| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ADWARE/InstallCore.Gen erneut daWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.01.2014, 20:53
| #1 |
 |  ADWARE/InstallCore.Gen erneut da Hallo ihr guten Seelen, ich wollte mir heute einen MP3Converter runterladen und plötzlich waren diverse Programme mehr auf meinem PC. Schritt1 Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:21 on 04/01/2014 (Basti)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by Basti (administrator) on HP on 04-01-2014 19:24:11
Running from C:\Users\Basti\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(HP) C:\Program Files (x86)\HP SimplePass\BioMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Optimizer Pro\OptProCrash.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-02-24] (Synaptics Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] - C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-10] (Easybits)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761024 2013-12-13] ()
HKLM-x32\...\Runonce: [freem4atomp3converterzxvb] - [x]
HKLM-x32\...\Runonce: [Del9915532] - cmd.exe /Q /D /c del "C:\Users\Basti\AppData\Local\Temp\0.del" [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Basti\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKCU\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [134648 2013-10-28] ()
HKCU\...\Runonce: [Del9915532] - cmd.exe /Q /D /c del "C:\Users\Basti\AppData\Local\Temp\0.del"
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
AppInit_DLLs: C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2603312 2014-01-04] ()
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll [2869720 2013-10-29] ()
Startup: C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: HP SimplePass Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Re-markit - {4d5c5a63-c98f-4693-a3dc-5cf708212045} - C:\Program Files (x86)\Re-markit\150.dll No File
BHO-x32: HP SimplePass Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll (HP)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll (HP)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\y0btifz5.default
FF user.js: detected! => C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\y0btifz5.default\user.js
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software (Adobereader alternative)\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software (Adobereader alternative)\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software (Adobereader alternative)\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software (Adobereader alternative)\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software (Adobereader alternative)\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Basti\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\Users\Basti\AppData\Roaming\Mozilla\Plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Foxtab Speed Dial - C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\y0btifz5.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
FF Extension: CookieCuller - C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\y0btifz5.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Docs) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (Google Search) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Website Logon) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfgjjhcgfbfkkoelpepohanhmbhdanh\1.5_0
CHR Extension: (Google Wallet) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [jpfgjjhcgfbfkkoelpepohanhmbhdanh] - C:\Program Files (x86)\HP SimplePass\tschrome.crx
==================== Services (Whitelisted) =================
R2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrash.exe [143488 2014-01-04] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [260424 2011-12-11] (HP)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [269640 2011-12-09] (AuthenTec, Inc.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-02-24] (Synaptics Incorporated)
S3 clwvd; system32\DRIVERS\clwvd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-04 19:24 - 2014-01-04 19:25 - 00016238 _____ C:\Users\Basti\Downloads\FRST.txt
2014-01-04 19:23 - 2014-01-04 19:23 - 01931368 _____ (Farbar) C:\Users\Basti\Downloads\FRST64.exe
2014-01-04 19:23 - 2014-01-04 19:23 - 00000000 ____D C:\Users\Basti\Documents\Optimizer Pro
2014-01-04 19:23 - 2014-01-04 19:23 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Optimizer Pro
2014-01-04 19:23 - 2014-01-04 19:23 - 00000000 ____D C:\FRST
2014-01-04 19:21 - 2014-01-04 19:22 - 00000000 ____D C:\Users\Basti\Desktop\trojaner
2014-01-04 19:20 - 2014-01-04 19:20 - 00000000 _____ C:\Users\Basti\defogger_reenable
2014-01-04 19:19 - 2014-01-04 19:19 - 00050477 _____ C:\Users\Basti\Downloads\Defogger.exe
2014-01-04 19:16 - 2014-01-04 19:16 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-01-04 19:16 - 2014-01-04 19:16 - 00000000 ____D C:\Users\Basti\AppData\Roaming\FoxTab
2014-01-04 19:16 - 2014-01-04 19:16 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2014-01-04 19:15 - 2014-01-04 19:15 - 00000000 ____D C:\Program Files (x86)\OpenIt
2014-01-04 19:15 - 2014-01-04 19:15 - 00000000 ____D C:\Program Files (x86)\Foxtab
2014-01-04 19:12 - 2014-01-04 19:12 - 00673048 _____ ( ) C:\Users\Basti\Downloads\ZipExtractorSetup.exe
2014-01-04 17:21 - 2014-01-04 17:21 - 00000113 _____ C:\Users\Basti\AppData\Roaming\WB.CFG
2014-01-04 17:21 - 2014-01-04 17:21 - 00000005 _____ C:\Users\Basti\AppData\Roaming\WBPU-TTL.DAT
2014-01-04 17:02 - 2014-01-04 17:02 - 00002251 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-04 17:01 - 2014-01-04 19:21 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-04 17:01 - 2014-01-04 17:21 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-04 17:01 - 2014-01-04 17:16 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-04 17:01 - 2014-01-04 17:16 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-04 17:01 - 2014-01-04 17:02 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-04 17:01 - 2014-01-04 17:01 - 00001160 _____ C:\Users\Public\Desktop\Express Rip.lnk
2014-01-04 17:01 - 2014-01-04 17:01 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2014-01-04 17:01 - 2014-01-04 17:01 - 00000000 ____D C:\ProgramData\NCH Software
2014-01-04 17:01 - 2014-01-04 17:01 - 00000000 ____D C:\Program Files (x86)\NCH Software
2014-01-04 16:59 - 2014-01-04 16:59 - 00614784 _____ C:\Users\Basti\Downloads\express-rip-1-94(1).exe
2014-01-04 16:51 - 2014-01-04 16:51 - 00614784 _____ C:\Users\Basti\Downloads\express-rip-1-94.exe
2014-01-04 16:38 - 2014-01-04 16:38 - 00001155 _____ C:\Users\Basti\Desktop\Free M4a to MP3 Converter.lnk
2014-01-04 16:38 - 2014-01-04 16:38 - 00001150 _____ C:\Users\Basti\Desktop\My Music Tools.lnk
2014-01-04 16:38 - 2014-01-04 16:38 - 00000000 ____D C:\Program Files (x86)\Free M4a to MP3 Converter
2014-01-04 16:36 - 2014-01-04 16:36 - 05834488 _____ (ManiacTools.com ) C:\Users\Basti\Downloads\m4a-to80-mp3-converter.exe
2014-01-04 16:22 - 2014-01-04 19:22 - 00000000 ____D C:\Users\Basti\AppData\Local\Mobogenie
2014-01-04 16:22 - 2014-01-04 16:22 - 00000000 ____D C:\Users\Basti\Documents\Mobogenie
2014-01-04 16:21 - 2014-01-04 19:17 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2014-01-04 16:21 - 2014-01-04 19:16 - 00003216 _____ C:\Windows\System32\Tasks\FoxTab
2014-01-04 16:21 - 2014-01-04 19:16 - 00000288 _____ C:\Windows\Tasks\FoxTab.job
2014-01-04 16:20 - 2014-01-04 16:23 - 00000000 ____D C:\Program Files (x86)\PC Speed Maximizer
2014-01-04 16:20 - 2014-01-04 16:20 - 00000000 ____D C:\Program Files (x86)\VideoConverter
2014-01-04 16:17 - 2014-01-04 16:17 - 00673240 _____ ( ) C:\Users\Basti\Downloads\VideoConverterSetup.exe
2014-01-04 15:37 - 2014-01-04 16:06 - 00000000 ____D C:\Users\Basti\Desktop\stik
2014-01-03 10:04 - 2014-01-03 10:04 - 00000000 ____D C:\Users\Basti\AppData\Roaming\OpenOffice
2013-12-28 17:48 - 1997-05-29 16:31 - 00315904 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2013-12-27 20:52 - 2013-12-27 20:52 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-27 20:47 - 2013-12-27 20:47 - 00000885 _____ C:\Users\Basti\Desktop\Jagged Alliance 2.lnk
2013-12-27 20:47 - 2013-12-27 20:47 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jagged Alliance 2
2013-12-27 20:44 - 2013-12-27 20:51 - 00000000 ____D C:\Program Files (x86)\Ja2
2013-12-26 10:04 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAT.DLL
2013-12-26 09:47 - 2013-12-26 09:47 - 00000000 ____D C:\Users\Basti\AppData\Local\Tracker Software
2013-12-25 11:30 - 2013-12-25 11:30 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-25 11:30 - 2013-12-25 11:30 - 00000000 ____D C:\ProgramData\Oracle
2013-12-25 11:30 - 2013-12-25 11:30 - 00000000 ____D C:\Program Files\Java
2013-12-25 11:29 - 2013-12-25 11:29 - 30694824 _____ (Oracle Corporation) C:\Users\Basti\Downloads\jre-7u45-windows-x64.exe
2013-12-25 11:21 - 2013-12-25 11:21 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-12-25 11:20 - 2013-12-25 11:20 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-12-25 11:09 - 2013-12-25 11:09 - 00000000 ____D C:\Users\Basti\AppData\Local\Secunia PSI
2013-12-25 11:09 - 2013-12-25 11:09 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-12-25 11:08 - 2013-12-25 11:09 - 05329480 _____ (Secunia) C:\Users\Basti\Downloads\PSISetup_3.0.0.9016.exe
2013-12-25 11:04 - 2014-01-04 19:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-25 11:04 - 2013-12-25 11:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-25 11:04 - 2013-12-25 11:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-25 11:04 - 2013-12-25 11:04 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-25 10:59 - 2013-12-25 10:59 - 00001200 _____ C:\Users\Public\Desktop\PDF-Viewer.lnk
2013-12-25 10:58 - 2013-12-25 10:59 - 00000000 ____D C:\Program Files\Tracker Software (Adobereader alternative)
2013-12-25 10:56 - 2013-12-25 10:56 - 16530904 _____ (Tracker Software Products Ltd ) C:\Users\Basti\Downloads\PDFXVwer_252131.exe
2013-12-25 10:49 - 2013-12-25 10:49 - 05329480 _____ (Secunia) C:\Users\Basti\Downloads\PSISetup.exe
2013-12-25 10:38 - 2013-12-25 10:38 - 477265185 _____ C:\Windows\MEMORY.DMP
2013-12-25 10:38 - 2013-12-25 10:38 - 00279968 _____ C:\Windows\Minidump\122513-56550-01.dmp
2013-12-25 10:38 - 2013-12-25 10:38 - 00000000 ____D C:\Windows\Minidump
2013-12-25 10:24 - 2013-12-25 10:25 - 00001693 _____ C:\DelFix.txt
2013-12-24 16:58 - 2013-12-24 16:58 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-24 16:56 - 2013-12-24 16:56 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Malwarebytes
2013-12-23 18:25 - 2013-12-25 10:24 - 00000000 ____D C:\Windows\ERUNT
2013-12-23 16:08 - 2013-12-24 17:37 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-23 16:08 - 2013-12-23 16:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-23 14:06 - 2013-12-23 14:06 - 00377856 _____ C:\Users\Basti\Downloads\gmer_2.1.19163.exe
2013-12-23 13:31 - 2013-12-23 13:31 - 00000000 ____D C:\AuthLog
2013-12-23 13:17 - 2014-01-04 19:17 - 00000000 ____D C:\Users\Basti\AppData\Local\genienext
2013-12-23 13:17 - 2014-01-04 16:32 - 00000000 ____D C:\Users\Basti\AppData\Roaming\newnext.me
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\AppData\Local\cache
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\.android
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 _____ C:\Users\Basti\daemonprocess.txt
2013-12-23 13:15 - 2014-01-04 19:16 - 00003220 _____ C:\Windows\System32\Tasks\Digital Sites
2013-12-23 13:15 - 2014-01-04 19:15 - 00000292 _____ C:\Windows\Tasks\Digital Sites.job
2013-12-23 13:15 - 2013-12-23 13:15 - 00000000 ____D C:\Users\Basti\AppData\Roaming\DigitalSites
2013-12-21 21:37 - 2013-12-21 21:37 - 00000000 _____ C:\autoexec.bat
2013-12-21 21:34 - 2013-12-21 21:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-15 19:59 - 2013-12-16 18:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-13 08:18 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-13 08:18 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-13 08:18 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-13 08:18 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-13 08:16 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 08:16 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 08:16 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-13 08:16 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-13 08:16 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-13 08:16 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 08:16 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 08:16 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-13 08:16 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-13 08:16 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 08:16 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 08:16 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-13 08:16 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-13 08:16 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-13 08:16 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-13 08:16 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-13 08:16 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-13 08:16 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-13 08:16 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-13 08:16 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 08:16 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-13 08:16 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-13 08:16 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 08:16 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 08:16 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-13 08:16 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-13 08:16 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-13 08:16 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-13 08:15 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-13 08:15 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 08:15 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 18:34 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 18:34 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 18:34 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 18:34 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 18:34 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 18:34 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 18:34 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 18:34 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 18:34 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 18:34 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 18:34 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 18:34 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 18:34 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 18:34 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 18:34 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 18:34 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 18:34 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 18:34 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 18:34 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 22:29 - 2013-12-10 22:36 - 00000000 ____D C:\ProgramData\Easybits Magic Desktop for HP
