 20:06 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2013-10-19 20:06 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2013-10-19 20:05 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-10-19 20:05 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2013-10-19 20:05 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2013-10-19 20:05 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-10-19 20:05 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-10-19 20:05 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2013-10-19 20:05 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-10-19 20:05 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2013-10-19 20:05 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-10-19 20:05 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-10-19 20:05 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-10-19 20:05 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2013-10-19 20:05 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-10-19 20:05 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2013-10-19 20:05 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-10-19 20:05 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-10-19 20:05 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-10-19 20:05 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-10-19 20:05 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-10-19 20:05 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2013-10-19 20:05 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-10-19 20:05 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-19 20:05 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-19 20:05 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2013-10-19 20:05 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2013-10-19 20:05 - 2013-07-12 11:40 - 00109824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBAUDIO.sys
2013-10-19 20:05 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2013-10-19 20:05 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2013-10-19 20:05 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2013-10-19 20:05 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2013-10-19 20:05 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2013-10-19 20:05 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-10-19 20:05 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
==================== One Month Modified Files and Folders =======
2013-11-15 17:10 - 2013-11-15 17:10 - 00015299 _____ C:\Users\**\Desktop\FRST.txt
2013-11-15 17:09 - 2013-11-15 17:09 - 01957794 _____ (Farbar) C:\Users\**\Desktop\FRST64.exe
2013-11-15 17:07 - 2012-05-12 21:13 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-15 17:00 - 2011-01-18 21:18 - 01934233 _____ C:\windows\WindowsUpdate.log
2013-11-15 16:54 - 2011-08-14 22:02 - 00001128 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-15 16:12 - 2011-08-14 22:02 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-15 09:18 - 2013-11-15 07:18 - 104371820 _____ C:\windows\SysWOW64\宾흯ང™
2013-11-15 03:23 - 2009-07-14 05:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-15 03:23 - 2009-07-14 05:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-15 03:17 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-15 03:17 - 2009-07-14 05:51 - 00098775 _____ C:\windows\setupact.log
2013-11-14 22:35 - 2010-12-10 01:16 - 00656746 _____ C:\windows\system32\perfh007.dat
2013-11-14 22:35 - 2010-12-10 01:16 - 00131088 _____ C:\windows\system32\perfc007.dat
2013-11-14 22:35 - 2009-07-14 06:13 - 01500294 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-14 18:07 - 2013-11-14 18:07 - 00035695 _____ C:\Users\**\Desktop\JRT.txt
2013-11-14 17:58 - 2013-11-14 17:58 - 00000000 ____D C:\windows\ERUNT
2013-11-14 17:58 - 2013-11-14 17:57 - 01034531 _____ (Thisisu) C:\Users\**\Downloads\JRT.exe
2013-11-14 17:57 - 2013-11-14 17:55 - 01034531 _____ (Thisisu) C:\Users\**\Desktop\JRT.exe
2013-11-14 17:54 - 2013-11-14 18:11 - 00001743 _____ C:\Users\**\Desktop\AdwCleaner[S0].txt
2013-11-14 17:49 - 2013-11-14 17:47 - 00000000 ____D C:\AdwCleaner
2013-11-14 17:46 - 2013-11-14 17:46 - 01085542 _____ C:\Users\**\Desktop\adwcleaner.exe
2013-11-14 17:46 - 2012-05-05 21:40 - 00000000 ____D C:\Users\**\AppData\Roaming\QuickScan
2013-11-14 17:45 - 2013-11-14 17:45 - 00016287 _____ C:\Users\**\Desktop\QiriZls0.htm
2013-11-14 04:05 - 2011-05-08 02:28 - 00000000 ____D C:\windows\rescache
2013-11-14 03:08 - 2013-08-26 22:58 - 00000000 ____D C:\windows\system32\MRT
2013-11-14 03:00 - 2011-05-07 19:25 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-13 15:49 - 2013-11-13 15:49 - 00018993 _____ C:\ComboFix.txt
2013-11-13 15:49 - 2013-11-13 15:24 - 00000000 ____D C:\Qoobox
2013-11-13 15:49 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-11-13 15:48 - 2013-11-13 15:23 - 00000000 ____D C:\windows\erdnt
2013-11-13 15:44 - 2009-07-14 03:34 - 00000215 _____ C:\windows\system.ini
2013-11-13 15:43 - 2011-05-08 02:23 - 00389074 _____ C:\windows\PFRO.log
2013-11-13 15:42 - 2009-07-14 03:34 - 77332480 _____ C:\windows\system32\config\SOFTWARE.bak
2013-11-13 15:42 - 2009-07-14 03:34 - 20971520 _____ C:\windows\system32\config\SYSTEM.bak
2013-11-13 15:42 - 2009-07-14 03:34 - 01048576 _____ C:\windows\system32\config\DEFAULT.bak
2013-11-13 15:42 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\SECURITY.bak
2013-11-13 15:42 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\SAM.bak
2013-11-13 15:22 - 2013-11-13 15:21 - 05147957 ____R (Swearware) C:\Users\**\Desktop\ComboFix.exe
2013-11-12 14:37 - 2013-11-12 14:37 - 00000000 ____D C:\FRST
2013-11-12 13:14 - 2012-05-05 21:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-12 03:11 - 2012-10-21 20:58 - 00000000 ____D C:\Users\**\AppData\Roaming\Spotify
2013-11-11 15:26 - 2012-10-21 20:59 - 00000000 ____D C:\Users\**\AppData\Local\Spotify
2013-11-10 14:56 - 2011-05-17 17:23 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2013-11-10 14:56 - 2011-05-12 20:06 - 00000000 ____D C:\Users\**\AppData\Roaming\ICQ
2013-11-10 14:55 - 2011-10-23 21:45 - 00000000 _____ C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-09 18:40 - 2013-11-09 18:39 - 02347384 _____ (ESET) C:\Users\**\Downloads\esetsmartinstaller_deu(1).exe
2013-11-09 18:38 - 2013-11-09 16:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-09 18:36 - 2013-11-09 18:36 - 02347384 _____ (ESET) C:\Users\**\Downloads\esetsmartinstaller_deu.exe
2013-11-09 16:06 - 2013-11-09 16:06 - 00001077 _____ C:\Users\**\Desktop\Kaspersky Security Scan.lnk
2013-11-09 16:06 - 2013-11-09 16:06 - 00000000 ____D C:\Users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2013-11-09 16:05 - 2013-11-09 16:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-09 16:05 - 2013-11-09 16:05 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-11-09 16:03 - 2013-11-09 16:03 - 00179984 _____ (Kaspersky Lab) C:\Users\**\Downloads\kss12.0.1.117mlg_en-de_ru-de_fr-de_de-de.exe
2013-11-09 16:01 - 2013-11-09 16:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\**\Downloads\HiJackThis204(2).exe
2013-11-09 16:01 - 2013-04-08 20:27 - 00010780 _____ C:\Users\**\Downloads\hijackthis.log
2013-10-20 16:27 - 2011-05-07 20:31 - 00000000 ____D C:\Users\**\AppData\Local\Mozilla
2013-10-20 15:59 - 2009-07-14 05:45 - 00300480 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-20 15:55 - 2013-04-01 00:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-20 15:50 - 2013-04-01 00:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-20 15:32 - 2013-09-26 18:10 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-19 21:07 - 2012-05-12 21:13 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-10-19 21:07 - 2012-05-12 21:12 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-10-19 21:07 - 2011-06-30 22:35 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-19 20:11 - 2013-09-28 12:09 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-19 19:49 - 2011-08-14 22:02 - 00004124 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-19 19:49 - 2011-08-14 22:02 - 00003872 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-19 00:38 - 2012-08-05 04:40 - 00394626 _____ C:\temp.raw
