| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: SoftwareUpdater.Ui.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.01.2014, 12:36
| #1 |
 |  SoftwareUpdater.Ui.exe Seit drei Tagen warnt mich Avast bei jedem Systemstart vor folgender Datei SoftwareUpdater.Ui.exe. Ich habe den PC auch einmal mit anderen Programmen gescannt, wobei Malwarebytes keine Bedrohung gefunden hat und VIRUS TOTAL (online scan) 3 von 48 eine Bedrohung in der Datei sehen Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.12.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 M&M&M :: ALIENWARE [Administrator] 12.01.2014 11:29:07 mbam-log-2014-01-12 (11-29-07).txt Art des Suchlaufs: Benutzerdefinierter Suchlauf (C:\Program Files (x86)\SoftwareUpdater|) Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P Durchsuchte Objekte: 6 Laufzeit: 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter
Avast Win32:Dropper-gen [Drp] 20140112
DrWeb Trojan.DownLoader10.60277 20140112
VIPRE Corrupted File (v) 20140112
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2014 05
Ran by M&M&M (administrator) on ALIENWARE on 12-01-2014 10:48:45
Running from E:\Users\M&M&M\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\Avast Antivirus\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Users\M&M&M\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Barracuda Networks, Inc.) C:\Users\M&M&M\AppData\Roaming\Copy\CopyAgent.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Dropbox, Inc.) C:\Users\M&M&M\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(AVAST Software) C:\Program Files\Avast Antivirus\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2012-02-21] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2886416 2012-03-01] (Synaptics Incorporated)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Command Center Controllers] - C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-15] (Alienware)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1636208 2011-12-01] ()
HKLM-x32\...\Run: [UpdReg] - C:\Windows\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3Di Control Panel] - C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [880640 2011-12-21] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-19] (Intel Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\Avast Antivirus\AvastUI.exe [3764024 2014-01-06] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SkyDrive] - C:\Users\M&M&M\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - E:\Programme\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKCU\...\Run: [Copy] - C:\Users\M&M&M\AppData\Roaming\Copy\CopyAgent.exe [15501456 2014-01-06] (Barracuda Networks, Inc.)
MountPoints2: {c06ea6cd-5a8a-11e2-8093-806e6f6e6963} - F:\autoRcd.exe
Startup: C:\Users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\M&M&M\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA4722AAD7FEFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast Antivirus\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast Antivirus\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast Antivirus\aswWebRepIE.dll (AVAST Software)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programme\Java\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast Antivirus\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Avast Antivirus\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Avast Antivirus\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9CDFBA31-E683-4CFE-A137-1793DC61945A}: [NameServer]141.78.7.250,141.78.7.200
FireFox:
========
FF ProfilePath: C:\Users\M&M&M\AppData\Roaming\Mozilla\Firefox\Profiles\jetjjre1.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - E:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - E:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - E:\Programme\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - E:\Programme\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\M&M&M\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Xmarks - C:\Users\M&M&M\AppData\Roaming\Mozilla\Firefox\Profiles\jetjjre1.default\Extensions\foxmarks@kei.com [2014-01-12]
FF Extension: ProxTube - Unblock YouTube - C:\Users\M&M&M\AppData\Roaming\Mozilla\Firefox\Profiles\jetjjre1.default\Extensions\ich@maltegoetz.de [2013-12-14]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-02-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Avast Antivirus\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Avast Antivirus\WebRep\FF [2013-09-25]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (iTunes Application Detector) - E:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-07-02]
CHR Extension: (Google Drive) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-07-02]
CHR Extension: (YouTube) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-07-02]
CHR Extension: (Google Search) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-07-02]
CHR Extension: (APK Downloader) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\johbbanbdddngnjkcemcdnplpobhccdd\1.2.1_0 [2013-07-02]
CHR Extension: (Google Wallet) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-26]
CHR Extension: (Citavi Picker) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\piehhloihgjjiomhieeddiidpekaajio\2013.5.30_0 [2013-09-25]
CHR Extension: (Gmail) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-07-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Avast Antivirus\WebRep\Chrome\aswWebRepChrome.crx [2013-10-23]