2013-12-06 15:47 - 2013-12-06 15:47 - 00018456 _____ (Secunia) C:\Windows\system32\Drivers\psi_mf_amd64.sys
==================== One Month Modified Files and Folders =======
2014-01-04 19:25 - 2014-01-04 19:24 - 00016238 _____ C:\Users\Basti\Downloads\FRST.txt
2014-01-04 19:23 - 2014-01-04 19:23 - 01931368 _____ (Farbar) C:\Users\Basti\Downloads\FRST64.exe
2014-01-04 19:23 - 2014-01-04 19:23 - 00000000 ____D C:\Users\Basti\Documents\Optimizer Pro
2014-01-04 19:23 - 2014-01-04 19:23 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Optimizer Pro
2014-01-04 19:23 - 2014-01-04 19:23 - 00000000 ____D C:\FRST
2014-01-04 19:22 - 2014-01-04 19:21 - 00000000 ____D C:\Users\Basti\Desktop\trojaner
2014-01-04 19:22 - 2014-01-04 16:22 - 00000000 ____D C:\Users\Basti\AppData\Local\Mobogenie
2014-01-04 19:21 - 2014-01-04 17:01 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-04 19:20 - 2014-01-04 19:20 - 00000000 _____ C:\Users\Basti\defogger_reenable
2014-01-04 19:20 - 2012-11-01 10:54 - 00000000 ____D C:\Users\Basti
2014-01-04 19:19 - 2014-01-04 19:19 - 00050477 _____ C:\Users\Basti\Downloads\Defogger.exe
2014-01-04 19:17 - 2014-01-04 16:21 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2014-01-04 19:17 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\AppData\Local\genienext
2014-01-04 19:16 - 2014-01-04 19:16 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-01-04 19:16 - 2014-01-04 19:16 - 00000000 ____D C:\Users\Basti\AppData\Roaming\FoxTab
2014-01-04 19:16 - 2014-01-04 19:16 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2014-01-04 19:16 - 2014-01-04 16:21 - 00003216 _____ C:\Windows\System32\Tasks\FoxTab
2014-01-04 19:16 - 2014-01-04 16:21 - 00000288 _____ C:\Windows\Tasks\FoxTab.job
2014-01-04 19:16 - 2013-12-23 13:15 - 00003220 _____ C:\Windows\System32\Tasks\Digital Sites
2014-01-04 19:15 - 2014-01-04 19:15 - 00000000 ____D C:\Program Files (x86)\OpenIt
2014-01-04 19:15 - 2014-01-04 19:15 - 00000000 ____D C:\Program Files (x86)\Foxtab
2014-01-04 19:15 - 2013-12-23 13:15 - 00000292 _____ C:\Windows\Tasks\Digital Sites.job
2014-01-04 19:14 - 2013-12-25 11:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-04 19:12 - 2014-01-04 19:12 - 00673048 _____ ( ) C:\Users\Basti\Downloads\ZipExtractorSetup.exe
2014-01-04 17:21 - 2014-01-04 17:21 - 00000113 _____ C:\Users\Basti\AppData\Roaming\WB.CFG
2014-01-04 17:21 - 2014-01-04 17:21 - 00000005 _____ C:\Users\Basti\AppData\Roaming\WBPU-TTL.DAT
2014-01-04 17:21 - 2014-01-04 17:01 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-04 17:16 - 2014-01-04 17:01 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-04 17:16 - 2014-01-04 17:01 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-04 17:02 - 2014-01-04 17:02 - 00002251 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-04 17:02 - 2014-01-04 17:01 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-04 17:01 - 2014-01-04 17:01 - 00001160 _____ C:\Users\Public\Desktop\Express Rip.lnk
2014-01-04 17:01 - 2014-01-04 17:01 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2014-01-04 17:01 - 2014-01-04 17:01 - 00000000 ____D C:\ProgramData\NCH Software
2014-01-04 17:01 - 2014-01-04 17:01 - 00000000 ____D C:\Program Files (x86)\NCH Software
2014-01-04 17:01 - 2013-10-31 20:15 - 00000000 ____D C:\Users\Basti\AppData\Local\Google
2014-01-04 16:59 - 2014-01-04 16:59 - 00614784 _____ C:\Users\Basti\Downloads\express-rip-1-94(1).exe
2014-01-04 16:51 - 2014-01-04 16:51 - 00614784 _____ C:\Users\Basti\Downloads\express-rip-1-94.exe
2014-01-04 16:47 - 2013-10-31 20:17 - 00000000 ____D C:\Users\Basti\AppData\Roaming\vlc
2014-01-04 16:41 - 2009-07-14 05:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-04 16:41 - 2009-07-14 05:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-04 16:38 - 2014-01-04 16:38 - 00001155 _____ C:\Users\Basti\Desktop\Free M4a to MP3 Converter.lnk
2014-01-04 16:38 - 2014-01-04 16:38 - 00001150 _____ C:\Users\Basti\Desktop\My Music Tools.lnk
2014-01-04 16:38 - 2014-01-04 16:38 - 00000000 ____D C:\Program Files (x86)\Free M4a to MP3 Converter
2014-01-04 16:36 - 2014-01-04 16:36 - 05834488 _____ (ManiacTools.com ) C:\Users\Basti\Downloads\m4a-to80-mp3-converter.exe
2014-01-04 16:33 - 2013-06-22 19:39 - 00000000 ___RD C:\Users\Basti\Dropbox
2014-01-04 16:33 - 2013-06-22 19:36 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Dropbox
2014-01-04 16:33 - 2012-11-01 09:00 - 01514764 _____ C:\Windows\WindowsUpdate.log
2014-01-04 16:32 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\AppData\Roaming\newnext.me
2014-01-04 16:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-04 16:31 - 2009-07-14 05:51 - 00100304 _____ C:\Windows\setupact.log
2014-01-04 16:30 - 2010-11-21 04:47 - 00662508 _____ C:\Windows\PFRO.log
2014-01-04 16:23 - 2014-01-04 16:20 - 00000000 ____D C:\Program Files (x86)\PC Speed Maximizer
2014-01-04 16:22 - 2014-01-04 16:22 - 00000000 ____D C:\Users\Basti\Documents\Mobogenie
2014-01-04 16:22 - 2013-05-01 11:06 - 00003906 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{965606AF-5B0A-4D2E-A70A-F1CFFCD8E5C2}
2014-01-04 16:20 - 2014-01-04 16:20 - 00000000 ____D C:\Program Files (x86)\VideoConverter
2014-01-04 16:17 - 2014-01-04 16:17 - 00673240 _____ ( ) C:\Users\Basti\Downloads\VideoConverterSetup.exe
2014-01-04 16:06 - 2014-01-04 15:37 - 00000000 ____D C:\Users\Basti\Desktop\stik
2014-01-04 15:40 - 2012-03-15 06:32 - 00700134 _____ C:\Windows\system32\perfh007.dat
2014-01-04 15:40 - 2012-03-15 06:32 - 00149984 _____ C:\Windows\system32\perfc007.dat
2014-01-04 15:40 - 2009-07-14 06:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-03 10:44 - 2012-11-01 11:08 - 00000000 ____D C:\Users\Basti\AppData\Roaming\SoftGrid Client
2014-01-03 10:04 - 2014-01-03 10:04 - 00000000 ____D C:\Users\Basti\AppData\Roaming\OpenOffice
2014-01-03 09:24 - 2012-11-03 12:39 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-28 18:10 - 2013-01-25 18:49 - 00000000 ____D C:\Users\Basti\AppData\Local\CrashDumps
2013-12-27 20:52 - 2013-12-27 20:52 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-27 20:51 - 2013-12-27 20:44 - 00000000 ____D C:\Program Files (x86)\Ja2
2013-12-27 20:47 - 2013-12-27 20:47 - 00000885 _____ C:\Users\Basti\Desktop\Jagged Alliance 2.lnk
2013-12-27 20:47 - 2013-12-27 20:47 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jagged Alliance 2
2013-12-26 09:59 - 2012-11-01 11:08 - 01596516 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-26 09:47 - 2013-12-26 09:47 - 00000000 ____D C:\Users\Basti\AppData\Local\Tracker Software
2013-12-25 22:19 - 2013-10-31 20:16 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-12-25 14:12 - 2012-11-01 11:18 - 00064024 _____ C:\Users\Basti\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-25 14:11 - 2009-07-14 05:45 - 00294712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-25 11:30 - 2013-12-25 11:30 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-25 11:30 - 2013-12-25 11:30 - 00000000 ____D C:\ProgramData\Oracle
2013-12-25 11:30 - 2013-12-25 11:30 - 00000000 ____D C:\Program Files\Java
2013-12-25 11:29 - 2013-12-25 11:29 - 30694824 _____ (Oracle Corporation) C:\Users\Basti\Downloads\jre-7u45-windows-x64.exe
2013-12-25 11:21 - 2013-12-25 11:21 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-12-25 11:20 - 2013-12-25 11:20 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-12-25 11:18 - 2012-11-01 10:58 - 00000000 ___RD C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-25 11:09 - 2013-12-25 11:09 - 00000000 ____D C:\Users\Basti\AppData\Local\Secunia PSI
2013-12-25 11:09 - 2013-12-25 11:09 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-12-25 11:09 - 2013-12-25 11:08 - 05329480 _____ (Secunia) C:\Users\Basti\Downloads\PSISetup_3.0.0.9016.exe
2013-12-25 11:04 - 2013-12-25 11:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-25 11:04 - 2013-12-25 11:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-25 11:04 - 2013-12-25 11:04 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-25 11:04 - 2012-12-27 10:49 - 00000000 ____D C:\Users\Basti\AppData\Local\Adobe
2013-12-25 10:59 - 2013-12-25 10:59 - 00001200 _____ C:\Users\Public\Desktop\PDF-Viewer.lnk
2013-12-25 10:59 - 2013-12-25 10:58 - 00000000 ____D C:\Program Files\Tracker Software (Adobereader alternative)
2013-12-25 10:56 - 2013-12-25 10:56 - 16530904 _____ (Tracker Software Products Ltd ) C:\Users\Basti\Downloads\PDFXVwer_252131.exe
2013-12-25 10:54 - 2012-03-14 22:29 - 00000000 ____D C:\ProgramData\Adobe
2013-12-25 10:49 - 2013-12-25 10:49 - 05329480 _____ (Secunia) C:\Users\Basti\Downloads\PSISetup.exe
2013-12-25 10:38 - 2013-12-25 10:38 - 477265185 _____ C:\Windows\MEMORY.DMP
2013-12-25 10:38 - 2013-12-25 10:38 - 00279968 _____ C:\Windows\Minidump\122513-56550-01.dmp
2013-12-25 10:38 - 2013-12-25 10:38 - 00000000 ____D C:\Windows\Minidump
2013-12-25 10:25 - 2013-12-25 10:24 - 00001693 _____ C:\DelFix.txt
2013-12-25 10:24 - 2013-12-23 18:25 - 00000000 ____D C:\Windows\ERUNT
2013-12-24 17:37 - 2013-12-23 16:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-24 16:58 - 2013-12-24 16:58 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-24 16:56 - 2013-12-24 16:56 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Malwarebytes
2013-12-23 18:15 - 2012-11-01 10:58 - 00000995 _____ C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-23 16:08 - 2013-12-23 16:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-23 14:06 - 2013-12-23 14:06 - 00377856 _____ C:\Users\Basti\Downloads\gmer_2.1.19163.exe
2013-12-23 13:42 - 2012-03-14 22:24 - 00000000 ____D C:\ProgramData\Skype
2013-12-23 13:36 - 2013-01-05 17:06 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Skype
2013-12-23 13:33 - 2013-05-09 20:05 - 00000000 ____D C:\Program Files (x86)\ACR
2013-12-23 13:31 - 2013-12-23 13:31 - 00000000 ____D C:\AuthLog
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\AppData\Local\cache
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\.android
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 _____ C:\Users\Basti\daemonprocess.txt
2013-12-23 13:15 - 2013-12-23 13:15 - 00000000 ____D C:\Users\Basti\AppData\Roaming\DigitalSites
2013-12-22 09:15 - 2012-11-03 15:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 21:37 - 2013-12-21 21:37 - 00000000 _____ C:\autoexec.bat
2013-12-21 21:35 - 2013-12-21 21:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 17:47 - 2013-06-22 19:39 - 00000979 _____ C:\Users\Basti\Desktop\Dropbox.lnk
2013-12-19 17:47 - 2013-06-22 19:36 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-18 20:52 - 2013-05-07 18:53 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-18 20:52 - 2013-03-31 12:13 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-18 20:52 - 2013-03-31 12:13 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-16 18:09 - 2013-12-15 19:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-14 15:52 - 2013-08-16 14:09 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 15:50 - 2012-11-03 13:12 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 13:37 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-10 22:36 - 2013-12-10 22:29 - 00000000 ____D C:\ProgramData\Easybits Magic Desktop for HP
2013-12-06 15:47 - 2013-12-06 15:47 - 00018456 _____ (Secunia) C:\Windows\system32\Drivers\psi_mf_amd64.sys
Some content of TEMP:
====================
C:\Users\Basti\AppData\Local\Temp\73668uninstall.exe
C:\Users\Basti\AppData\Local\Temp\avgnt.exe
C:\Users\Basti\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Basti\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\Basti\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Basti\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\Basti\AppData\Local\Temp\Mobogenie_Setup_2.1.23_515.exe
C:\Users\Basti\AppData\Local\Temp\Sqlite3.dll
C:\Users\Basti\AppData\Local\Temp\vlc-2.1.2-win32.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-25 10:18
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2014
Ran by Basti at 2014-01-04 19:25:25
Running from C:\Users\Basti\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
AuthenTec TrueAPI 64-bit (Version: 1.5.0.165 - AuthenTec, Inc.) Hidden
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
Canon Easy-PhotoPrint EX (x32 Version: - )
Canon Easy-WebPrint EX (x32 Version: - )
Canon IJ Network Scanner Selector EX (x32 Version: - )
Canon IJ Network Tool (x32 Version: - )
Canon MG5300 series Benutzerregistrierung (x32 Version: - )
Canon MG5300 series MP Drivers (Version: - )
Canon MG5300 series On-screen Manual (x32 Version: - )
Canon MP Navigator EX 5.0 (x32 Version: - )
Canon My Printer (x32 Version: - )
Canon Solution Menu EX (x32 Version: - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU Version: 2.4.10 - Dropbox, Inc.)