Files to move or delete:
====================
C:\Users\**\lame.exe
C:\Users\**\lame_enc.dll
Some content of TEMP:
====================
C:\Users\**\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-11 05:32
==================== End Of Log ============================
--- --- --- Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2013
Ran by ** at 2013-11-15 17:10:57
Running from C:\Users\**\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 1.5.3.9130)
Adobe Community Help (x32 Version: 3.2.1)
Adobe Community Help (x32 Version: 3.2.1.650)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Photoshop Elements 9 (x32 Version: 9.0)
Adobe Reader XI (11.0.02) - Deutsch (x32 Version: 11.0.02)
Akamai NetSession Interface Service (x32)
Amazon MP3-Downloader 1.0.9 (x32)
ANSTOSS 2007 (Version 7.1.0.5) (x32 Version: 7.1.0.5)
ANSTOSS 3 (x32)
Apple Software Update (x32 Version: 2.1.3.127)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.16.1.0)
ATI Catalyst Install Manager (Version: 3.0.778.0)
Audacity 1.2.6 (x32)
Avira Antivirus Premium (x32 Version: 13.0.0.4052)
BearPaw 1200CU Plus v1.0 (x32)
Birth of the Federation (x32)
Broadcom 2070 Bluetooth 3.0 (Version: 6.3.0.6300)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)
calibre 64bit (Version: 0.9.25)
Call of Duty - United Offensive (x32 Version: 1.00.0000)
Call of Duty (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center InstallProxy (x32 Version: 2010.0805.358.5180)
Catalyst Control Center Localization All (x32 Version: 2010.0805.358.5180)
CCC Help Chinese Standard (x32 Version: 2010.0805.0357.5180)
CCC Help Chinese Traditional (x32 Version: 2010.0805.0357.5180)
CCC Help Czech (x32 Version: 2010.0805.0357.5180)
CCC Help Danish (x32 Version: 2010.0805.0357.5180)
CCC Help Dutch (x32 Version: 2010.0805.0357.5180)
CCC Help English (x32 Version: 2010.0805.0357.5180)
CCC Help Finnish (x32 Version: 2010.0805.0357.5180)
CCC Help French (x32 Version: 2010.0805.0357.5180)
CCC Help German (x32 Version: 2010.0805.0357.5180)
CCC Help Greek (x32 Version: 2010.0805.0357.5180)
CCC Help Hungarian (x32 Version: 2010.0805.0357.5180)
CCC Help Italian (x32 Version: 2010.0805.0357.5180)
CCC Help Japanese (x32 Version: 2010.0805.0357.5180)
CCC Help Korean (x32 Version: 2010.0805.0357.5180)
CCC Help Norwegian (x32 Version: 2010.0805.0357.5180)
CCC Help Polish (x32 Version: 2010.0805.0357.5180)
CCC Help Portuguese (x32 Version: 2010.0805.0357.5180)
CCC Help Russian (x32 Version: 2010.0805.0357.5180)
CCC Help Spanish (x32 Version: 2010.0805.0357.5180)
CCC Help Swedish (x32 Version: 2010.0805.0357.5180)
CCC Help Thai (x32 Version: 2010.0805.0357.5180)
CCC Help Turkish (x32 Version: 2010.0805.0357.5180)
ccc-core-static (x32 Version: 2010.0805.358.5180)
ccc-utility64 (Version: 2010.0805.358.5180)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.5080)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.5080)
Corel Home Office - CS Templates (x32 Version: 5.6.5)
Corel Home Office - CT Templates (x32 Version: 5.6.5)
Corel Home Office - IPM (x32 Version: 5.6.5)
Corel Home Office - JP Templates (x32 Version: 5.6.5)
Corel Home Office - KR Templates (x32 Version: 5.6.5)
Corel Home Office - Launcher (x32 Version: 5.6.5)
Corel Home Office - Templates RU (x32 Version: 5.6.5)
Corel Home Office - Templates1 (x32 Version: 5.6.5)
Corel Home Office (x32 Version: 5.0.87.621)
Corel Home Office (x32 Version: 5.6.5)
D3DX10 (x32 Version: 15.4.2368.0902)
DHTML Editing Component (x32 Version: 6.02.0001)
Earth 2160 (x32)
Elements 9 Organizer (x32 Version: 9.0)
Elements STI Installer (x32 Version: 1.0)
Energy Star Digital Logo (x32 Version: 1.0.1)
ESET Online Scanner v3 (x32)
Europa Universalis III (x32)
Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1)
FTL: Faster Than Light (x32)
Galactic Civilizations I: Ultimate Edition (x32)
Garmin Training Center (x32 Version: 3.4.5)
Garmin USB Drivers (x32 Version: 2.3.0.0)
GOG.com Planescape Torment
Google Chrome (x32 Version: 30.0.1599.101)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
Gothic 2 Gold (x32 Version: 1.0.0)
Hearts of Iron III (x32)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.5.0.0)
HP ESU for Microsoft Windows 7 (x32 Version: 1.1.8.1)
HP HotKey Support (Version: 4.0.3.1)
HP Product Detection (x32 Version: 10.7.9.0)
HP Setup (x32 Version: 8.5.4371.3505)
HP SoftPaq Download Manager (x32 Version: 3.0.5.0)
HP Software Framework (x32 Version: 4.1.13.1)
HP Software Setup (x32 Version: 7.0.1.6)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Web Camera (Version: 1.0.0)
HP Webcam (x32 Version: 1.0.25.0)
HP Wireless Assistant (Version: 4.0.6.0)
ICQ 7.7 Build #6547 Banner Remover 1.0 (x32)
ICQ7.7 (x32 Version: 7.7)
IDT Audio (x32 Version: 1.0.6300.0)
Jagged Alliance 2 - Wildfire (x32)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kaspersky Security Scan (x32 Version: 12.0.1.340)
KKND2 Krossfire (x32 Version: 2.0.0.7)
Leviathan: Warships (x32)
LightScribe System Software (x32 Version: 1.18.22.2)
LSI HDA Modem (Version: 2.2.98)
Making History: The Calm & The Storm (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.7015.1000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.126.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 25.0 (x86 de) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MPC-HC 1.6.6.6957 (3975d54) (64-bit) (Version: 1.6.6.6957)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nokia Connectivity Cable Driver (x32 Version: 7.1.45.0)
Nokia Ovi Suite (x32 Version: 3.1.1.90)
Nokia Ovi Suite Software Updater (x32 Version: 02.07.004.45780)
Norton Online Backup (x32 Version: 2.0.0.34)
NVIDIA PhysX (x32 Version: 9.10.0222)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Opera 12.00 (x32 Version: 12.00.1467)
Ovi Desktop Sync Engine (x32 Version: 1.5.266.0)
OviMPlatform (x32 Version: 2.7.72.0)
Paint.NET v3.5.10 (Version: 3.60.0)
PC Connectivity Solution (x32 Version: 11.4.21.0)
PDF Complete Special Edition (x32 Version: 4.0.64)
Planescape Torment (x32 Version: 2.0.0.8)
PlayReady PC Runtime amd64 (Version: 1.3.0)
R.U.S.E (x32)
Realtek Ethernet Controller All-In-One Windows Driver (x32 Version: 1.12.0011)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0)
Robin Hood (x32)
Roxio Activation Module (x32 Version: 1.0)
Roxio Creator Audio (x32 Version: 3.8.0)
Roxio Creator Business (x32 Version: 10.3.56.21)
Roxio Creator Business v10 (x32 Version: 3.8.0)
Roxio Creator Copy (x32 Version: 3.8.0)
Roxio Creator Data (x32 Version: 3.8.0)
Roxio Creator Tools (x32 Version: 3.8.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Safari (x32 Version: 5.34.57.2)
Sid Meier's Civilization V (x32)
SportTracks 2.1 (x32 Version: 2.1.3478)
Spotify (HKCU Version: 0.9.1.53.g876fa9df)
Star Wars: Knights of the Old Republic (x32)
Steam (x32 Version: 1.0.0.0)
SymSilent (x32)
Synaptics Pointing Device Driver (Version: 15.0.24.0)
Turbo Lister 2 (x32 Version: 2.00.0000)
Ubuntu (x32 Version: 12.10-rev273)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Uplink (x32)
USB2.0 UVC 1.3M WebCam (x32 Version: 6.1.7600.0049)
VLC media player 2.0.6 (Version: 2.0.6)
Windows 7 Default Setting (x32 Version: 1.0.1.7)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinZip 14.5 (x32 Version: 14.5.9095)
==================== Restore Points =========================
15-11-2013 02:53:57 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1331D776-F82A-497C-A715-5A445B667E3A} - System32\Tasks\{446A4079-CD1A-4C2B-8804-6991F040C60B} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {1A95656B-2DD3-4953-8E7C-6B850D43DA48} - System32\Tasks\AdobeAAMUpdater-1.0-Notebook-** => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {2491F0CA-34A8-4A5B-9790-B83F8C0F9D12} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14] (Google Inc.)