Druckerdeinstallation für EPSON S22 Series (Version: - SEIKO EPSON Corporation)
Epson Easy Photo Print 2 (x32 Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000 - SEIKO EPSON CORPORATION)
EPSON S22 Series Handbuch (x32 Version: - )
ESU for Microsoft Windows 7 SP1 (x32 Version: 5.1.3 - Hewlett-Packard)
Evernote v. 4.5.2 (x32 Version: 4.5.2.5904 - Evernote Corp.)
Express Rip (x32 Version: 1.94 - NCH Software)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Flatcast Viewer Plugin 5.3.0.784 (x32 Version: - 1 mal 1 Software GmbH)
Foxtab (x32 Version: - FoxTab) <==== ATTENTION
Free M4a to MP3 Converter 8.0 (x32 Version: - ManiacTools.com)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (x32 Version: 1.1.0.0 - Hewlett-Packard)
HP Games (x32 Version: 1.0.2.5 - WildTangent)
HP Launch Box (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (x32 Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (x32 Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (x32 Version: 2.7.2 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
HP Security Assistant (Version: 3.0.2 - Hewlett-Packard Company)
HP Setup (x32 Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP SimplePass PE (x32 Version: 5.4.0.402 - Hewlett-Packard)
HP Software Framework (x32 Version: 4.5.6.1 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 6.1.12.1 - Hewlett-Packard Company)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (x32 Version: - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.605.1 - Intel Corporation)
Jagged Alliance 2 (x32 Version: - )
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mobogenie (x32 Version: - Mobogenie.com)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Open It! (x32 Version: 1.1.1 - OpenIt)
OpenOffice 4.0.0 (x32 Version: 4.00.9702 - Apache Software Foundation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Optimizer Pro v3.2 (x32 Version: - PC Utilities Software Limited) <==== ATTENTION
PDF-Viewer (Version: 2.5.213.1 - Tracker Software Products Ltd)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Ralink RT5390R 802.11b/g/n 1x1 Wi-Fi Adapter (x32 Version: 3.02.07.0 - Ralink)
Realtek Ethernet Controller Driver (x32 Version: 7.51.116.2012 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6577 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.9016) (x32 Version: 3.0.0.9016 - Secunia)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 16.0.1.0 - Synaptics Incorporated)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Unity Web Player (HKCU Version: - Unity Technologies ApS)
Update for Zip Extractor (HKCU Version: - Update for Zip Extractor) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VIS (x32 Version: - )
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Restore Points =========================
25-12-2013 09:24:50 Ende der Bereinigung
25-12-2013 09:35:49 Windows Update
25-12-2013 09:41:31 Windows Update
25-12-2013 09:53:10 Removed Adobe Reader X (10.1.8) MUI.
25-12-2013 10:17:20 OpenOffice 4.0.0 wird installiert
25-12-2013 10:30:11 Installed Java 7 Update 45 (64-bit)
26-12-2013 08:51:32 Windows-Sicherung
26-12-2013 08:52:08 Windows-Sicherung
26-12-2013 08:57:15 Windows Update
26-12-2013 09:01:28 Windows Update
29-12-2013 19:37:30 Windows-Sicherung
01-01-2014 10:14:51 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {423B4D29-AF96-43E2-85B3-AECCA704F4F5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {483A0301-236A-4241-A722-8170D299AA28} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-25] (Adobe Systems Incorporated)
Task: {568C07D1-73AF-47F4-84E2-1DF5F1CC78A4} - System32\Tasks\NCH Software\ExpressRipSevenDays => C:\Program Files (x86)\NCH Software\ExpressRip\expressrip.exe [2013-07-18] (NCH Software)
Task: {6B4FE882-31AB-4953-BBA5-A69BDDEF6F9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {859802CD-FF5A-4D41-A4EA-FD5DF6474545} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {91B3BE1C-9ADF-4846-8AD4-2EEA12A3E54F} - System32\Tasks\Digital Sites => C:\Users\Basti\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {9A245832-5691-4A54-8546-BE6D9FEA9BB9} - System32\Tasks\FoxTab => C:\Users\Basti\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {9AD91BFF-A482-4C6E-9AB3-97B1CA375D18} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {9F66F12C-A99F-43F4-AB39-644988899AC7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-04] (Google Inc.)
Task: {B88F59EE-6CBE-4A5F-A08E-B945A3FBE029} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {E93AFF5F-DCA6-4782-9030-2F0E46CAF08D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-04] (Google Inc.)
Task: {EC2D81DB-0B05-4BF0-89FA-052AC9F55EB0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {FA9E8664-A051-45C0-9240-75A098C450DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Basti\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\Basti\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-02-14 18:53 - 2012-02-14 18:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-12-08 13:49 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Basti\AppData\Roaming\Dropbox\bin\libcef.dll
2013-08-26 17:41 - 2013-08-26 17:41 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\991a8d378a3e64b31c0f4770ba9ae071\IsdiInterop.ni.dll
2012-06-20 15:06 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-06-20 15:11 - 2012-02-08 02:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-01-04 19:16 - 2013-10-29 14:08 - 02869720 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2013-12-21 21:34 - 2013-12-21 21:34 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/04/2014 07:04:21 PM) (Source: Application Hang) (User: )
Description: Programm psi.exe, Version 3.0.0.9016 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 13e4
Startzeit: 01cf09773e0aac48
Endzeit: 15
Anwendungspfad: C:\Program Files (x86)\Secunia\PSI\psi.exe
Berichts-ID: 9b99ab77-756a-11e3-bc35-a0b3cccc72bf
Error: (01/04/2014 05:01:27 PM) (Source: MsiInstaller) (User: HP)
Description: Fehler beim Starten einer Windows Installer-Transaktion: {86D4B82A-ABED-442A-BE86-96357B70F4FE}. Fehler 1618 beim Starten der Transaktion.
Error: (01/04/2014 04:31:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/04/2014 03:31:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/04/2014 11:35:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/03/2014 05:00:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/03/2014 02:39:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/03/2014 09:14:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/02/2014 10:25:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/02/2014 00:37:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/03/2014 09:19:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.165.1076.0)
Error: (01/01/2014 11:19:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.165.887.0)
Error: (12/26/2013 10:11:28 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%-2147024882
Error: (12/25/2013 10:16:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/25/2013 10:16:36 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (12/25/2013 10:16:36 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (12/25/2013 10:15:39 PM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (12/25/2013 10:15:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/25/2013 10:15:39 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (12/25/2013 10:38:32 AM) (Source: BugCheck) (User: )
Description: 0x00000050 (0xfffff80000000030, 0x0000000000000000, 0xfffff80002ec3afa, 0x0000000000000000)C:\Windows\MEMORY.DMP122513-56550-01
Microsoft Office Sessions:
=========================
Error: (01/04/2014 07:04:21 PM) (Source: Application Hang)(User: )
Description: psi.exe3.0.0.901613e401cf09773e0aac4815C:\Program Files (x86)\Secunia\PSI\psi.exe9b99ab77-756a-11e3-bc35-a0b3cccc72bf
Error: (01/04/2014 05:01:27 PM) (Source: MsiInstaller)(User: HP)
Description: {86D4B82A-ABED-442A-BE86-96357B70F4FE}1618(NULL)(NULL)(NULL)(NULL)
Error: (01/04/2014 04:31:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/04/2014 03:31:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/04/2014 11:35:17 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/03/2014 05:00:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/03/2014 02:39:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/03/2014 09:14:40 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/02/2014 10:25:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/02/2014 00:37:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 46%
Total physical RAM: 3996.36 MB
Available physical RAM: 2138.47 MB
Total Pagefile: 7990.9 MB
Available Pagefile: 5898.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:277.83 GB) (Free:209.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:19.97 GB) (Free:2.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D2E3023C)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=278 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-04 20:20:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AX00 298,09GB
Running: gmer_2.1.19163(1).exe; Driver: C:\Users\Basti\AppData\Local\Temp\pxldipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
.text ... * 2
.text C:\Program Files (x86)\HP SimplePass\TouchControl.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
.text C:\Program Files (x86)\HP SimplePass\TouchControl.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
.text ... * 2
.text C:\Windows\SysWOW64\rundll32.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
.text C:\Windows\SysWOW64\rundll32.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
.text ... * 2
.text C:\Users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe[3160] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
.text C:\Users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe[3160] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\ntdll.dll [1736:1740] 000000000134d1f6
Thread C:\Windows\SysWOW64\ntdll.dll [1736:4080] 000000007242a7e0
Thread C:\Windows\SysWOW64\ntdll.dll [1736:3292] 0000000073468960
Thread C:\Windows\SysWOW64\ntdll.dll [1736:3296] 0000000073468960
Thread C:\Windows\SysWOW64\ntdll.dll [1736:3288] 0000000073468960
Thread C:\Windows\SysWOW64\ntdll.dll [1736:3284] 0000000073464090
---- EOF - GMER 2.1 ----
Code:
ATTFilter
Typ: Datei
Quelle: C:\Users\Basti\AppData\Local\Temp\is1590112554\9879725_stp\uninstaller.exe
Status: Infiziert
Quarantäne-Objekt: 5be9c282.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.166
Virendefinitionsdatei: 7.11.123.138
Gefunden: ADWARE/InstallCore.Gen
Datum/Uhrzeit: 04.01.2014, 19:17
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 4. Januar 2014 19:16
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : HP
Versionsinformationen:
BUILD.DAT : 14.0.2.286 55547 Bytes 09.12.2013 11:37:00
AVSCAN.EXE : 14.0.2.254 1032760 Bytes 18.12.2013 19:52:10
AVSCANRC.DLL : 14.0.2.180 62008 Bytes 18.12.2013 19:52:10
LUKE.DLL : 14.0.2.234 65592 Bytes 18.12.2013 19:52:30
AVSCPLR.DLL : 14.0.2.254 124472 Bytes 18.12.2013 19:52:10
AVREG.DLL : 14.0.2.212 250424 Bytes 18.12.2013 19:52:09
avlode.dll : 14.0.2.254 540216 Bytes 18.12.2013 19:52:08
avlode.rdf : 13.0.1.62 56973 Bytes 09.12.2013 19:18:23
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 15:22:20
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 14:53:08
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 18:10:07
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 15:51:40
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 14:34:19
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 18:21:17
VBASE006.VDF : 7.11.103.230 2293248 Bytes 24.09.2013 13:39:48
VBASE007.VDF : 7.11.116.38 5485568 Bytes 28.11.2013 17:27:13
VBASE008.VDF : 7.11.120.140 1154560 Bytes 19.12.2013 16:45:35
VBASE009.VDF : 7.11.120.141 2048 Bytes 19.12.2013 16:45:36
VBASE010.VDF : 7.11.120.142 2048 Bytes 19.12.2013 16:45:37
VBASE011.VDF : 7.11.120.143 2048 Bytes 19.12.2013 16:45:38
VBASE012.VDF : 7.11.120.144 2048 Bytes 19.12.2013 16:45:38
VBASE013.VDF : 7.11.120.145 2048 Bytes 19.12.2013 16:45:39
VBASE014.VDF : 7.11.121.19 126976 Bytes 21.12.2013 16:52:00
VBASE015.VDF : 7.11.121.147 122880 Bytes 24.12.2013 07:38:28
VBASE016.VDF : 7.11.121.233 115712 Bytes 25.12.2013 21:20:01
VBASE017.VDF : 7.11.122.57 325120 Bytes 27.12.2013 14:50:55
VBASE018.VDF : 7.11.122.123 199680 Bytes 28.12.2013 16:39:05
VBASE019.VDF : 7.11.122.219 368640 Bytes 01.01.2014 16:34:20
VBASE020.VDF : 7.11.123.39 182272 Bytes 03.01.2014 16:04:46
VBASE021.VDF : 7.11.123.40 2048 Bytes 03.01.2014 16:04:47
VBASE022.VDF : 7.11.123.41 2048 Bytes 03.01.2014 16:04:47
VBASE023.VDF : 7.11.123.42 2048 Bytes 03.01.2014 16:04:47
VBASE024.VDF : 7.11.123.43 2048 Bytes 03.01.2014 16:04:47
VBASE025.VDF : 7.11.123.44 2048 Bytes 03.01.2014 16:04:47
VBASE026.VDF : 7.11.123.45 2048 Bytes 03.01.2014 16:04:47
VBASE027.VDF : 7.11.123.46 2048 Bytes 03.01.2014 16:04:47
VBASE028.VDF : 7.11.123.47 2048 Bytes 03.01.2014 16:04:47
VBASE029.VDF : 7.11.123.48 2048 Bytes 03.01.2014 16:04:47
VBASE030.VDF : 7.11.123.49 2048 Bytes 03.01.2014 16:04:47
VBASE031.VDF : 7.11.123.138 201216 Bytes 04.01.2014 16:39:35
Engineversion : 8.2.12.166
AEVDF.DLL : 8.1.3.4 102774 Bytes 13.06.2013 15:27:40
AESCRIPT.DLL : 8.1.4.176 520574 Bytes 19.12.2013 16:45:56
AESCN.DLL : 8.1.10.6 131447 Bytes 11.12.2013 16:54:32
AESBX.DLL : 8.2.16.26 1245560 Bytes 23.08.2013 19:26:02
AERDL.DLL : 8.2.0.138 704888 Bytes 02.12.2013 15:59:43
AEPACK.DLL : 8.3.3.8 762232 Bytes 19.12.2013 16:45:54
AEOFFICE.DLL : 8.1.2.76 205181 Bytes 09.08.2013 16:32:05
AEHEUR.DLL : 8.1.4.830 6386042 Bytes 19.12.2013 16:45:53
AEHELP.DLL : 8.1.27.10 266618 Bytes 22.11.2013 16:15:36
AEGEN.DLL : 8.1.7.20 446839 Bytes 13.11.2013 16:26:12
AEEXP.DLL : 8.4.1.138 418168 Bytes 14.12.2013 12:40:44
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.33.0 225657 Bytes 11.12.2013 16:54:31
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38
AVWINLL.DLL : 14.0.2.180 23608 Bytes 18.12.2013 19:51:59
AVPREF.DLL : 14.0.2.180 48696 Bytes 18.12.2013 19:52:09
AVREP.DLL : 14.0.2.180 175672 Bytes 18.12.2013 19:52:09
AVARKT.DLL : 14.0.2.254 256056 Bytes 18.12.2013 19:52:03
AVEVTLOG.DLL : 14.0.2.180 165944 Bytes 18.12.2013 19:52:06
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 14.0.2.180 60472 Bytes 18.12.2013 19:52:11
NETNT.DLL : 14.0.2.180 13368 Bytes 18.12.2013 19:52:30
RCIMAGE.DLL : 14.0.2.180 4786744 Bytes 18.12.2013 19:52:00
RCTEXT.DLL : 14.0.2.270 73272 Bytes 18.12.2013 19:52:00
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_52c8295c\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Reparieren
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+SPR,
Beginn des Suchlaufs: Samstag, 4. Januar 2014 19:16
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrueSuiteService.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '158' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'AERTSr64.exe' - '8' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'ezSharedSvcHost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPDrvMntSvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPWMISVC.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'PSIA.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'TouchControl.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '185' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'BioMonitor.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkNGUI64.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'BJMYPRT.EXE' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'psi_tray.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNSEMAIN.EXE' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNMNSST.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'splwow64.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNSEUPDT.EXE' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpsa_service.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICReinstall_ZipExtractorSetup.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'setup.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'setup.tmp' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'Mobogenie_Setup_UN.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'OptProCrash.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\Basti\AppData\Local\Temp\is1590112554\9879725_stp\uninstaller.exe'
C:\Users\Basti\AppData\Local\Temp\is1590112554\9879725_stp\uninstaller.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5be9c282.qua' verschoben!