Task: {2A662C67-5C2C-4D24-91F2-41CB17D86870} - System32\Tasks\{B4CF0EF0-E790-4843-84E2-8FEF16F9E8FC} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {2FF2C6DF-F3AE-4632-90B8-05A1D617898B} - System32\Tasks\{299A06CD-D1FD-47DE-91C5-8DDBD6A8A2C0} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {34DD88D0-EA2D-49A8-A6FE-E28AE34B4B4F} - System32\Tasks\{432ADFD2-7C44-426B-ACB6-618817A5EC43} => C:\Program Files (x86)\ASCARON Entertainment\Anstoss 3\anstoss3.exe [2003-07-02] (ASCARON Software GmbH)
Task: {36FFC33D-D230-4581-B8B0-670368D03DD2} - System32\Tasks\{B4F40616-EBCA-492F-AB15-AD1BF0E473E7} => G:\Autorun.exe
Task: {3F790A0D-E446-4585-951A-E46F2DDE8CBD} - System32\Tasks\{D982940F-A6AE-410F-8751-377642DE442B} => G:\Run.EXE
Task: {40AB9C2A-FBDF-4E59-8C63-C31697F7E0BD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4DBFA6E7-6C0A-4433-BEFB-AC6A40805E9F} - System32\Tasks\{F149C798-3633-4502-9C1A-49ADE59F16F7} => C:\Program Files (x86)\ASCARON Entertainment\Anstoss 3\anstoss3.exe [2003-07-02] (ASCARON Software GmbH)
Task: {5A094BF3-DA5A-4461-B37A-5D6DD291EF36} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {793173F8-A379-4DA4-9595-23C0052052C6} - System32\Tasks\{584911E0-3058-4970-85CB-417B7D3D4D67} => G:\Autorun.exe
Task: {7F05D3C6-8FDB-44BC-9A7A-D835B124F008} - System32\Tasks\{9E535AC0-2FE0-40AA-88CA-A1A8E2A3932D} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {8085563E-707F-486B-841D-7BD7273A840B} - System32\Tasks\{A8D7645B-2A28-416A-8DEF-921695206A06} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {86AB55B5-4A42-46AB-9C9B-2B1727BF8AB3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {884260F4-AE00-457E-B02A-FF6B3FD10A80} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {90266ED1-80BF-4939-B6CA-99FA8D41B03E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Restart => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {91317E14-35F7-4AAF-9960-2904BED5BE2A} - System32\Tasks\{9DDA7528-4526-416A-9317-032E0B446969} => G:\Autorun.exe
Task: {9819D256-E3EF-496B-9BEC-FC7CF9E1A005} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-19] (Adobe Systems Incorporated)
Task: {983F3CA3-E63E-45D8-923A-A6547F421F05} - System32\Tasks\{62433C29-8D20-49C1-9830-ACB97E63F946} => C:\Users\**\Downloads\Web.EXE [2013-01-20] ()
Task: {9CADA944-05B9-451E-89CD-BE22609B3A6F} - System32\Tasks\{9B6198CF-46CF-45A9-AB27-9F2F8BAA4A62} => G:\Autorun.exe
Task: {A5B62E9D-1961-407C-8C12-FA8E3775C497} - System32\Tasks\{BDA512CD-3728-44E8-865B-C97995F96098} => G:\Autorun.exe
Task: {AC643865-7BED-4948-B9B1-97E978C31324} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {B1C9E923-66F4-4033-9146-7A9D5F2EBF61} - System32\Tasks\{A87CE0E8-714E-466E-B4E7-C55C3FB27DE2} => G:\Autorun.exe
Task: {C1307FBF-DBF5-4F0F-A5AD-E464F2BD93E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {D15EC214-5828-4FD7-BFF3-B76727221EB7} - System32\Tasks\{CB832584-F699-4A60-A1C0-376330FCCA89} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {D5632BA9-3FF5-4CB2-B81F-A8FCD94E986F} - System32\Tasks\{9661DF42-723F-499E-8186-A67E13E865F1} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {D814E471-E3C4-486B-9FFB-CD4997F48C40} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {D909A142-B583-445F-948C-3E034926785B} - System32\Tasks\{40DA9DB5-DB69-4E0E-AB48-7FC989FE0590} => G:\Run.EXE
Task: {DDF7196C-2EAA-492A-B640-FDBB4897091A} - System32\Tasks\{4CD4C0B0-E449-42D7-8847-5774944477A2} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {E755E7B3-C7AD-4582-A399-D442BBD0E932} - System32\Tasks\{2D54BE24-AA8C-4158-9D0A-871EF4DEB6FE} => C:\Users\**\Downloads\Web.EXE [2013-01-20] ()
Task: {EB6E65A6-D1FD-4882-A9BA-E08E9198F83E} - System32\Tasks\{BE5444FF-31A1-4CF8-9C1D-BB74BBB7F571} => G:\Run.EXE
Task: {F0840821-EF33-4E02-BF0D-C366D1E6B956} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14] (Google Inc.)
Task: {F5165A04-A9DD-4DEA-B93C-3C08F919C1D4} - System32\Tasks\{67695EDE-9506-4C3F-9DBF-C9E574D121BA} => G:\Autorun.exe
Task: {FD061F33-92F9-40D6-98A6-A96DC249192F} - System32\Tasks\{B644EF79-BE31-4397-A884-07B08E06D6C3} => G:\Run.EXE
Task: {FD881D04-07F6-4BAE-BBB8-9DD07D49CFE6} - System32\Tasks\{2DB988D8-23A1-43C7-8DF8-C6BA3D88A02B} => C:\Users\**\Downloads\web(1).exe [2013-01-20] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-07-30 04:39 - 2010-07-30 04:39 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-04-13 01:59 - 2010-04-13 01:59 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-05 12:57 - 2010-08-05 12:57 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-04-05 20:11 - 2010-04-05 20:11 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-04-05 20:12 - 2010-04-05 20:12 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-04-05 20:12 - 2010-04-05 20:12 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2012-12-01 15:49 - 2012-12-01 15:41 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 02126264 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 07422392 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 02453944 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 01270200 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 00192952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 00795064 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/15/2013 05:09:38 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/15/2013 05:09:37 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/15/2013 00:33:23 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/15/2013 00:32:55 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (11/15/2013 03:17:56 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv07
Error: (11/15/2013 03:17:25 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/14/2013 10:30:41 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv07
Error: (11/14/2013 10:29:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/14/2013 06:47:32 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ELMOS_PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{B6191BF7-035A-4DDF-8874-F82B8BC6681C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Microsoft Office Sessions:
=========================
Error: (11/15/2013 05:09:38 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\**\Downloads\esetsmartinstaller_deu.exe
Error: (11/15/2013 05:09:37 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\**\Downloads\esetsmartinstaller_deu(1).exe
Error: (11/15/2013 00:33:23 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (11/15/2013 00:32:55 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
CodeIntegrity Errors:
===================================
Date: 2013-11-15 03:17:12.355
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-15 03:17:11.794
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-14 22:29:15.638
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-14 22:29:15.045
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-14 17:51:10.308
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-14 17:51:09.747
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-14 03:27:36.074
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-14 03:27:35.513
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-13 15:57:20.762
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-13 15:57:20.185
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 43%
Total physical RAM: 3836.56 MB
Available physical RAM: 2182.11 MB
Total Pagefile: 7671.3 MB
Available Pagefile: 5444.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:152.35 GB) (Free:54.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Volume) (Fixed) (Total:128.44 GB) (Free:28.18 GB) NTFS
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.94 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: CFA7A8FA)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=300 MB) - (Type=42)
Partition 3: (Not Active) - (Size=152 GB) - (Type=42)
Partition 4: (Not Active) - (Size=145 GB) - (Type=42)
==================== End Of Log ============================
|
|
16.11.2013, 12:19
| #10 |
| /// the machine /// TB-Ausbilder | Verdacht auf TR/Kazy und PUP "Downloadsponsor.A"ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.11.2013, 18:43
| #11 |
| | Verdacht auf TR/Kazy und PUP "Downloadsponsor.A" Hi schrauber, hier die Logs: Eset findet nur noch die Installationsdatei vom ICQ Banner Remover - soll ich den Download-Ordner einfach löschen, damit das auch weg ist? (Am Anfang stehen offenbar die früheren Scan-Ergebnisse.) Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=97775de5363cdf489bb392ebd571b13d
# engine=15820
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-10 02:20:12
# local_time=2013-11-10 03:20:12 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 113965 135723062 0 0
# scanned=39396
# found=0
# cleaned=0
# scan_time=74250
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=97775de5363cdf489bb392ebd571b13d
# engine=15826
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-10 04:55:01
# local_time=2013-11-10 05:55:01 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 123254 135732351 0 0
# scanned=35593
# found=0
# cleaned=0
# scan_time=9093
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=97775de5363cdf489bb392ebd571b13d
# engine=15826
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-10 09:21:38
# local_time=2013-11-10 10:21:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 139251 135748348 0 0
# scanned=199460
# found=2
# cleaned=0
# scan_time=15895
sh=823F2CEB59C0D4B65100794C48BF73630AFEA6EE ft=1 fh=de19e72c36c6fde8 vn="Variante von Win32/DownloadSponsor.A Anwendung" ac=I fn="C:\Users\**\AppData\Local\Temp\OCS\ocs_v6.exe"
sh=532D94B32FD0CB0AB49CCD1C9A684651A368762B ft=1 fh=77b6701407383e8e vn="Variante von Win32/DownloadSponsor.A Anwendung" ac=I fn="C:\Users\**\Downloads\ICQ_7.7_Build__6547_Banner_Remover_1.0_Setup.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=97775de5363cdf489bb392ebd571b13d
# engine=15829
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-11 04:04:34
# local_time=2013-11-11 05:04:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 163427 135772524 0 0
# scanned=332297
# found=2
# cleaned=0
# scan_time=24020
sh=823F2CEB59C0D4B65100794C48BF73630AFEA6EE ft=1 fh=de19e72c36c6fde8 vn="Variante von Win32/DownloadSponsor.A Anwendung" ac=I fn="C:\Users\**\AppData\Local\Temp\OCS\ocs_v6.exe"
sh=532D94B32FD0CB0AB49CCD1C9A684651A368762B ft=1 fh=77b6701407383e8e vn="Variante von Win32/DownloadSponsor.A Anwendung" ac=I fn="C:\Users\**\Downloads\ICQ_7.7_Build__6547_Banner_Remover_1.0_Setup.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=97775de5363cdf489bb392ebd571b13d
# engine=15910
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-16 05:23:41
# local_time=2013-11-16 06:23:41 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 12375 136252471 0 0
# scanned=317028
# found=1
# cleaned=0
# scan_time=11687
sh=532D94B32FD0CB0AB49CCD1C9A684651A368762B ft=1 fh=77b6701407383e8e vn="a variant of Win32/DownloadSponsor.A application" ac=I fn="C:\Users\**\Downloads\ICQ_7.7_Build__6547_Banner_Remover_1.0_Setup.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.9.900.117 Adobe Reader XI Mozilla Firefox (25.0) Mozilla Thunderbird (17.0.8) Google Chrome 29.0.1547.76 Google Chrome 30.0.1599.101 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by ** (administrator) on NOTEBOOK on 16-11-2013 18:33:36
Running from C:\Users\**\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) D:\PhotoshopElements\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-11-13] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKCU\...\Run: [KSS] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [RUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKU\Präsentation\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-03-04] (Hewlett-Packard Company)
HKU\Präsentation\...\Run: [Akamai NetSession Interface] - C:\Users\Präsentation\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
Startup: C:\Users\Präsentation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {F9A0E60D-A3FA-4869-9472-C1CCA6CE3F8E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {F9A0E60D-A3FA-4869-9472-C1CCA6CE3F8E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\**\AppData\Roaming\Mozilla\Firefox\Profiles\8x945ige.default
FF Homepage: www.spiegel.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Bitdefender QuickScan - C:\Users\**\AppData\Roaming\Mozilla\Firefox\Profiles\8x945ige.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Adblock Plus - C:\Users\**\AppData\Roaming\Mozilla\Firefox\Profiles\8x945ige.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Chrome In-App Payments service) - C:\Users\THOMAS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor9.0; D:\PhotoshopElements\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-18] (Avira Operations GmbH & Co. KG)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-11] (PDF Complete Inc)
S2 SeaPort; "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [x]
==================== Drivers (Whitelisted) ====================
S1 acedrv07; C:\windows\system32\drivers\acedrv07.sys [125440 2012-08-08] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-31] (Avira Operations GmbH & Co. KG)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [96384 2010-05-21] (Realtek Semiconductor Corp.)