Ende des Suchlaufs: Samstag, 4. Januar 2014 19:17
Benötigte Zeit: 00:46 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
4041 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
4040 Dateien ohne Befall
41 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Ich hoffe mir ist noch zu helfen  |
|
05.01.2014, 11:14
| #2 | |
| /// the machine /// TB-Ausbilder    | ADWARE/InstallCore.Gen erneut da hi,
__________________Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
05.01.2014, 13:26
| #3 |
| | ADWARE/InstallCore.Gen erneut da Hallo,
__________________Danke, dass du dich meiner annimmst  Code:
ATTFilter ComboFix 14-01-04.03 - Basti 05.01.2014 12:32:57.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3996.2414 [GMT 1:00]
ausgeführt von:: c:\users\Basti\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-12-05 bis 2014-01-05 ))))))))))))))))))))))))))))))
.
.
2014-01-05 12:18 . 2014-01-05 12:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-04 18:23 . 2014-01-04 18:23 -------- d-----w- C:\FRST
2014-01-04 18:16 . 2014-01-04 19:01 -------- d-----w- c:\program files (x86)\Optimizer Pro
2014-01-04 16:01 . 2014-01-04 18:54 -------- d-----w- c:\program files (x86)\Google
2014-01-04 16:01 . 2014-01-04 16:01 -------- d-----w- c:\programdata\NCH Software
2014-01-04 16:01 . 2014-01-04 18:53 -------- d-----w- c:\program files (x86)\NCH Software
2014-01-04 15:22 . 2014-01-04 18:55 -------- d-----w- c:\users\Basti\AppData\Local\Mobogenie
2014-01-04 15:21 . 2014-01-04 18:55 -------- d-----w- c:\program files (x86)\Mobogenie
2014-01-04 15:20 . 2014-01-04 15:23 -------- d-----w- c:\program files (x86)\PC Speed Maximizer
2014-01-04 15:20 . 2014-01-04 15:20 -------- d-----w- c:\program files (x86)\VideoConverter
2014-01-03 09:04 . 2014-01-03 09:04 -------- d-----w- c:\users\Basti\AppData\Roaming\OpenOffice
2014-01-03 08:18 . 2013-12-16 00:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F308EB97-A232-4ECF-A738-48C6EEBF159D}\mpengine.dll
2013-12-27 19:44 . 2013-12-27 19:51 -------- d-----w- c:\program files (x86)\Ja2
2013-12-26 09:04 . 2012-03-14 04:00 385024 ----a-w- c:\windows\system32\CNMLMAT.DLL
2013-12-26 08:56 . 2013-12-26 08:56 -------- d-----w- c:\users\Basti\AppData\Local\ElevatedDiagnostics
2013-12-26 08:47 . 2013-12-26 08:47 -------- d-----w- c:\users\Basti\AppData\Local\Tracker Software
2013-12-25 10:30 . 2013-12-25 10:30 -------- d-----w- c:\programdata\Oracle
2013-12-25 10:30 . 2013-12-25 10:30 312744 ----a-w- c:\windows\system32\javaws.exe
2013-12-25 10:30 . 2013-12-25 10:30 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-12-25 10:30 . 2013-12-25 10:30 189352 ----a-w- c:\windows\system32\javaw.exe
2013-12-25 10:30 . 2013-12-25 10:30 189352 ----a-w- c:\windows\system32\java.exe
2013-12-25 10:30 . 2013-12-25 10:30 -------- d-----w- c:\program files\Java
2013-12-25 10:20 . 2013-12-25 10:20 -------- d-----w- c:\program files (x86)\OpenOffice 4
2013-12-25 10:09 . 2013-12-25 10:09 -------- d-----w- c:\users\Basti\AppData\Local\Secunia PSI
2013-12-25 10:09 . 2013-12-25 10:09 -------- d-----w- c:\program files (x86)\Secunia
2013-12-25 10:04 . 2013-12-25 10:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-25 10:04 . 2013-12-25 10:04 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-25 09:58 . 2013-12-25 09:59 -------- d-----w- c:\program files\Tracker Software (Adobereader alternative)
2013-12-25 09:44 . 2013-12-25 09:44 -------- d-----w- c:\windows\Migration
2013-12-24 15:58 . 2013-12-24 15:58 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-12-24 15:56 . 2013-12-24 15:56 -------- d-----w- c:\users\Basti\AppData\Roaming\Malwarebytes
2013-12-23 17:25 . 2013-12-25 09:24 -------- d-----w- c:\windows\ERUNT
2013-12-23 15:08 . 2013-12-23 15:08 -------- d-----w- c:\programdata\Malwarebytes
2013-12-23 15:08 . 2013-12-24 16:37 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-23 12:31 . 2013-12-23 12:31 -------- d-----w- C:\AuthLog
2013-12-23 12:17 . 2013-12-23 12:17 -------- d-----w- c:\users\Basti\.android
2013-12-23 12:17 . 2013-12-23 12:17 -------- d-----w- c:\users\Basti\AppData\Local\cache
2013-12-23 12:17 . 2014-01-05 11:28 -------- d-----w- c:\users\Basti\AppData\Roaming\newnext.me
2013-12-23 12:17 . 2014-01-04 18:17 -------- d-----w- c:\users\Basti\AppData\Local\genienext
2013-12-23 12:15 . 2013-12-23 12:15 -------- d-----w- c:\users\Basti\AppData\Roaming\DigitalSites
2013-12-23 12:15 . 2013-12-23 12:15 -------- d-----w- c:\users\Basti\AppData\Local\Programs
2013-12-21 20:35 . 2013-12-21 20:35 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-12-15 18:59 . 2013-12-16 17:09 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-12-13 07:18 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-13 07:18 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-13 07:18 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-13 07:18 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-13 07:18 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-13 07:15 . 2013-11-26 08:16 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-12-13 07:15 . 2013-11-26 08:35 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-12-10 21:29 . 2013-12-10 21:36 -------- d-----w- c:\programdata\Easybits Magic Desktop for HP
2013-12-06 14:47 . 2013-12-06 14:47 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-18 19:52 . 2013-05-07 17:53 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-12-18 19:52 . 2013-03-31 11:13 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-18 19:52 . 2013-03-31 11:13 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-14 14:50 . 2012-11-03 12:12 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-11-26 17:36 . 2013-03-31 11:13 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-11-26 11:25 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-20 17:49 . 2013-11-20 17:49 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-20 17:49 . 2013-11-20 17:49 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-20 17:49 . 2013-11-20 17:49 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-20 17:49 . 2013-11-20 17:49 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-20 17:49 . 2013-11-20 17:49 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-20 17:49 . 2013-11-20 17:49 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-20 17:49 . 2013-11-20 17:49 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-20 17:49 . 2013-11-20 17:49 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-20 17:49 . 2013-11-20 17:49 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-20 17:49 . 2013-11-20 17:49 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-20 17:49 . 2013-11-20 17:49 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-20 17:49 . 2013-11-20 17:49 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-20 17:49 . 2013-11-20 17:49 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-20 17:49 . 2013-11-20 17:49 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-20 17:49 . 2013-11-20 17:49 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-20 17:49 . 2013-11-20 17:49 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-20 17:49 . 2013-11-20 17:49 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-20 17:49 . 2013-11-20 17:49 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-20 17:49 . 2013-11-20 17:49 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-20 17:49 . 2013-11-20 17:49 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-20 17:49 . 2013-11-20 17:49 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-20 17:49 . 2013-11-20 17:49 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-20 17:49 . 2013-11-20 17:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-20 17:49 . 2013-11-20 17:49 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-20 17:49 . 2013-11-20 17:49 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-20 17:49 . 2013-11-20 17:49 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-20 17:49 . 2013-11-20 17:49 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-20 17:49 . 2013-11-20 17:49 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-20 17:49 . 2013-11-20 17:49 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-20 17:49 . 2013-11-20 17:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-20 17:49 . 2013-11-20 17:49 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-20 17:49 . 2013-11-20 17:49 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-20 17:49 . 2013-11-20 17:49 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-20 17:49 . 2013-11-20 17:49 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-20 17:49 . 2013-11-20 17:49 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-20 17:49 . 2013-11-20 17:49 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-20 17:49 . 2013-11-20 17:49 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-20 17:49 . 2013-11-20 17:49 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-20 17:49 . 2013-11-20 17:49 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-20 17:49 . 2013-11-20 17:49 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-20 17:49 . 2013-11-20 17:49 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-20 17:49 . 2013-11-20 17:49 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-20 17:49 . 2013-11-20 17:49 413696 ----a-w- c:\windows\system32\html.iec
2013-11-20 17:49 . 2013-11-20 17:49 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-20 17:49 . 2013-11-20 17:49 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-20 17:49 . 2013-11-20 17:49 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-20 17:49 . 2013-11-20 17:49 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-20 17:49 . 2013-11-20 17:49 235520 ----a-w- c:\windows\system32\url.dll
2013-11-20 17:49 . 2013-11-20 17:49 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-20 17:49 . 2013-11-20 17:49 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-20 17:49 . 2013-11-20 17:49 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-20 17:49 . 2013-11-20 17:49 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-20 17:49 . 2013-11-20 17:49 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-20 17:49 . 2013-11-20 17:49 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-20 17:49 . 2013-11-20 17:49 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-20 17:49 . 2013-11-20 17:49 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-20 17:49 . 2013-11-20 17:49 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-20 17:49 . 2013-11-20 17:49 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-20 17:49 . 2013-11-20 17:49 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-07 00:52 . 2013-11-07 00:52 279000 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2013-11-07 00:52 . 2013-11-07 00:52 515544 ----a-w- c:\windows\system32\igfxsrvc.exe
2013-11-07 00:52 . 2013-11-07 00:52 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2013-11-07 00:52 . 2013-11-07 00:52 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2013-11-07 00:52 . 2013-11-07 00:52 438784 ----a-w- c:\windows\system32\igfxrsky.lrc
2013-11-07 00:52 . 2013-11-07 00:52 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2013-11-07 00:52 . 2013-11-07 00:52 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2013-11-07 00:52 . 2013-11-07 00:52 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2013-11-07 00:52 . 2013-11-07 00:52 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2013-11-07 00:52 . 2013-11-07 00:52 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2013-11-07 00:52 . 2013-11-07 00:52 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2013-11-07 00:52 . 2013-11-07 00:52 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2013-11-07 00:52 . 2013-11-07 00:52 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2013-11-07 00:52 . 2013-11-07 00:52 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2013-11-07 00:52 . 2013-11-07 00:52 171992 ----a-w- c:\windows\system32\igfxtray.exe
2013-11-07 00:52 . 2013-11-07 00:52 116224 ----a-w- c:\windows\system32\igfxCoIn_v3347.dll
2013-11-07 00:52 . 2012-02-14 17:57 64000 ----a-w- c:\windows\system32\igfxsrvc.dll
2013-11-07 00:52 . 2013-11-07 00:52 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2013-11-07 00:52 . 2013-11-07 00:52 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2013-11-07 00:52 . 2013-11-07 00:52 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2013-11-07 00:52 . 2013-11-07 00:52 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2013-11-07 00:52 . 2013-11-07 00:52 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2013-11-07 00:52 . 2013-11-07 00:52 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2013-11-07 00:52 . 2013-11-07 00:52 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2013-11-07 00:52 . 2013-11-07 00:52 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2013-11-07 00:52 . 2013-11-07 00:52 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2013-11-07 00:52 . 2013-11-07 00:52 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2013-11-07 00:52 . 2013-11-07 00:52 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2013-11-07 00:52 . 2013-11-07 00:52 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2013-11-07 00:52 . 2013-11-07 00:52 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2013-11-07 00:52 . 2013-11-07 00:52 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2013-11-07 00:52 . 2013-11-07 00:52 431104 ----a-w- c:\windows\system32\igfxrkor.lrc
2013-11-07 00:52 . 2013-11-07 00:52 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2013-11-07 00:52 . 2013-11-07 00:52 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2013-11-07 00:52 . 2013-11-07 00:52 384512 ----a-w- c:\windows\system32\igfxpph.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NextLive"="c:\users\Basti\AppData\Roaming\newnext.me\nengine.dll" [2013-11-14 1283584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-18 684600]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2013-12-10 1243656]
.
c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-12-18 30714312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys;c:\windows\SYSNATIVE\drivers\Smb_driver.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-25 10:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-13 6463592]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-07 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-07 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-07 442328]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\y0btifz5.default\
FF - prefs.js: browser.startup.homepage - http://www.trojaner-board.de/search....0|about:newtab
FF - ExtSQL: 2013-12-21 18:00; {1766c545-cec8-4a4d-a869-a22153bec7a3}; c:\program files (x86)\Re-markit\150.xpi
FF - user.js: extensions.irspeeddial.aflt - fxtb103
FF - user.js: extensions.irspeeddial.instlRef -
FF - user.js: extensions.irspeeddial.cr - 67588427
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1Qzu0AtD0BtA0C0C0C0CyBtB0B0F0E0F0FzytN0D0Tzu0CyBtAyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu1G2Z1S
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{4d5c5a63-c98f-4693-a3dc-5cf708212045} - c:\program files (x86)\Re-markit\150.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-mobilegeni daemon - c:\program files (x86)\Mobogenie\DaemonProcess.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-VIS - c:\users\Basti\AppData\Roaming\Windows Net Data\uninstaller.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-01-05 13:22:07
ComboFix-quarantined-files.txt 2014-01-05 12:22
.
Vor Suchlauf: 11 Verzeichnis(se), 225.131.421.696 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 224.883.195.904 Bytes frei
.
- - End Of File - - E85683E43CFECFF6A3456391310EB265
|
|
06.01.2014, 12:36
| #4 |
| /// the machine /// TB-Ausbilder | ADWARE/InstallCore.Gen erneut da Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.01.2014, 15:52
| #5 |
| | ADWARE/InstallCore.Gen erneut da Hallo, hier kommen die Logs: 1. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.06.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Basti :: HP [Administrator] Schutz: Aktiviert 06.01.2014 15:00:22 mbam-log-2014-01-06 (15-00-22).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213163 Laufzeit: 10 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Users\Basti\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 5 HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d5c5a63-c98f-4693-a3dc-5cf708212045} (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{4d5c5a63-c98f-4693-a3dc-5cf708212045} (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Daten: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Basti\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: zr2X2X1G1S1F2V1S2Q0V -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 4 C:\Users\Basti\AppData\Roaming\DigitalSites\UpdateProc (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Basti\Documents\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Basti\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Löschen bei Neustart. C:\Users\Basti\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 12 C:\Users\Basti\Downloads\VideoConverterSetup.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Basti\Downloads\ZipExtractorSetup.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\99dca.msi (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Basti\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Basti\AppData\Roaming\DigitalSites\UpdateProc\config.dat (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Basti\AppData\Roaming\DigitalSites\UpdateProc\prod.dat (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Basti\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Basti\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Basti\Documents\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Basti\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Löschen bei Neustart. C:\Users\Basti\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Basti\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 06/01/2014 um 15:25:50
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Basti - HP
# Gestartet von : C:\Users\Basti\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\optimizer pro
Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Basti\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Basti\Documents\Mobogenie
Datei Gelöscht : C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\y0btifz5.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\NCH Software
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\NCH Software
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\NCH Software
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\y0btifz5.default\prefs.js ]
Zeile gelöscht : user_pref("CT3317893.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1435dd899543e4325a1b2676a4cbe446");
*************************
AdwCleaner[R0].txt - [2351 octets] - [06/01/2014 15:22:53]
AdwCleaner[S0].txt - [2079 octets] - [06/01/2014 15:25:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2139 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by Basti on 06.01.2014 at 15:31:08,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Basti\AppData\Roaming\mozilla\firefox\profiles\y0btifz5.default\minidumps [4 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.01.2014 at 15:41:52,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by Basti (administrator) on HP on 06-01-2014 15:43:36
Running from C:\Users\Basti\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(HP) C:\Program Files (x86)\HP SimplePass\BioMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-02-24] (Synaptics Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] - C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-10] (Easybits)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
Startup: C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: HP SimplePass Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: HP SimplePass Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll (HP)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll (HP)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\y0btifz5.default
FF Homepage: http://www.trojaner-board.de/search....0|about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software (Adobereader alternative)\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software (Adobereader alternative)\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software (Adobereader alternative)\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software (Adobereader alternative)\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software (Adobereader alternative)\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Basti\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\Users\Basti\AppData\Roaming\Mozilla\Plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: CookieCuller - C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\y0btifz5.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [260424 2011-12-11] (HP)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [269640 2011-12-09] (AuthenTec, Inc.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-02-24] (Synaptics Incorporated)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 clwvd; system32\DRIVERS\clwvd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-06 15:43 - 2014-01-06 15:43 - 00014441 _____ C:\Users\Basti\Desktop\FRST.txt
2014-01-06 15:43 - 2014-01-06 15:43 - 00000000 ____D C:\Users\Basti\Desktop\FRST-OlderVersion
2014-01-06 15:41 - 2014-01-06 15:41 - 00000756 _____ C:\Users\Basti\Desktop\JRT.txt
2014-01-06 15:30 - 2014-01-06 15:30 - 01036305 _____ (Thisisu) C:\Users\Basti\Desktop\JRT.exe
2014-01-06 15:21 - 2014-01-06 15:26 - 00000000 ____D C:\AdwCleaner
2014-01-06 15:20 - 2014-01-06 15:20 - 01233962 _____ C:\Users\Basti\Desktop\adwcleaner.exe
2014-01-06 14:58 - 2014-01-06 14:58 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-06 14:58 - 2014-01-06 14:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-06 14:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-06 14:56 - 2014-01-06 14:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Basti\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-05 14:49 - 2014-01-05 14:49 - 00001112 _____ C:\Users\Basti\Desktop\ComboFix.exe - Verknüpfung.lnk
2014-01-05 13:22 - 2014-01-05 13:22 - 00027284 _____ C:\ComboFix.txt
2014-01-05 12:31 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-05 12:31 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-05 12:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-05 12:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-05 12:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-05 12:31 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-05 12:31 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-05 12:31 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-05 12:30 - 2014-01-05 13:22 - 00000000 ____D C:\Qoobox
2014-01-05 12:30 - 2014-01-05 13:19 - 00000000 ____D C:\Windows\erdnt
2014-01-05 12:29 - 2014-01-05 12:30 - 05160001 ____R (Swearware) C:\Users\Basti\Downloads\ComboFix.exe
2014-01-04 20:32 - 2014-01-04 20:32 - 00279968 _____ C:\Windows\Minidump\010414-18798-01.dmp
2014-01-04 19:30 - 2014-01-04 19:30 - 00377856 _____ C:\Users\Basti\Desktop\gmer_2.1.19163(1).exe
2014-01-04 19:25 - 2014-01-04 19:26 - 00024484 _____ C:\Users\Basti\Downloads\Addition.txt
2014-01-04 19:24 - 2014-01-04 19:26 - 00045706 _____ C:\Users\Basti\Downloads\FRST.txt
2014-01-04 19:23 - 2014-01-06 15:43 - 01931762 _____ (Farbar) C:\Users\Basti\Desktop\FRST64.exe
2014-01-04 19:23 - 2014-01-06 15:43 - 00000000 ____D C:\FRST
2014-01-04 19:21 - 2014-01-06 15:14 - 00000000 ____D C:\Users\Basti\Desktop\trojaner
2014-01-04 19:20 - 2014-01-04 19:20 - 00000000 _____ C:\Users\Basti\defogger_reenable
2014-01-04 19:19 - 2014-01-04 19:19 - 00050477 _____ C:\Users\Basti\Desktop\Defogger.exe
2014-01-04 17:21 - 2014-01-05 14:25 - 00000105 _____ C:\Users\Basti\AppData\Roaming\WB.CFG
2014-01-04 17:21 - 2014-01-05 14:25 - 00000005 _____ C:\Users\Basti\AppData\Roaming\WBPU-TTL.DAT
2014-01-04 17:01 - 2014-01-04 19:54 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-04 17:01 - 2014-01-04 19:53 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2014-01-04 16:51 - 2014-01-04 16:51 - 00614784 _____ C:\Users\Basti\Downloads\express-rip-1-94.exe
2014-01-04 16:36 - 2014-01-04 16:36 - 05834488 _____ (ManiacTools.com ) C:\Users\Basti\Downloads\m4a-to80-mp3-converter.exe
2014-01-04 16:20 - 2014-01-04 16:20 - 00000000 ____D C:\Program Files (x86)\VideoConverter
2014-01-04 15:37 - 2014-01-04 16:06 - 00000000 ____D C:\Users\Basti\Desktop\stik
2014-01-03 10:04 - 2014-01-03 10:04 - 00000000 ____D C:\Users\Basti\AppData\Roaming\OpenOffice
2013-12-27 20:52 - 2013-12-27 20:52 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-27 20:47 - 2013-12-27 20:47 - 00000885 _____ C:\Users\Basti\Desktop\Jagged Alliance 2.lnk
2013-12-27 20:47 - 2013-12-27 20:47 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jagged Alliance 2
2013-12-27 20:44 - 2013-12-27 20:51 - 00000000 ____D C:\Program Files (x86)\Ja2
2013-12-26 10:04 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAT.DLL
2013-12-26 09:47 - 2013-12-26 09:47 - 00000000 ____D C:\Users\Basti\AppData\Local\Tracker Software
2013-12-25 11:30 - 2013-12-25 11:30 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-25 11:30 - 2013-12-25 11:30 - 00000000 ____D C:\ProgramData\Oracle
2013-12-25 11:30 - 2013-12-25 11:30 - 00000000 ____D C:\Program Files\Java
2013-12-25 11:29 - 2013-12-25 11:29 - 30694824 _____ (Oracle Corporation) C:\Users\Basti\Downloads\jre-7u45-windows-x64.exe
2013-12-25 11:21 - 2013-12-25 11:21 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-12-25 11:20 - 2013-12-25 11:20 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-12-25 11:09 - 2013-12-25 11:09 - 00000000 ____D C:\Users\Basti\AppData\Local\Secunia PSI
2013-12-25 11:09 - 2013-12-25 11:09 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-12-25 11:08 - 2013-12-25 11:09 - 05329480 _____ (Secunia) C:\Users\Basti\Downloads\PSISetup_3.0.0.9016.exe
2013-12-25 11:04 - 2014-01-06 15:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-25 11:04 - 2013-12-25 11:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-25 11:04 - 2013-12-25 11:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-25 11:04 - 2013-12-25 11:04 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-25 10:59 - 2013-12-25 10:59 - 00001200 _____ C:\Users\Public\Desktop\PDF-Viewer.lnk
2013-12-25 10:58 - 2013-12-25 10:59 - 00000000 ____D C:\Program Files\Tracker Software (Adobereader alternative)
2013-12-25 10:56 - 2013-12-25 10:56 - 16530904 _____ (Tracker Software Products Ltd ) C:\Users\Basti\Downloads\PDFXVwer_252131.exe
2013-12-25 10:49 - 2013-12-25 10:49 - 05329480 _____ (Secunia) C:\Users\Basti\Downloads\PSISetup.exe
2013-12-25 10:38 - 2014-01-04 20:32 - 472395041 _____ C:\Windows\MEMORY.DMP
2013-12-25 10:38 - 2014-01-04 20:32 - 00000000 ____D C:\Windows\Minidump
2013-12-25 10:38 - 2013-12-25 10:38 - 00279968 _____ C:\Windows\Minidump\122513-56550-01.dmp
2013-12-25 10:24 - 2013-12-25 10:25 - 00001693 _____ C:\DelFix.txt