S3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
S3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 TTUSB2BDA_NTAMD64; C:\Windows\System32\DRIVERS\ttusb2bda_amd64.sys [746400 2008-07-07] (TechnoTrend AG)
S3 GT680x; System32\Drivers\gt680x.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-16 18:33 - 2013-11-16 18:34 - 00015048 _____ C:\Users\**\Desktop\FRST.txt
2013-11-16 18:32 - 2013-11-16 18:32 - 00000885 _____ C:\Users\**\Desktop\checkup.txt
2013-11-16 18:29 - 2013-11-16 18:29 - 00891184 _____ C:\Users\**\Desktop\SecurityCheck.exe
2013-11-16 16:46 - 2013-11-16 16:46 - 104559818 _____ C:\windows\SysWOW64\蠤ང‡
2013-11-16 15:01 - 2013-11-16 15:01 - 02347384 _____ (ESET) C:\Users\**\Downloads\esetsmartinstaller_enu.exe
2013-11-15 17:09 - 2013-11-15 17:09 - 01957794 _____ (Farbar) C:\Users\**\Desktop\FRST64.exe
2013-11-15 17:00 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-11-15 17:00 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-11-15 17:00 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-11-15 17:00 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-11-15 17:00 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-11-15 17:00 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2013-11-15 17:00 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-11-14 18:11 - 2013-11-14 17:54 - 00001743 _____ C:\Users\**\Desktop\AdwCleaner[S0].txt
2013-11-14 18:07 - 2013-11-14 18:07 - 00035695 _____ C:\Users\**\Desktop\JRT.txt
2013-11-14 17:58 - 2013-11-14 17:58 - 00000000 ____D C:\windows\ERUNT
2013-11-14 17:57 - 2013-11-14 17:58 - 01034531 _____ (Thisisu) C:\Users\**\Downloads\JRT.exe
2013-11-14 17:55 - 2013-11-14 17:57 - 01034531 _____ (Thisisu) C:\Users\**\Desktop\JRT.exe
2013-11-14 17:47 - 2013-11-14 17:49 - 00000000 ____D C:\AdwCleaner
2013-11-14 17:46 - 2013-11-14 17:46 - 01085542 _____ C:\Users\**\Desktop\adwcleaner.exe
2013-11-14 17:45 - 2013-11-14 17:45 - 00016287 _____ C:\Users\**\Desktop\QiriZls0.htm
2013-11-14 09:56 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-11-14 09:56 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-14 09:56 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-11-14 09:56 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2013-11-14 09:56 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 03:09 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-14 03:09 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-14 03:09 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-14 03:09 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-14 03:09 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-14 03:09 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-14 03:09 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-14 03:09 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-14 03:09 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-14 03:09 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-14 03:09 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-14 03:09 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-14 03:09 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-14 03:09 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-14 03:09 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-14 03:09 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-14 03:09 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-14 03:09 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-14 03:09 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-14 03:09 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-14 03:09 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 16:03 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-13 16:03 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-13 16:03 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 16:03 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-11-13 16:03 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-13 16:03 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 16:03 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-11-13 16:03 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2013-11-13 16:03 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-13 16:02 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-13 16:02 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-11-13 16:02 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-11-13 16:02 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-11-13 16:02 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-11-13 16:02 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-11-13 16:02 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-11-13 16:02 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-13 16:02 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-11-13 16:02 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-11-13 16:02 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2013-11-13 16:02 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-13 16:02 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2013-11-13 16:02 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2013-11-13 16:02 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-11-13 16:02 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2013-11-13 15:49 - 2013-11-13 15:49 - 00018993 _____ C:\ComboFix.txt
2013-11-13 15:24 - 2013-11-13 15:49 - 00000000 ____D C:\Qoobox
2013-11-13 15:24 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2013-11-13 15:24 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2013-11-13 15:24 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-11-13 15:24 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-11-13 15:24 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-11-13 15:24 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2013-11-13 15:24 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2013-11-13 15:24 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2013-11-13 15:23 - 2013-11-13 15:48 - 00000000 ____D C:\windows\erdnt
2013-11-13 15:21 - 2013-11-13 15:22 - 05147957 ____R (Swearware) C:\Users\**\Desktop\ComboFix.exe
2013-11-12 14:37 - 2013-11-12 14:37 - 00000000 ____D C:\FRST
2013-11-09 18:39 - 2013-11-09 18:40 - 02347384 _____ (ESET) C:\Users\**\Downloads\esetsmartinstaller_deu(1).exe
2013-11-09 18:36 - 2013-11-09 18:36 - 02347384 _____ (ESET) C:\Users\**\Downloads\esetsmartinstaller_deu.exe
2013-11-09 16:35 - 2013-11-16 15:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-09 16:06 - 2013-11-09 16:06 - 00001077 _____ C:\Users\**\Desktop\Kaspersky Security Scan.lnk
2013-11-09 16:06 - 2013-11-09 16:06 - 00000000 ____D C:\Users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2013-11-09 16:05 - 2013-11-09 16:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-09 16:05 - 2013-11-09 16:05 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-11-09 16:03 - 2013-11-09 16:03 - 00179984 _____ (Kaspersky Lab) C:\Users\**\Downloads\kss12.0.1.117mlg_en-de_ru-de_fr-de_de-de.exe
2013-11-09 16:01 - 2013-11-09 16:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\**\Downloads\HiJackThis204(2).exe
2013-10-19 20:06 - 2013-08-29 02:29 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbser.sys
2013-10-19 20:06 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-10-19 20:06 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2013-10-19 20:06 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-10-19 20:06 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2013-10-19 20:06 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2013-10-19 20:06 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2013-10-19 20:06 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-10-19 20:06 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2013-10-19 20:06 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2013-10-19 20:06 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2013-10-19 20:06 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-10-19 20:06 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2013-10-19 20:06 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2013-10-19 20:05 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-10-19 20:05 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2013-10-19 20:05 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2013-10-19 20:05 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-10-19 20:05 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-10-19 20:05 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2013-10-19 20:05 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-10-19 20:05 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2013-10-19 20:05 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-10-19 20:05 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-10-19 20:05 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-10-19 20:05 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2013-10-19 20:05 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-10-19 20:05 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2013-10-19 20:05 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-10-19 20:05 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-10-19 20:05 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-10-19 20:05 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-10-19 20:05 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-10-19 20:05 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2013-10-19 20:05 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-10-19 20:05 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-19 20:05 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-19 20:05 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2013-10-19 20:05 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2013-10-19 20:05 - 2013-07-12 11:40 - 00109824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBAUDIO.sys
2013-10-19 20:05 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2013-10-19 20:05 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2013-10-19 20:05 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2013-10-19 20:05 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2013-10-19 20:05 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2013-10-19 20:05 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-10-19 20:05 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
==================== One Month Modified Files and Folders =======
2013-11-16 18:34 - 2013-11-16 18:33 - 00015048 _____ C:\Users\**\Desktop\FRST.txt
2013-11-16 18:33 - 2011-01-18 21:18 - 02045999 _____ C:\windows\WindowsUpdate.log
2013-11-16 18:32 - 2013-11-16 18:32 - 00000885 _____ C:\Users\**\Desktop\checkup.txt
2013-11-16 18:29 - 2013-11-16 18:29 - 00891184 _____ C:\Users\**\Desktop\SecurityCheck.exe
2013-11-16 18:07 - 2012-05-12 21:13 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-16 17:54 - 2011-08-14 22:02 - 00001128 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-16 16:46 - 2013-11-16 16:46 - 104559818 _____ C:\windows\SysWOW64\蠤ང‡
2013-11-16 15:12 - 2013-11-09 16:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 15:01 - 2013-11-16 15:01 - 02347384 _____ (ESET) C:\Users\**\Downloads\esetsmartinstaller_enu.exe
2013-11-16 15:01 - 2011-05-14 18:43 - 00000000 ____D C:\Users\**\AppData\Local\Adobe
2013-11-16 14:58 - 2012-05-12 21:13 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-11-16 14:57 - 2012-05-12 21:12 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-11-16 14:57 - 2011-06-30 22:35 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-16 14:57 - 2009-07-14 05:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-16 14:57 - 2009-07-14 05:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-16 14:55 - 2011-08-14 22:02 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-16 14:48 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-16 14:48 - 2009-07-14 05:51 - 00098887 _____ C:\windows\setupact.log
2013-11-15 17:09 - 2013-11-15 17:09 - 01957794 _____ (Farbar) C:\Users\**\Desktop\FRST64.exe
2013-11-14 22:35 - 2010-12-10 01:16 - 00656746 _____ C:\windows\system32\perfh007.dat
2013-11-14 22:35 - 2010-12-10 01:16 - 00131088 _____ C:\windows\system32\perfc007.dat
2013-11-14 22:35 - 2009-07-14 06:13 - 01500294 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-14 18:07 - 2013-11-14 18:07 - 00035695 _____ C:\Users\**\Desktop\JRT.txt
2013-11-14 17:58 - 2013-11-14 17:58 - 00000000 ____D C:\windows\ERUNT
2013-11-14 17:58 - 2013-11-14 17:57 - 01034531 _____ (Thisisu) C:\Users\**\Downloads\JRT.exe
2013-11-14 17:57 - 2013-11-14 17:55 - 01034531 _____ (Thisisu) C:\Users\**\Desktop\JRT.exe
2013-11-14 17:54 - 2013-11-14 18:11 - 00001743 _____ C:\Users\**\Desktop\AdwCleaner[S0].txt
2013-11-14 17:49 - 2013-11-14 17:47 - 00000000 ____D C:\AdwCleaner
2013-11-14 17:46 - 2013-11-14 17:46 - 01085542 _____ C:\Users\**\Desktop\adwcleaner.exe
2013-11-14 17:46 - 2012-05-05 21:40 - 00000000 ____D C:\Users\**\AppData\Roaming\QuickScan
2013-11-14 17:45 - 2013-11-14 17:45 - 00016287 _____ C:\Users\**\Desktop\QiriZls0.htm
2013-11-14 04:05 - 2011-05-08 02:28 - 00000000 ____D C:\windows\rescache
2013-11-14 03:08 - 2013-08-26 22:58 - 00000000 ____D C:\windows\system32\MRT
2013-11-14 03:00 - 2011-05-07 19:25 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-13 15:49 - 2013-11-13 15:49 - 00018993 _____ C:\ComboFix.txt
2013-11-13 15:49 - 2013-11-13 15:24 - 00000000 ____D C:\Qoobox
2013-11-13 15:49 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-11-13 15:48 - 2013-11-13 15:23 - 00000000 ____D C:\windows\erdnt
2013-11-13 15:44 - 2009-07-14 03:34 - 00000215 _____ C:\windows\system.ini
2013-11-13 15:43 - 2011-05-08 02:23 - 00389074 _____ C:\windows\PFRO.log
2013-11-13 15:42 - 2009-07-14 03:34 - 77332480 _____ C:\windows\system32\config\SOFTWARE.bak
2013-11-13 15:42 - 2009-07-14 03:34 - 20971520 _____ C:\windows\system32\config\SYSTEM.bak
2013-11-13 15:42 - 2009-07-14 03:34 - 01048576 _____ C:\windows\system32\config\DEFAULT.bak
2013-11-13 15:42 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\SECURITY.bak
2013-11-13 15:42 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\SAM.bak
2013-11-13 15:22 - 2013-11-13 15:21 - 05147957 ____R (Swearware) C:\Users\**\Desktop\ComboFix.exe
2013-11-12 14:37 - 2013-11-12 14:37 - 00000000 ____D C:\FRST
2013-11-12 13:14 - 2012-05-05 21:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-12 03:11 - 2012-10-21 20:58 - 00000000 ____D C:\Users\**\AppData\Roaming\Spotify
2013-11-11 15:26 - 2012-10-21 20:59 - 00000000 ____D C:\Users\**\AppData\Local\Spotify
2013-11-10 14:56 - 2011-05-17 17:23 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2013-11-10 14:56 - 2011-05-12 20:06 - 00000000 ____D C:\Users\**\AppData\Roaming\ICQ
2013-11-10 14:55 - 2011-10-23 21:45 - 00000000 _____ C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-09 18:40 - 2013-11-09 18:39 - 02347384 _____ (ESET) C:\Users\**\Downloads\esetsmartinstaller_deu(1).exe
2013-11-09 18:36 - 2013-11-09 18:36 - 02347384 _____ (ESET) C:\Users\**\Downloads\esetsmartinstaller_deu.exe
2013-11-09 16:06 - 2013-11-09 16:06 - 00001077 _____ C:\Users\**\Desktop\Kaspersky Security Scan.lnk
2013-11-09 16:06 - 2013-11-09 16:06 - 00000000 ____D C:\Users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2013-11-09 16:05 - 2013-11-09 16:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-09 16:05 - 2013-11-09 16:05 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-11-09 16:03 - 2013-11-09 16:03 - 00179984 _____ (Kaspersky Lab) C:\Users\**\Downloads\kss12.0.1.117mlg_en-de_ru-de_fr-de_de-de.exe
2013-11-09 16:01 - 2013-11-09 16:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\**\Downloads\HiJackThis204(2).exe
2013-11-09 16:01 - 2013-04-08 20:27 - 00010780 _____ C:\Users\**\Downloads\hijackthis.log
2013-10-20 16:27 - 2011-05-07 20:31 - 00000000 ____D C:\Users\**\AppData\Local\Mozilla
2013-10-20 15:59 - 2009-07-14 05:45 - 00300480 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-20 15:55 - 2013-04-01 00:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-20 15:50 - 2013-04-01 00:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-20 15:32 - 2013-09-26 18:10 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-19 20:11 - 2013-09-28 12:09 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-19 19:49 - 2011-08-14 22:02 - 00004124 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-19 19:49 - 2011-08-14 22:02 - 00003872 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-19 00:38 - 2012-08-05 04:40 - 00394626 _____ C:\temp.raw