2013-12-24 16:56 - 2013-12-24 16:56 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Malwarebytes
2013-12-23 18:25 - 2013-12-25 10:24 - 00000000 ____D C:\Windows\ERUNT
2013-12-23 16:08 - 2013-12-24 17:37 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-23 16:08 - 2013-12-23 16:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-23 14:06 - 2013-12-23 14:06 - 00377856 _____ C:\Users\Basti\Downloads\gmer_2.1.19163.exe
2013-12-23 13:31 - 2013-12-23 13:31 - 00000000 ____D C:\AuthLog
2013-12-23 13:17 - 2014-01-04 19:17 - 00000000 ____D C:\Users\Basti\AppData\Local\genienext
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\AppData\Local\cache
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\.android
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 _____ C:\Users\Basti\daemonprocess.txt
2013-12-23 13:15 - 2014-01-06 15:12 - 00000000 ____D C:\Users\Basti\AppData\Roaming\DigitalSites
2013-12-23 13:15 - 2014-01-04 19:16 - 00003220 _____ C:\Windows\System32\Tasks\Digital Sites
2013-12-21 21:37 - 2013-12-21 21:37 - 00000000 _____ C:\autoexec.bat
2013-12-21 21:34 - 2013-12-21 21:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-15 19:59 - 2013-12-16 18:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-13 08:18 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-13 08:18 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-13 08:18 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-13 08:18 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-13 08:16 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 08:16 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 08:16 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-13 08:16 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-13 08:16 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-13 08:16 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 08:16 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 08:16 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-13 08:16 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-13 08:16 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 08:16 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 08:16 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-13 08:16 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-13 08:16 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-13 08:16 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-13 08:16 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-13 08:16 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-13 08:16 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-13 08:16 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-13 08:16 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 08:16 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-13 08:16 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-13 08:16 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 08:16 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 08:16 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-13 08:16 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-13 08:16 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-13 08:16 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-13 08:15 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-13 08:15 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 08:15 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 18:34 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 18:34 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 18:34 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 18:34 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 18:34 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 18:34 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 18:34 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 18:34 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 18:34 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 18:34 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 18:34 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 18:34 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 18:34 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 18:34 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 18:34 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 18:34 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 18:34 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 18:34 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 18:34 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 22:29 - 2013-12-10 22:36 - 00000000 ____D C:\ProgramData\Easybits Magic Desktop for HP
==================== One Month Modified Files and Folders =======
2014-01-06 15:44 - 2014-01-06 15:43 - 00014441 _____ C:\Users\Basti\Desktop\FRST.txt
2014-01-06 15:43 - 2014-01-06 15:43 - 00000000 ____D C:\Users\Basti\Desktop\FRST-OlderVersion
2014-01-06 15:43 - 2014-01-04 19:23 - 01931762 _____ (Farbar) C:\Users\Basti\Desktop\FRST64.exe
2014-01-06 15:43 - 2014-01-04 19:23 - 00000000 ____D C:\FRST
2014-01-06 15:41 - 2014-01-06 15:41 - 00000756 _____ C:\Users\Basti\Desktop\JRT.txt
2014-01-06 15:35 - 2009-07-14 05:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-06 15:35 - 2009-07-14 05:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-06 15:32 - 2012-11-01 09:00 - 01678203 _____ C:\Windows\WindowsUpdate.log
2014-01-06 15:30 - 2014-01-06 15:30 - 01036305 _____ (Thisisu) C:\Users\Basti\Desktop\JRT.exe
2014-01-06 15:27 - 2013-06-22 19:39 - 00000000 ___RD C:\Users\Basti\Dropbox
2014-01-06 15:27 - 2013-06-22 19:36 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Dropbox
2014-01-06 15:26 - 2014-01-06 15:21 - 00000000 ____D C:\AdwCleaner
2014-01-06 15:26 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-06 15:26 - 2009-07-14 05:51 - 00101144 _____ C:\Windows\setupact.log
2014-01-06 15:20 - 2014-01-06 15:20 - 01233962 _____ C:\Users\Basti\Desktop\adwcleaner.exe
2014-01-06 15:14 - 2014-01-04 19:21 - 00000000 ____D C:\Users\Basti\Desktop\trojaner
2014-01-06 15:14 - 2013-12-25 11:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-06 15:14 - 2010-11-21 04:47 - 00667860 _____ C:\Windows\PFRO.log
2014-01-06 15:12 - 2013-12-23 13:15 - 00000000 ____D C:\Users\Basti\AppData\Roaming\DigitalSites
2014-01-06 14:58 - 2014-01-06 14:58 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-06 14:58 - 2014-01-06 14:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-06 14:56 - 2014-01-06 14:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Basti\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-05 21:36 - 2013-05-01 11:06 - 00003906 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{965606AF-5B0A-4D2E-A70A-F1CFFCD8E5C2}
2014-01-05 16:37 - 2012-11-01 11:08 - 00000000 ____D C:\Users\Basti\AppData\Roaming\SoftGrid Client
2014-01-05 14:49 - 2014-01-05 14:49 - 00001112 _____ C:\Users\Basti\Desktop\ComboFix.exe - Verknüpfung.lnk
2014-01-05 14:26 - 2012-03-15 06:32 - 00700134 _____ C:\Windows\system32\perfh007.dat
2014-01-05 14:26 - 2012-03-15 06:32 - 00149984 _____ C:\Windows\system32\perfc007.dat
2014-01-05 14:26 - 2009-07-14 06:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-05 14:25 - 2014-01-04 17:21 - 00000105 _____ C:\Users\Basti\AppData\Roaming\WB.CFG
2014-01-05 14:25 - 2014-01-04 17:21 - 00000005 _____ C:\Users\Basti\AppData\Roaming\WBPU-TTL.DAT
2014-01-05 13:22 - 2014-01-05 13:22 - 00027284 _____ C:\ComboFix.txt
2014-01-05 13:22 - 2014-01-05 12:30 - 00000000 ____D C:\Qoobox
2014-01-05 13:19 - 2014-01-05 12:30 - 00000000 ____D C:\Windows\erdnt
2014-01-05 13:18 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-05 12:30 - 2014-01-05 12:29 - 05160001 ____R (Swearware) C:\Users\Basti\Downloads\ComboFix.exe
2014-01-05 12:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-04 20:32 - 2014-01-04 20:32 - 00279968 _____ C:\Windows\Minidump\010414-18798-01.dmp
2014-01-04 20:32 - 2013-12-25 10:38 - 472395041 _____ C:\Windows\MEMORY.DMP
2014-01-04 20:32 - 2013-12-25 10:38 - 00000000 ____D C:\Windows\Minidump
2014-01-04 20:03 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-04 19:54 - 2014-01-04 17:01 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-04 19:54 - 2013-10-31 20:15 - 00000000 ____D C:\Users\Basti\AppData\Local\Google
2014-01-04 19:53 - 2014-01-04 17:01 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2014-01-04 19:30 - 2014-01-04 19:30 - 00377856 _____ C:\Users\Basti\Desktop\gmer_2.1.19163(1).exe
2014-01-04 19:26 - 2014-01-04 19:25 - 00024484 _____ C:\Users\Basti\Downloads\Addition.txt
2014-01-04 19:26 - 2014-01-04 19:24 - 00045706 _____ C:\Users\Basti\Downloads\FRST.txt
2014-01-04 19:20 - 2014-01-04 19:20 - 00000000 _____ C:\Users\Basti\defogger_reenable
2014-01-04 19:20 - 2012-11-01 10:54 - 00000000 ____D C:\Users\Basti
2014-01-04 19:19 - 2014-01-04 19:19 - 00050477 _____ C:\Users\Basti\Desktop\Defogger.exe
2014-01-04 19:17 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\AppData\Local\genienext
2014-01-04 19:16 - 2013-12-23 13:15 - 00003220 _____ C:\Windows\System32\Tasks\Digital Sites
2014-01-04 16:51 - 2014-01-04 16:51 - 00614784 _____ C:\Users\Basti\Downloads\express-rip-1-94.exe
2014-01-04 16:47 - 2013-10-31 20:17 - 00000000 ____D C:\Users\Basti\AppData\Roaming\vlc
2014-01-04 16:36 - 2014-01-04 16:36 - 05834488 _____ (ManiacTools.com ) C:\Users\Basti\Downloads\m4a-to80-mp3-converter.exe
2014-01-04 16:20 - 2014-01-04 16:20 - 00000000 ____D C:\Program Files (x86)\VideoConverter
2014-01-04 16:06 - 2014-01-04 15:37 - 00000000 ____D C:\Users\Basti\Desktop\stik
2014-01-03 10:04 - 2014-01-03 10:04 - 00000000 ____D C:\Users\Basti\AppData\Roaming\OpenOffice
2014-01-03 09:24 - 2012-11-03 12:39 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-28 18:10 - 2013-01-25 18:49 - 00000000 ____D C:\Users\Basti\AppData\Local\CrashDumps
2013-12-27 20:52 - 2013-12-27 20:52 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-27 20:51 - 2013-12-27 20:44 - 00000000 ____D C:\Program Files (x86)\Ja2
2013-12-27 20:47 - 2013-12-27 20:47 - 00000885 _____ C:\Users\Basti\Desktop\Jagged Alliance 2.lnk
2013-12-27 20:47 - 2013-12-27 20:47 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jagged Alliance 2
2013-12-26 09:59 - 2012-11-01 11:08 - 01596516 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-26 09:47 - 2013-12-26 09:47 - 00000000 ____D C:\Users\Basti\AppData\Local\Tracker Software
2013-12-25 22:19 - 2013-10-31 20:16 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-12-25 14:12 - 2012-11-01 11:18 - 00064024 _____ C:\Users\Basti\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-25 14:11 - 2009-07-14 05:45 - 00294712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-25 11:30 - 2013-12-25 11:30 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-25 11:30 - 2013-12-25 11:30 - 00000000 ____D C:\ProgramData\Oracle
2013-12-25 11:30 - 2013-12-25 11:30 - 00000000 ____D C:\Program Files\Java
2013-12-25 11:29 - 2013-12-25 11:29 - 30694824 _____ (Oracle Corporation) C:\Users\Basti\Downloads\jre-7u45-windows-x64.exe
2013-12-25 11:21 - 2013-12-25 11:21 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-12-25 11:20 - 2013-12-25 11:20 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-12-25 11:18 - 2012-11-01 10:58 - 00000000 ___RD C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-25 11:09 - 2013-12-25 11:09 - 00000000 ____D C:\Users\Basti\AppData\Local\Secunia PSI
2013-12-25 11:09 - 2013-12-25 11:09 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-12-25 11:09 - 2013-12-25 11:08 - 05329480 _____ (Secunia) C:\Users\Basti\Downloads\PSISetup_3.0.0.9016.exe
2013-12-25 11:04 - 2013-12-25 11:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-25 11:04 - 2013-12-25 11:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-25 11:04 - 2013-12-25 11:04 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-25 11:04 - 2012-12-27 10:49 - 00000000 ____D C:\Users\Basti\AppData\Local\Adobe
2013-12-25 10:59 - 2013-12-25 10:59 - 00001200 _____ C:\Users\Public\Desktop\PDF-Viewer.lnk
2013-12-25 10:59 - 2013-12-25 10:58 - 00000000 ____D C:\Program Files\Tracker Software (Adobereader alternative)
2013-12-25 10:56 - 2013-12-25 10:56 - 16530904 _____ (Tracker Software Products Ltd ) C:\Users\Basti\Downloads\PDFXVwer_252131.exe
2013-12-25 10:54 - 2012-03-14 22:29 - 00000000 ____D C:\ProgramData\Adobe
2013-12-25 10:49 - 2013-12-25 10:49 - 05329480 _____ (Secunia) C:\Users\Basti\Downloads\PSISetup.exe
2013-12-25 10:38 - 2013-12-25 10:38 - 00279968 _____ C:\Windows\Minidump\122513-56550-01.dmp
2013-12-25 10:25 - 2013-12-25 10:24 - 00001693 _____ C:\DelFix.txt
2013-12-25 10:24 - 2013-12-23 18:25 - 00000000 ____D C:\Windows\ERUNT
2013-12-24 17:37 - 2013-12-23 16:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-24 16:56 - 2013-12-24 16:56 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Malwarebytes
2013-12-23 18:15 - 2012-11-01 10:58 - 00000995 _____ C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-23 16:08 - 2013-12-23 16:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-23 14:06 - 2013-12-23 14:06 - 00377856 _____ C:\Users\Basti\Downloads\gmer_2.1.19163.exe
2013-12-23 13:42 - 2012-03-14 22:24 - 00000000 ____D C:\ProgramData\Skype
2013-12-23 13:36 - 2013-01-05 17:06 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Skype