Files to move or delete:
====================
C:\Users\**\lame.exe
C:\Users\**\lame_enc.dll
Some content of TEMP:
====================
C:\Users\**\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-11 05:32
==================== End Of Log ============================
--- --- --- Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2013
Ran by ** at 2013-11-16 18:34:49
Running from C:\Users\**\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 1.5.3.9130)
Adobe Community Help (x32 Version: 3.2.1)
Adobe Community Help (x32 Version: 3.2.1.650)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Photoshop Elements 9 (x32 Version: 9.0)
Adobe Reader XI (11.0.02) - Deutsch (x32 Version: 11.0.02)
Akamai NetSession Interface Service (x32)
Amazon MP3-Downloader 1.0.9 (x32)
ANSTOSS 2007 (Version 7.1.0.5) (x32 Version: 7.1.0.5)
ANSTOSS 3 (x32)
Apple Software Update (x32 Version: 2.1.3.127)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.16.1.0)
ATI Catalyst Install Manager (Version: 3.0.778.0)
Audacity 1.2.6 (x32)
Avira Antivirus Premium (x32 Version: 13.0.0.4052)
BearPaw 1200CU Plus v1.0 (x32)
Birth of the Federation (x32)
Broadcom 2070 Bluetooth 3.0 (Version: 6.3.0.6300)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)
calibre 64bit (Version: 0.9.25)
Call of Duty - United Offensive (x32 Version: 1.00.0000)
Call of Duty (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center InstallProxy (x32 Version: 2010.0805.358.5180)
Catalyst Control Center Localization All (x32 Version: 2010.0805.358.5180)
CCC Help Chinese Standard (x32 Version: 2010.0805.0357.5180)
CCC Help Chinese Traditional (x32 Version: 2010.0805.0357.5180)
CCC Help Czech (x32 Version: 2010.0805.0357.5180)
CCC Help Danish (x32 Version: 2010.0805.0357.5180)
CCC Help Dutch (x32 Version: 2010.0805.0357.5180)
CCC Help English (x32 Version: 2010.0805.0357.5180)
CCC Help Finnish (x32 Version: 2010.0805.0357.5180)
CCC Help French (x32 Version: 2010.0805.0357.5180)
CCC Help German (x32 Version: 2010.0805.0357.5180)
CCC Help Greek (x32 Version: 2010.0805.0357.5180)
CCC Help Hungarian (x32 Version: 2010.0805.0357.5180)
CCC Help Italian (x32 Version: 2010.0805.0357.5180)
CCC Help Japanese (x32 Version: 2010.0805.0357.5180)
CCC Help Korean (x32 Version: 2010.0805.0357.5180)
CCC Help Norwegian (x32 Version: 2010.0805.0357.5180)
CCC Help Polish (x32 Version: 2010.0805.0357.5180)
CCC Help Portuguese (x32 Version: 2010.0805.0357.5180)
CCC Help Russian (x32 Version: 2010.0805.0357.5180)
CCC Help Spanish (x32 Version: 2010.0805.0357.5180)
CCC Help Swedish (x32 Version: 2010.0805.0357.5180)
CCC Help Thai (x32 Version: 2010.0805.0357.5180)
CCC Help Turkish (x32 Version: 2010.0805.0357.5180)
ccc-core-static (x32 Version: 2010.0805.358.5180)
ccc-utility64 (Version: 2010.0805.358.5180)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.5080)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.5080)
Corel Home Office - CS Templates (x32 Version: 5.6.5)
Corel Home Office - CT Templates (x32 Version: 5.6.5)
Corel Home Office - IPM (x32 Version: 5.6.5)
Corel Home Office - JP Templates (x32 Version: 5.6.5)
Corel Home Office - KR Templates (x32 Version: 5.6.5)
Corel Home Office - Launcher (x32 Version: 5.6.5)
Corel Home Office - Templates RU (x32 Version: 5.6.5)
Corel Home Office - Templates1 (x32 Version: 5.6.5)
Corel Home Office (x32 Version: 5.0.87.621)
Corel Home Office (x32 Version: 5.6.5)
D3DX10 (x32 Version: 15.4.2368.0902)
DHTML Editing Component (x32 Version: 6.02.0001)
Earth 2160 (x32)
Elements 9 Organizer (x32 Version: 9.0)
Elements STI Installer (x32 Version: 1.0)
Energy Star Digital Logo (x32 Version: 1.0.1)
Europa Universalis III (x32)
Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1)
FTL: Faster Than Light (x32)
Galactic Civilizations I: Ultimate Edition (x32)
Garmin Training Center (x32 Version: 3.4.5)
Garmin USB Drivers (x32 Version: 2.3.0.0)
GOG.com Planescape Torment
Google Chrome (x32 Version: 30.0.1599.101)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
Gothic 2 Gold (x32 Version: 1.0.0)
Hearts of Iron III (x32)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.5.0.0)
HP ESU for Microsoft Windows 7 (x32 Version: 1.1.8.1)
HP HotKey Support (Version: 4.0.3.1)
HP Product Detection (x32 Version: 10.7.9.0)
HP Setup (x32 Version: 8.5.4371.3505)
HP SoftPaq Download Manager (x32 Version: 3.0.5.0)
HP Software Framework (x32 Version: 4.1.13.1)
HP Software Setup (x32 Version: 7.0.1.6)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Web Camera (Version: 1.0.0)
HP Webcam (x32 Version: 1.0.25.0)
HP Wireless Assistant (Version: 4.0.6.0)
ICQ 7.7 Build #6547 Banner Remover 1.0 (x32)
ICQ7.7 (x32 Version: 7.7)
IDT Audio (x32 Version: 1.0.6300.0)
Jagged Alliance 2 - Wildfire (x32)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kaspersky Security Scan (x32 Version: 12.0.1.340)
KKND2 Krossfire (x32 Version: 2.0.0.7)
Leviathan: Warships (x32)
LightScribe System Software (x32 Version: 1.18.22.2)
LSI HDA Modem (Version: 2.2.98)
Making History: The Calm & The Storm (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.7015.1000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.126.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 25.0 (x86 de) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MPC-HC 1.6.6.6957 (3975d54) (64-bit) (Version: 1.6.6.6957)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nokia Connectivity Cable Driver (x32 Version: 7.1.45.0)
Nokia Ovi Suite (x32 Version: 3.1.1.90)
Nokia Ovi Suite Software Updater (x32 Version: 02.07.004.45780)
Norton Online Backup (x32 Version: 2.0.0.34)
NVIDIA PhysX (x32 Version: 9.10.0222)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Opera 12.00 (x32 Version: 12.00.1467)
Ovi Desktop Sync Engine (x32 Version: 1.5.266.0)
OviMPlatform (x32 Version: 2.7.72.0)
Paint.NET v3.5.10 (Version: 3.60.0)
PC Connectivity Solution (x32 Version: 11.4.21.0)
PDF Complete Special Edition (x32 Version: 4.0.64)
Planescape Torment (x32 Version: 2.0.0.8)
PlayReady PC Runtime amd64 (Version: 1.3.0)
R.U.S.E (x32)
Realtek Ethernet Controller All-In-One Windows Driver (x32 Version: 1.12.0011)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0)
Robin Hood (x32)
Roxio Activation Module (x32 Version: 1.0)
Roxio Creator Audio (x32 Version: 3.8.0)
Roxio Creator Business (x32 Version: 10.3.56.21)
Roxio Creator Business v10 (x32 Version: 3.8.0)
Roxio Creator Copy (x32 Version: 3.8.0)
Roxio Creator Data (x32 Version: 3.8.0)
Roxio Creator Tools (x32 Version: 3.8.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Safari (x32 Version: 5.34.57.2)
Sid Meier's Civilization V (x32)
SportTracks 2.1 (x32 Version: 2.1.3478)
Spotify (HKCU Version: 0.9.1.53.g876fa9df)
Star Wars: Knights of the Old Republic (x32)
Steam (x32 Version: 1.0.0.0)
SymSilent (x32)
Synaptics Pointing Device Driver (Version: 15.0.24.0)
Turbo Lister 2 (x32 Version: 2.00.0000)
Ubuntu (x32 Version: 12.10-rev273)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Uplink (x32)
USB2.0 UVC 1.3M WebCam (x32 Version: 6.1.7600.0049)
VLC media player 2.0.6 (Version: 2.0.6)
Windows 7 Default Setting (x32 Version: 1.0.1.7)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinZip 14.5 (x32 Version: 14.5.9095)
==================== Restore Points =========================
15-11-2013 23:00:01 Geplanter Prüfpunkt
15-11-2013 23:06:38 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1331D776-F82A-497C-A715-5A445B667E3A} - System32\Tasks\{446A4079-CD1A-4C2B-8804-6991F040C60B} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {1A95656B-2DD3-4953-8E7C-6B850D43DA48} - System32\Tasks\AdobeAAMUpdater-1.0-Notebook-** => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {2491F0CA-34A8-4A5B-9790-B83F8C0F9D12} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14] (Google Inc.)
Task: {2A662C67-5C2C-4D24-91F2-41CB17D86870} - System32\Tasks\{B4CF0EF0-E790-4843-84E2-8FEF16F9E8FC} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {2FF2C6DF-F3AE-4632-90B8-05A1D617898B} - System32\Tasks\{299A06CD-D1FD-47DE-91C5-8DDBD6A8A2C0} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {34DD88D0-EA2D-49A8-A6FE-E28AE34B4B4F} - System32\Tasks\{432ADFD2-7C44-426B-ACB6-618817A5EC43} => C:\Program Files (x86)\ASCARON Entertainment\Anstoss 3\anstoss3.exe [2003-07-02] (ASCARON Software GmbH)
Task: {36FFC33D-D230-4581-B8B0-670368D03DD2} - System32\Tasks\{B4F40616-EBCA-492F-AB15-AD1BF0E473E7} => G:\Autorun.exe
Task: {3F790A0D-E446-4585-951A-E46F2DDE8CBD} - System32\Tasks\{D982940F-A6AE-410F-8751-377642DE442B} => G:\Run.EXE
Task: {40AB9C2A-FBDF-4E59-8C63-C31697F7E0BD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4DBFA6E7-6C0A-4433-BEFB-AC6A40805E9F} - System32\Tasks\{F149C798-3633-4502-9C1A-49ADE59F16F7} => C:\Program Files (x86)\ASCARON Entertainment\Anstoss 3\anstoss3.exe [2003-07-02] (ASCARON Software GmbH)
Task: {5A094BF3-DA5A-4461-B37A-5D6DD291EF36} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {793173F8-A379-4DA4-9595-23C0052052C6} - System32\Tasks\{584911E0-3058-4970-85CB-417B7D3D4D67} => G:\Autorun.exe
Task: {7F05D3C6-8FDB-44BC-9A7A-D835B124F008} - System32\Tasks\{9E535AC0-2FE0-40AA-88CA-A1A8E2A3932D} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {8085563E-707F-486B-841D-7BD7273A840B} - System32\Tasks\{A8D7645B-2A28-416A-8DEF-921695206A06} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {86AB55B5-4A42-46AB-9C9B-2B1727BF8AB3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {884260F4-AE00-457E-B02A-FF6B3FD10A80} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {90266ED1-80BF-4939-B6CA-99FA8D41B03E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Restart => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {91317E14-35F7-4AAF-9960-2904BED5BE2A} - System32\Tasks\{9DDA7528-4526-416A-9317-032E0B446969} => G:\Autorun.exe
Task: {9819D256-E3EF-496B-9BEC-FC7CF9E1A005} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-16] (Adobe Systems Incorporated)
Task: {983F3CA3-E63E-45D8-923A-A6547F421F05} - System32\Tasks\{62433C29-8D20-49C1-9830-ACB97E63F946} => C:\Users\**\Downloads\Web.EXE [2013-01-20] ()
Task: {9CADA944-05B9-451E-89CD-BE22609B3A6F} - System32\Tasks\{9B6198CF-46CF-45A9-AB27-9F2F8BAA4A62} => G:\Autorun.exe
Task: {A5B62E9D-1961-407C-8C12-FA8E3775C497} - System32\Tasks\{BDA512CD-3728-44E8-865B-C97995F96098} => G:\Autorun.exe
Task: {AC643865-7BED-4948-B9B1-97E978C31324} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {B1C9E923-66F4-4033-9146-7A9D5F2EBF61} - System32\Tasks\{A87CE0E8-714E-466E-B4E7-C55C3FB27DE2} => G:\Autorun.exe
Task: {C1307FBF-DBF5-4F0F-A5AD-E464F2BD93E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {D15EC214-5828-4FD7-BFF3-B76727221EB7} - System32\Tasks\{CB832584-F699-4A60-A1C0-376330FCCA89} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {D5632BA9-3FF5-4CB2-B81F-A8FCD94E986F} - System32\Tasks\{9661DF42-723F-499E-8186-A67E13E865F1} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {D814E471-E3C4-486B-9FFB-CD4997F48C40} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {D909A142-B583-445F-948C-3E034926785B} - System32\Tasks\{40DA9DB5-DB69-4E0E-AB48-7FC989FE0590} => G:\Run.EXE
Task: {DDF7196C-2EAA-492A-B640-FDBB4897091A} - System32\Tasks\{4CD4C0B0-E449-42D7-8847-5774944477A2} => C:\Users\**\Downloads\webxp(1).EXE [2013-04-08] ()
Task: {E755E7B3-C7AD-4582-A399-D442BBD0E932} - System32\Tasks\{2D54BE24-AA8C-4158-9D0A-871EF4DEB6FE} => C:\Users\**\Downloads\Web.EXE [2013-01-20] ()
Task: {EB6E65A6-D1FD-4882-A9BA-E08E9198F83E} - System32\Tasks\{BE5444FF-31A1-4CF8-9C1D-BB74BBB7F571} => G:\Run.EXE
Task: {F0840821-EF33-4E02-BF0D-C366D1E6B956} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14] (Google Inc.)
Task: {F5165A04-A9DD-4DEA-B93C-3C08F919C1D4} - System32\Tasks\{67695EDE-9506-4C3F-9DBF-C9E574D121BA} => G:\Autorun.exe
Task: {FD061F33-92F9-40D6-98A6-A96DC249192F} - System32\Tasks\{B644EF79-BE31-4397-A884-07B08E06D6C3} => G:\Run.EXE
Task: {FD881D04-07F6-4BAE-BBB8-9DD07D49CFE6} - System32\Tasks\{2DB988D8-23A1-43C7-8DF8-C6BA3D88A02B} => C:\Users\**\Downloads\web(1).exe [2013-01-20] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-07-30 04:39 - 2010-07-30 04:39 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-04-13 01:59 - 2010-04-13 01:59 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-05 12:57 - 2010-08-05 12:57 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-04-05 20:11 - 2010-04-05 20:11 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-04-05 20:12 - 2010-04-05 20:12 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-04-05 20:12 - 2010-04-05 20:12 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2012-12-01 15:49 - 2012-12-01 15:41 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 02126264 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 07422392 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 02453944 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 01270200 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 00192952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 00795064 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/16/2013 06:25:59 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/16/2013 03:02:09 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/16/2013 03:02:06 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/15/2013 05:09:38 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/15/2013 05:09:37 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/15/2013 00:33:23 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (11/15/2013 00:32:55 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (11/16/2013 02:57:26 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ELMOS_PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{B6191BF7-035A-4DDF-8874-F82B8BC6681C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (11/16/2013 02:49:22 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv07
Error: (11/16/2013 02:48:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/16/2013 02:47:14 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b
Error: (11/16/2013 02:46:14 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv07
Error: (11/16/2013 02:45:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/16/2013 00:06:51 AM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}
Error: (11/15/2013 03:17:56 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv07
Error: (11/15/2013 03:17:25 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/14/2013 10:30:41 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv07
Microsoft Office Sessions:
=========================
Error: (11/16/2013 06:25:59 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (11/16/2013 03:02:09 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\**\Downloads\esetsmartinstaller_enu.exe
Error: (11/16/2013 03:02:06 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\**\Downloads\esetsmartinstaller_enu.exe
Error: (11/15/2013 05:09:38 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\**\Downloads\esetsmartinstaller_deu.exe
Error: (11/15/2013 05:09:37 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\**\Downloads\esetsmartinstaller_deu(1).exe
Error: (11/15/2013 00:33:23 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (11/15/2013 00:32:55 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
CodeIntegrity Errors:
===================================
Date: 2013-11-16 14:48:25.232
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-16 14:48:24.655
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-16 14:45:16.045
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-16 14:45:15.468
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-15 03:17:12.355
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-15 03:17:11.794
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-14 22:29:15.638
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-14 22:29:15.045
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-14 17:51:10.308
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-14 17:51:09.747
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 45%
Total physical RAM: 3836.56 MB
Available physical RAM: 2108.22 MB
Total Pagefile: 7671.3 MB
Available Pagefile: 5535.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:152.35 GB) (Free:54.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Volume) (Fixed) (Total:128.44 GB) (Free:28.18 GB) NTFS
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.94 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: CFA7A8FA)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=300 MB) - (Type=42)
Partition 3: (Not Active) - (Size=152 GB) - (Type=42)
Partition 4: (Not Active) - (Size=145 GB) - (Type=42)
==================== End Of Log ============================
aethelstan |
|
17.11.2013, 07:28
| #12 |
| /// the machine /// TB-Ausbilder | Verdacht auf TR/Kazy und PUP "Downloadsponsor.A" Ordner leeren, nicht löschen Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.11.2013, 23:18
| #13 |
| | Verdacht auf TR/Kazy und PUP "Downloadsponsor.A" Hi schrauber, super, vielen Dank für Deine Hilfe!!! Ich sehe das dann richtig, dass ich Passwörter nicht ändern muss, und nun auch wieder Onlinebanking etc. auf dem Laptop machen kann? Magst Du mir noch grob sagen, was ich mir da tatsächlich eingefangen hatte / wie schwerwiegend das war, damit ich das besser einordnen kann, auch für die Zukunft? Danach kannst Du den Thread dann gern dicht machen. Ansonsten noch mal vielen Dank, und ich hoffe, ihr habt jetzt erst mal Ruhe vor mir. :-) Gruß, aethelstan |
|
18.11.2013, 13:01
| #14 |
| /// the machine /// TB-Ausbilder | Verdacht auf TR/Kazy und PUP "Downloadsponsor.A" Das war nur nervige Adware
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Verdacht auf TR/Kazy und PUP "Downloadsponsor.A" |
| administrator, adware?, anti-malware, aufsetzen, avira, chip.de, datei, ebanking, explorer, icq, link, malware, malwarebytes, namen, notebook, pup.optional.downloadsponsor.a, remover, scan, tr/kazy.251205, trojaner, virus, warnung, wichtig, win32/downloadsponsor.a, ändern |
WARNUNG an die MITLESER: 
Linear-Darstellung