2013-12-23 13:33 - 2013-05-09 20:05 - 00000000 ____D C:\Program Files (x86)\ACR
2013-12-23 13:31 - 2013-12-23 13:31 - 00000000 ____D C:\AuthLog
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\AppData\Local\cache
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\.android
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 _____ C:\Users\Basti\daemonprocess.txt
2013-12-22 09:15 - 2012-11-03 15:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 21:37 - 2013-12-21 21:37 - 00000000 _____ C:\autoexec.bat
2013-12-21 21:35 - 2013-12-21 21:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 17:47 - 2013-06-22 19:39 - 00000979 _____ C:\Users\Basti\Desktop\Dropbox.lnk
2013-12-19 17:47 - 2013-06-22 19:36 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-18 20:52 - 2013-05-07 18:53 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-18 20:52 - 2013-03-31 12:13 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-18 20:52 - 2013-03-31 12:13 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-16 18:09 - 2013-12-15 19:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-14 15:52 - 2013-08-16 14:09 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 15:50 - 2012-11-03 13:12 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 13:37 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-10 22:36 - 2013-12-10 22:29 - 00000000 ____D C:\ProgramData\Easybits Magic Desktop for HP
Some content of TEMP:
====================
C:\Users\Basti\AppData\Local\Temp\avgnt.exe
C:\Users\Basti\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-25 10:18
==================== End Of Log ============================
Gutes Gelingen beim Lernen fürs Studium Gruss |
|
07.01.2014, 10:03
| #6 |
| /// the machine /// TB-Ausbilder | ADWARE/InstallCore.Gen erneut daESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> ADWARE/InstallCore.Gen erneut da |
|
07.01.2014, 22:37
| #7 |
| | ADWARE/InstallCore.Gen erneut da Eine ruhige Nacht für Dich Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8f3d8d36ff9cf843b997acd4931498f6
# engine=16550
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-07 09:19:05
# local_time=2014-01-07 10:19:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 23693 254552835 16453 0
# compatibility_mode=5893 16776573 100 94 20600 140759395 0 0
# scanned=135123
# found=0
# cleaned=0
# scan_time=13301
Code:
ATTFilter Results of screen317's Security Check version 0.99.78 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.9016) Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.9.900.170 Mozilla Firefox (26.0) Mozilla Thunderbird (24.2.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by Basti (administrator) on HP on 07-01-2014 22:28:41
Running from C:\Users\Basti\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass\BioMonitor.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-02-24] (Synaptics Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] - C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-10] (Easybits)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
Startup: C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: HP SimplePass Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: HP SimplePass Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll (HP)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll (HP)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\y0btifz5.default
FF Homepage: http://www.trojaner-board.de/search....0|about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software (Adobereader alternative)\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software (Adobereader alternative)\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software (Adobereader alternative)\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software (Adobereader alternative)\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software (Adobereader alternative)\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Basti\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\Users\Basti\AppData\Roaming\Mozilla\Plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: CookieCuller - C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\y0btifz5.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [260424 2011-12-11] (HP)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [269640 2011-12-09] (AuthenTec, Inc.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-02-24] (Synaptics Incorporated)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 clwvd; system32\DRIVERS\clwvd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-07 22:28 - 2014-01-07 22:28 - 00014441 _____ C:\Users\Basti\Desktop\FRST.txt
2014-01-07 22:25 - 2014-01-07 22:25 - 00987410 _____ C:\Users\Basti\Downloads\SecurityCheck.exe
2014-01-07 18:22 - 2014-01-07 18:23 - 02347384 _____ (ESET) C:\Users\Basti\Downloads\esetsmartinstaller_enu.exe
2014-01-06 15:43 - 2014-01-06 15:43 - 00000000 ____D C:\Users\Basti\Desktop\FRST-OlderVersion
2014-01-06 15:30 - 2014-01-06 15:30 - 01036305 _____ (Thisisu) C:\Users\Basti\Desktop\JRT.exe
2014-01-06 15:21 - 2014-01-06 15:26 - 00000000 ____D C:\AdwCleaner
2014-01-06 15:20 - 2014-01-06 15:20 - 01233962 _____ C:\Users\Basti\Desktop\adwcleaner.exe
2014-01-06 14:58 - 2014-01-06 14:58 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-06 14:58 - 2014-01-06 14:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-06 14:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-06 14:56 - 2014-01-06 14:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Basti\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-05 14:49 - 2014-01-05 14:49 - 00001112 _____ C:\Users\Basti\Desktop\ComboFix.exe - Verknüpfung.lnk
2014-01-05 13:22 - 2014-01-05 13:22 - 00027284 _____ C:\ComboFix.txt
2014-01-05 12:31 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-05 12:31 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-05 12:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-05 12:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-05 12:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-05 12:31 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-05 12:31 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-05 12:31 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-05 12:30 - 2014-01-05 13:22 - 00000000 ____D C:\Qoobox
2014-01-05 12:30 - 2014-01-05 13:19 - 00000000 ____D C:\Windows\erdnt
2014-01-05 12:29 - 2014-01-05 12:30 - 05160001 ____R (Swearware) C:\Users\Basti\Downloads\ComboFix.exe
2014-01-04 20:32 - 2014-01-04 20:32 - 00279968 _____ C:\Windows\Minidump\010414-18798-01.dmp
2014-01-04 19:30 - 2014-01-04 19:30 - 00377856 _____ C:\Users\Basti\Desktop\gmer_2.1.19163(1).exe
2014-01-04 19:25 - 2014-01-04 19:26 - 00024484 _____ C:\Users\Basti\Downloads\Addition.txt
2014-01-04 19:24 - 2014-01-04 19:26 - 00045706 _____ C:\Users\Basti\Downloads\FRST.txt
2014-01-04 19:23 - 2014-01-06 15:43 - 01931762 _____ (Farbar) C:\Users\Basti\Desktop\FRST64.exe
2014-01-04 19:23 - 2014-01-06 15:43 - 00000000 ____D C:\FRST
2014-01-04 19:21 - 2014-01-07 22:22 - 00000000 ____D C:\Users\Basti\Desktop\trojaner
2014-01-04 19:20 - 2014-01-04 19:20 - 00000000 _____ C:\Users\Basti\defogger_reenable
2014-01-04 19:19 - 2014-01-04 19:19 - 00050477 _____ C:\Users\Basti\Desktop\Defogger.exe
2014-01-04 17:21 - 2014-01-05 14:25 - 00000105 _____ C:\Users\Basti\AppData\Roaming\WB.CFG
2014-01-04 17:21 - 2014-01-05 14:25 - 00000005 _____ C:\Users\Basti\AppData\Roaming\WBPU-TTL.DAT
2014-01-04 17:01 - 2014-01-04 19:54 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-04 17:01 - 2014-01-04 19:53 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2014-01-04 16:51 - 2014-01-04 16:51 - 00614784 _____ C:\Users\Basti\Downloads\express-rip-1-94.exe
2014-01-04 16:36 - 2014-01-04 16:36 - 05834488 _____ (ManiacTools.com ) C:\Users\Basti\Downloads\m4a-to80-mp3-converter.exe
2014-01-04 16:20 - 2014-01-04 16:20 - 00000000 ____D C:\Program Files (x86)\VideoConverter
2014-01-04 15:37 - 2014-01-04 16:06 - 00000000 ____D C:\Users\Basti\Desktop\stik
2014-01-03 10:04 - 2014-01-03 10:04 - 00000000 ____D C:\Users\Basti\AppData\Roaming\OpenOffice
2013-12-27 20:52 - 2013-12-27 20:52 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-27 20:47 - 2013-12-27 20:47 - 00000885 _____ C:\Users\Basti\Desktop\Jagged Alliance 2.lnk
2013-12-27 20:47 - 2013-12-27 20:47 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jagged Alliance 2
2013-12-27 20:44 - 2013-12-27 20:51 - 00000000 ____D C:\Program Files (x86)\Ja2
2013-12-26 10:04 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAT.DLL
2013-12-26 09:47 - 2013-12-26 09:47 - 00000000 ____D C:\Users\Basti\AppData\Local\Tracker Software
2013-12-25 11:30 - 2013-12-25 11:30 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-25 11:30 - 2013-12-25 11:30 - 00000000 ____D C:\ProgramData\Oracle
2013-12-25 11:30 - 2013-12-25 11:30 - 00000000 ____D C:\Program Files\Java
2013-12-25 11:29 - 2013-12-25 11:29 - 30694824 _____ (Oracle Corporation) C:\Users\Basti\Downloads\jre-7u45-windows-x64.exe
2013-12-25 11:21 - 2013-12-25 11:21 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-12-25 11:20 - 2013-12-25 11:20 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-12-25 11:09 - 2013-12-25 11:09 - 00000000 ____D C:\Users\Basti\AppData\Local\Secunia PSI
2013-12-25 11:09 - 2013-12-25 11:09 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-12-25 11:08 - 2013-12-25 11:09 - 05329480 _____ (Secunia) C:\Users\Basti\Downloads\PSISetup_3.0.0.9016.exe
2013-12-25 11:04 - 2014-01-07 22:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-25 11:04 - 2013-12-25 11:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-25 11:04 - 2013-12-25 11:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-25 11:04 - 2013-12-25 11:04 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-25 10:59 - 2013-12-25 10:59 - 00001200 _____ C:\Users\Public\Desktop\PDF-Viewer.lnk
2013-12-25 10:58 - 2013-12-25 10:59 - 00000000 ____D C:\Program Files\Tracker Software (Adobereader alternative)
2013-12-25 10:56 - 2013-12-25 10:56 - 16530904 _____ (Tracker Software Products Ltd ) C:\Users\Basti\Downloads\PDFXVwer_252131.exe
2013-12-25 10:49 - 2013-12-25 10:49 - 05329480 _____ (Secunia) C:\Users\Basti\Downloads\PSISetup.exe
2013-12-25 10:38 - 2014-01-04 20:32 - 472395041 _____ C:\Windows\MEMORY.DMP
2013-12-25 10:38 - 2014-01-04 20:32 - 00000000 ____D C:\Windows\Minidump
2013-12-25 10:38 - 2013-12-25 10:38 - 00279968 _____ C:\Windows\Minidump\122513-56550-01.dmp
2013-12-25 10:24 - 2013-12-25 10:25 - 00001693 _____ C:\DelFix.txt
2013-12-24 16:56 - 2013-12-24 16:56 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Malwarebytes
2013-12-23 18:25 - 2013-12-25 10:24 - 00000000 ____D C:\Windows\ERUNT
2013-12-23 16:08 - 2013-12-24 17:37 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-23 16:08 - 2013-12-23 16:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-23 14:06 - 2013-12-23 14:06 - 00377856 _____ C:\Users\Basti\Downloads\gmer_2.1.19163.exe
2013-12-23 13:31 - 2013-12-23 13:31 - 00000000 ____D C:\AuthLog
2013-12-23 13:17 - 2014-01-04 19:17 - 00000000 ____D C:\Users\Basti\AppData\Local\genienext
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\AppData\Local\cache
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\.android
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 _____ C:\Users\Basti\daemonprocess.txt
2013-12-23 13:15 - 2014-01-06 15:12 - 00000000 ____D C:\Users\Basti\AppData\Roaming\DigitalSites
2013-12-23 13:15 - 2014-01-04 19:16 - 00003220 _____ C:\Windows\System32\Tasks\Digital Sites
2013-12-21 21:37 - 2013-12-21 21:37 - 00000000 _____ C:\autoexec.bat
2013-12-21 21:34 - 2013-12-21 21:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-15 19:59 - 2013-12-16 18:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-13 08:18 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-13 08:18 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-13 08:18 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-13 08:18 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-13 08:16 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 08:16 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 08:16 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-13 08:16 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-13 08:16 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-13 08:16 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 08:16 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 08:16 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-13 08:16 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-13 08:16 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 08:16 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 08:16 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-13 08:16 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-13 08:16 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-13 08:16 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-13 08:16 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-13 08:16 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-13 08:16 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-13 08:16 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-13 08:16 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 08:16 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-13 08:16 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-13 08:16 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 08:16 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 08:16 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-13 08:16 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-13 08:16 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-13 08:16 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-13 08:15 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-13 08:15 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 08:15 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 18:34 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 18:34 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 18:34 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 18:34 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 18:34 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 18:34 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 18:34 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 18:34 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 18:34 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 18:34 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 18:34 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 18:34 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 18:34 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 18:34 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 18:34 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 18:34 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 18:34 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 18:34 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 18:34 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 22:29 - 2013-12-10 22:36 - 00000000 ____D C:\ProgramData\Easybits Magic Desktop for HP
==================== One Month Modified Files and Folders =======
2014-01-07 22:29 - 2014-01-07 22:28 - 00014441 _____ C:\Users\Basti\Desktop\FRST.txt
2014-01-07 22:25 - 2014-01-07 22:25 - 00987410 _____ C:\Users\Basti\Downloads\SecurityCheck.exe
2014-01-07 22:22 - 2014-01-04 19:21 - 00000000 ____D C:\Users\Basti\Desktop\trojaner
2014-01-07 22:14 - 2013-12-25 11:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-07 21:47 - 2012-03-15 06:32 - 00700134 _____ C:\Windows\system32\perfh007.dat
2014-01-07 21:47 - 2012-03-15 06:32 - 00149984 _____ C:\Windows\system32\perfc007.dat
2014-01-07 21:47 - 2009-07-14 06:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-07 18:29 - 2009-07-14 05:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-07 18:29 - 2009-07-14 05:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-07 18:23 - 2014-01-07 18:22 - 02347384 _____ (ESET) C:\Users\Basti\Downloads\esetsmartinstaller_enu.exe
2014-01-07 18:21 - 2012-11-01 09:00 - 01731665 _____ C:\Windows\WindowsUpdate.log
2014-01-07 18:19 - 2013-06-22 19:39 - 00000000 ___RD C:\Users\Basti\Dropbox
2014-01-07 18:19 - 2013-06-22 19:36 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Dropbox
2014-01-07 18:18 - 2010-11-21 04:47 - 00669408 _____ C:\Windows\PFRO.log
2014-01-07 18:18 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-07 18:18 - 2009-07-14 05:51 - 00101368 _____ C:\Windows\setupact.log
2014-01-07 17:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2014-01-06 22:37 - 2013-05-01 11:06 - 00003906 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{965606AF-5B0A-4D2E-A70A-F1CFFCD8E5C2}
2014-01-06 15:43 - 2014-01-06 15:43 - 00000000 ____D C:\Users\Basti\Desktop\FRST-OlderVersion
2014-01-06 15:43 - 2014-01-04 19:23 - 01931762 _____ (Farbar) C:\Users\Basti\Desktop\FRST64.exe
2014-01-06 15:43 - 2014-01-04 19:23 - 00000000 ____D C:\FRST
2014-01-06 15:30 - 2014-01-06 15:30 - 01036305 _____ (Thisisu) C:\Users\Basti\Desktop\JRT.exe
2014-01-06 15:26 - 2014-01-06 15:21 - 00000000 ____D C:\AdwCleaner
2014-01-06 15:20 - 2014-01-06 15:20 - 01233962 _____ C:\Users\Basti\Desktop\adwcleaner.exe
2014-01-06 15:12 - 2013-12-23 13:15 - 00000000 ____D C:\Users\Basti\AppData\Roaming\DigitalSites
2014-01-06 14:58 - 2014-01-06 14:58 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-06 14:58 - 2014-01-06 14:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-06 14:56 - 2014-01-06 14:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Basti\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-05 16:37 - 2012-11-01 11:08 - 00000000 ____D C:\Users\Basti\AppData\Roaming\SoftGrid Client
2014-01-05 14:49 - 2014-01-05 14:49 - 00001112 _____ C:\Users\Basti\Desktop\ComboFix.exe - Verknüpfung.lnk
2014-01-05 14:25 - 2014-01-04 17:21 - 00000105 _____ C:\Users\Basti\AppData\Roaming\WB.CFG
2014-01-05 14:25 - 2014-01-04 17:21 - 00000005 _____ C:\Users\Basti\AppData\Roaming\WBPU-TTL.DAT
2014-01-05 13:22 - 2014-01-05 13:22 - 00027284 _____ C:\ComboFix.txt
2014-01-05 13:22 - 2014-01-05 12:30 - 00000000 ____D C:\Qoobox
2014-01-05 13:19 - 2014-01-05 12:30 - 00000000 ____D C:\Windows\erdnt
2014-01-05 13:18 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-05 12:30 - 2014-01-05 12:29 - 05160001 ____R (Swearware) C:\Users\Basti\Downloads\ComboFix.exe
2014-01-05 12:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-04 20:32 - 2014-01-04 20:32 - 00279968 _____ C:\Windows\Minidump\010414-18798-01.dmp
2014-01-04 20:32 - 2013-12-25 10:38 - 472395041 _____ C:\Windows\MEMORY.DMP
2014-01-04 20:32 - 2013-12-25 10:38 - 00000000 ____D C:\Windows\Minidump
2014-01-04 20:03 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-04 19:54 - 2014-01-04 17:01 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-04 19:54 - 2013-10-31 20:15 - 00000000 ____D C:\Users\Basti\AppData\Local\Google
2014-01-04 19:53 - 2014-01-04 17:01 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2014-01-04 19:30 - 2014-01-04 19:30 - 00377856 _____ C:\Users\Basti\Desktop\gmer_2.1.19163(1).exe
2014-01-04 19:26 - 2014-01-04 19:25 - 00024484 _____ C:\Users\Basti\Downloads\Addition.txt
2014-01-04 19:26 - 2014-01-04 19:24 - 00045706 _____ C:\Users\Basti\Downloads\FRST.txt
2014-01-04 19:20 - 2014-01-04 19:20 - 00000000 _____ C:\Users\Basti\defogger_reenable
2014-01-04 19:20 - 2012-11-01 10:54 - 00000000 ____D C:\Users\Basti
2014-01-04 19:19 - 2014-01-04 19:19 - 00050477 _____ C:\Users\Basti\Desktop\Defogger.exe
2014-01-04 19:17 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\AppData\Local\genienext
2014-01-04 19:16 - 2013-12-23 13:15 - 00003220 _____ C:\Windows\System32\Tasks\Digital Sites
2014-01-04 16:51 - 2014-01-04 16:51 - 00614784 _____ C:\Users\Basti\Downloads\express-rip-1-94.exe
2014-01-04 16:47 - 2013-10-31 20:17 - 00000000 ____D C:\Users\Basti\AppData\Roaming\vlc
2014-01-04 16:36 - 2014-01-04 16:36 - 05834488 _____ (ManiacTools.com ) C:\Users\Basti\Downloads\m4a-to80-mp3-converter.exe
2014-01-04 16:20 - 2014-01-04 16:20 - 00000000 ____D C:\Program Files (x86)\VideoConverter
2014-01-04 16:06 - 2014-01-04 15:37 - 00000000 ____D C:\Users\Basti\Desktop\stik
2014-01-03 10:04 - 2014-01-03 10:04 - 00000000 ____D C:\Users\Basti\AppData\Roaming\OpenOffice
2014-01-03 09:24 - 2012-11-03 12:39 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-28 18:10 - 2013-01-25 18:49 - 00000000 ____D C:\Users\Basti\AppData\Local\CrashDumps
2013-12-27 20:52 - 2013-12-27 20:52 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-27 20:51 - 2013-12-27 20:44 - 00000000 ____D C:\Program Files (x86)\Ja2
2013-12-27 20:47 - 2013-12-27 20:47 - 00000885 _____ C:\Users\Basti\Desktop\Jagged Alliance 2.lnk
2013-12-27 20:47 - 2013-12-27 20:47 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jagged Alliance 2
2013-12-26 09:59 - 2012-11-01 11:08 - 01596516 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-26 09:47 - 2013-12-26 09:47 - 00000000 ____D C:\Users\Basti\AppData\Local\Tracker Software
2013-12-25 22:19 - 2013-10-31 20:16 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-12-25 14:12 - 2012-11-01 11:18 - 00064024 _____ C:\Users\Basti\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-25 14:11 - 2009-07-14 05:45 - 00294712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-25 11:30 - 2013-12-25 11:30 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-25 11:30 - 2013-12-25 11:30 - 00000000 ____D C:\ProgramData\Oracle
2013-12-25 11:30 - 2013-12-25 11:30 - 00000000 ____D C:\Program Files\Java
2013-12-25 11:29 - 2013-12-25 11:29 - 30694824 _____ (Oracle Corporation) C:\Users\Basti\Downloads\jre-7u45-windows-x64.exe
2013-12-25 11:21 - 2013-12-25 11:21 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-12-25 11:20 - 2013-12-25 11:20 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-12-25 11:18 - 2012-11-01 10:58 - 00000000 ___RD C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-25 11:09 - 2013-12-25 11:09 - 00000000 ____D C:\Users\Basti\AppData\Local\Secunia PSI
2013-12-25 11:09 - 2013-12-25 11:09 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-12-25 11:09 - 2013-12-25 11:08 - 05329480 _____ (Secunia) C:\Users\Basti\Downloads\PSISetup_3.0.0.9016.exe
2013-12-25 11:04 - 2013-12-25 11:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-25 11:04 - 2013-12-25 11:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-25 11:04 - 2013-12-25 11:04 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-25 11:04 - 2012-12-27 10:49 - 00000000 ____D C:\Users\Basti\AppData\Local\Adobe
2013-12-25 10:59 - 2013-12-25 10:59 - 00001200 _____ C:\Users\Public\Desktop\PDF-Viewer.lnk
2013-12-25 10:59 - 2013-12-25 10:58 - 00000000 ____D C:\Program Files\Tracker Software (Adobereader alternative)
2013-12-25 10:56 - 2013-12-25 10:56 - 16530904 _____ (Tracker Software Products Ltd ) C:\Users\Basti\Downloads\PDFXVwer_252131.exe
2013-12-25 10:54 - 2012-03-14 22:29 - 00000000 ____D C:\ProgramData\Adobe
2013-12-25 10:49 - 2013-12-25 10:49 - 05329480 _____ (Secunia) C:\Users\Basti\Downloads\PSISetup.exe
2013-12-25 10:38 - 2013-12-25 10:38 - 00279968 _____ C:\Windows\Minidump\122513-56550-01.dmp
2013-12-25 10:25 - 2013-12-25 10:24 - 00001693 _____ C:\DelFix.txt
2013-12-25 10:24 - 2013-12-23 18:25 - 00000000 ____D C:\Windows\ERUNT
2013-12-24 17:37 - 2013-12-23 16:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-24 16:56 - 2013-12-24 16:56 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Malwarebytes
2013-12-23 18:15 - 2012-11-01 10:58 - 00000995 _____ C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-23 16:08 - 2013-12-23 16:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-23 14:06 - 2013-12-23 14:06 - 00377856 _____ C:\Users\Basti\Downloads\gmer_2.1.19163.exe
2013-12-23 13:42 - 2012-03-14 22:24 - 00000000 ____D C:\ProgramData\Skype
2013-12-23 13:36 - 2013-01-05 17:06 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Skype
2013-12-23 13:33 - 2013-05-09 20:05 - 00000000 ____D C:\Program Files (x86)\ACR
2013-12-23 13:31 - 2013-12-23 13:31 - 00000000 ____D C:\AuthLog
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\AppData\Local\cache
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\.android
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 _____ C:\Users\Basti\daemonprocess.txt
2013-12-22 09:15 - 2012-11-03 15:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 21:37 - 2013-12-21 21:37 - 00000000 _____ C:\autoexec.bat
2013-12-21 21:35 - 2013-12-21 21:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 17:47 - 2013-06-22 19:39 - 00000979 _____ C:\Users\Basti\Desktop\Dropbox.lnk
2013-12-19 17:47 - 2013-06-22 19:36 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-18 20:52 - 2013-05-07 18:53 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-18 20:52 - 2013-03-31 12:13 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-18 20:52 - 2013-03-31 12:13 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-16 18:09 - 2013-12-15 19:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-14 15:52 - 2013-08-16 14:09 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 15:50 - 2012-11-03 13:12 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 13:37 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-10 22:36 - 2013-12-10 22:29 - 00000000 ____D C:\ProgramData\Easybits Magic Desktop for HP
Some content of TEMP:
====================
C:\Users\Basti\AppData\Local\Temp\avgnt.exe
C:\Users\Basti\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-07 17:25
==================== End Of Log ============================
Viele Grüße |
|
08.01.2014, 12:08
| #8 |
| /// the machine /// TB-Ausbilder | ADWARE/InstallCore.Gen erneut da Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.01.2014, 12:59
| #9 |
| | ADWARE/InstallCore.Gen erneut da Hallo Schrauber, ich habe alles erledigt. WinPatrol lässt sich leider nicht öffnen. Als ich den TFC runterladen und ausführen wollte, kam ein Bluescreen, der sagte dass der Computer zum Schutz vor "Damage" runtergefahren wurde.Ich habe beide Programme deinstalliert. WOT hat ebenfalls nicht funktioniert. Ansonsten ist alles Schick und ich danke dir Vielmals. Eine kleine Spende gabs bereits im Dezember für euch  Alles Gute für dich Nen super Job macht ihr hier |
|
09.01.2014, 10:51
| #10 |
| /// the machine /// TB-Ausbilder | ADWARE/InstallCore.Gen erneut da Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