CHR HKLM-x32\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx [2013-08-26]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\Avast Antivirus\AvastSvc.exe [50344 2014-01-06] (AVAST Software)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [247328 2013-01-02] (CyberLink)
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [122880 2012-03-27] (Creative Technology Ltd)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [50688 2009-11-15] ()
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [948224 2009-11-15] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [690688 2009-11-15] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-01] (Intel Corporation)
S3 Microsoft SharePoint Workspace Audit Service; E:\Programme\Microsoft Office\Office14\GROOVE.EXE [50921648 2013-03-08] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-01-11] ()
S2 SystemStoreService; C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe [297984 2014-01-12] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-06] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-06] ()
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17088 2013-12-17] (Glarysoft Ltd)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1052760 2012-03-27] (Creative Technology Ltd)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [38472 2011-02-02] (Dell Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-18] (DT Soft Ltd)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [67184 2012-01-03] (STMicroelectronics)
S3 vdrive; system32\DRIVERS\vdrive.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-12 10:48 - 2014-01-12 10:48 - 00000000 ____D C:\FRST
2014-01-12 09:55 - 2014-01-12 09:55 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Malwarebytes
2014-01-12 09:55 - 2014-01-12 09:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-12 09:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-09 08:19 - 2014-01-09 08:19 - 00285360 _____ C:\Windows\Minidump\010914-13072-01.dmp
2014-01-06 16:47 - 2014-01-06 16:48 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-28 08:59 - 2013-12-28 09:05 - 00000000 ____D C:\Program Files\ShrewSoft
2013-12-28 08:40 - 2013-12-28 08:40 - 00003244 _____ C:\Windows\System32\Tasks\{8C82C656-A00A-4386-8070-97B345C05E57}
2013-12-27 15:01 - 2014-01-12 10:45 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Copy
2013-12-27 15:01 - 2013-12-27 15:01 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-12-27 15:01 - 2013-12-27 15:01 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Copy
2013-12-26 16:48 - 2013-12-26 16:48 - 00000000 ____D C:\ProgramData\Oracle
2013-12-26 16:47 - 2013-12-26 16:47 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-26 16:47 - 2013-12-26 16:47 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-26 16:47 - 2013-12-26 16:47 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-26 16:47 - 2013-12-26 16:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-26 16:47 - 2013-12-26 16:47 - 00000000 ____D C:\ProgramData\Sun
2013-12-25 17:52 - 2014-01-07 12:01 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Skype
2013-12-25 17:52 - 2013-12-25 17:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-25 17:52 - 2013-12-25 17:52 - 00000000 ____D C:\ProgramData\Skype
2013-12-21 17:53 - 2013-12-21 17:53 - 00000000 ____D C:\ProgramData\OO Software
2013-12-20 20:10 - 2014-01-12 10:46 - 00000314 _____ C:\Windows\Tasks\GlaryInitialize 4.job
2013-12-20 20:10 - 2013-12-20 20:10 - 00002644 _____ C:\Windows\System32\Tasks\GlaryInitialize 4
2013-12-20 20:10 - 2013-12-17 05:35 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-12-20 20:10 - 2013-12-17 05:05 - 00017088 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2013-12-20 10:38 - 2013-12-20 10:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 08:48 - 2013-12-19 08:48 - 00000000 ____D C:\Users\M&M&M\AppData\Local\SoftwareUpdater
2013-12-15 09:12 - 2013-05-10 05:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-15 09:12 - 2013-05-10 05:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-15 09:12 - 2013-05-10 04:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-15 09:12 - 2013-05-10 04:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-15 09:11 - 2013-11-26 11:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-15 09:11 - 2013-11-26 10:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-15 09:11 - 2013-11-26 10:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-15 09:11 - 2013-11-26 10:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-15 09:11 - 2013-11-26 09:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-15 09:11 - 2013-11-26 09:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-15 09:11 - 2013-11-26 09:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-15 09:11 - 2013-11-26 09:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-15 09:11 - 2013-11-26 09:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-15 09:11 - 2013-11-26 09:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-15 09:11 - 2013-11-26 09:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-15 09:11 - 2013-11-26 09:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-15 09:11 - 2013-11-26 09:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-15 09:11 - 2013-11-26 09:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-15 09:11 - 2013-11-26 08:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-15 09:11 - 2013-11-26 08:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-15 09:11 - 2013-11-26 08:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-15 09:11 - 2013-11-26 08:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-15 09:11 - 2013-11-26 08:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-15 09:11 - 2013-11-26 08:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-15 09:11 - 2013-11-26 08:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-15 09:11 - 2013-11-26 08:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-15 09:11 - 2013-11-26 07:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-15 09:11 - 2013-11-26 07:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-15 09:11 - 2013-11-26 07:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-15 09:11 - 2013-11-26 07:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-15 09:11 - 2013-11-26 06:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-15 09:11 - 2013-11-26 06:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-15 09:11 - 2013-11-26 06:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-15 09:11 - 2013-11-26 06:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-15 09:11 - 2013-11-26 06:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-14 20:15 - 2013-11-23 18:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-14 20:15 - 2013-11-23 17:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-14 20:15 - 2013-11-12 02:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-14 20:15 - 2013-11-12 02:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-14 20:15 - 2013-10-30 02:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-14 20:15 - 2013-10-30 02:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-14 20:15 - 2013-10-30 01:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-14 20:15 - 2013-10-19 02:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-14 20:15 - 2013-10-19 01:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-14 20:15 - 2013-10-12 02:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-14 20:15 - 2013-10-12 02:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-14 20:15 - 2013-10-12 02:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-14 20:15 - 2013-10-12 02:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-14 20:15 - 2013-10-12 01:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-14 20:15 - 2013-10-12 01:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-14 20:15 - 2013-10-12 01:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-14 20:15 - 2013-10-12 01:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-14 20:15 - 2013-10-04 02:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-14 20:15 - 2013-10-04 01:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-14 17:04 - 2013-12-14 17:04 - 00001541 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-14 17:04 - 2013-12-14 17:04 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-14 17:04 - 2013-12-14 17:04 - 00000000 ____D C:\Program Files\iTunes
2013-12-14 17:04 - 2013-12-14 17:04 - 00000000 ____D C:\Program Files\iPod
2013-12-14 16:27 - 2013-12-15 09:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
==================== One Month Modified Files and Folders =======
2014-01-12 10:48 - 2014-01-12 10:48 - 00000000 ____D C:\FRST
2014-01-12 10:48 - 2013-01-09 18:35 - 02024376 _____ C:\Windows\WindowsUpdate.log
2014-01-12 10:47 - 2013-07-20 08:26 - 00000000 ____D C:\Program Files (x86)\SoftwareUpdater
2014-01-12 10:47 - 2013-01-10 18:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-12 10:46 - 2013-12-20 20:10 - 00000314 _____ C:\Windows\Tasks\GlaryInitialize 4.job
2014-01-12 10:45 - 2013-12-27 15:01 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Copy
2014-01-12 10:45 - 2013-10-01 15:04 - 00078848 _____ C:\Windows\KMSEmulator.exe
2014-01-12 10:45 - 2013-07-01 18:18 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-12 10:45 - 2013-01-29 19:18 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Dropbox
2014-01-12 10:45 - 2013-01-13 17:35 - 00002756 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2014-01-12 10:45 - 2013-01-13 17:35 - 00000218 _____ C:\Windows\Tasks\AutoKMSDaily.job
2014-01-12 10:45 - 2013-01-13 17:35 - 00000216 _____ C:\Windows\Tasks\AutoKMS.job
2014-01-12 10:45 - 2010-11-21 03:47 - 00359528 _____ C:\Windows\PFRO.log
2014-01-12 10:45 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-12 10:45 - 2009-07-14 04:51 - 07484964 _____ C:\Windows\setupact.log
2014-01-12 10:09 - 2013-07-01 18:18 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-12 09:55 - 2014-01-12 09:55 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Malwarebytes
2014-01-12 09:55 - 2014-01-12 09:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-12 09:52 - 2009-07-14 04:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-12 09:52 - 2009-07-14 04:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-12 09:51 - 2013-01-10 03:29 - 00710752 _____ C:\Windows\system32\perfh007.dat
2014-01-12 09:51 - 2013-01-10 03:29 - 00155050 _____ C:\Windows\system32\perfc007.dat
2014-01-12 09:51 - 2009-07-14 05:13 - 01651686 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-12 09:49 - 2013-07-20 08:26 - 00004208 _____ C:\Windows\System32\Tasks\Software Updater
2014-01-10 11:53 - 2013-09-25 13:02 - 00000000 ____D C:\Program Files\Avast Antivirus
2014-01-10 11:52 - 2013-09-25 13:02 - 00003914 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-09 08:19 - 2014-01-09 08:19 - 00285360 _____ C:\Windows\Minidump\010914-13072-01.dmp
2014-01-09 08:19 - 2013-01-10 18:11 - 686003420 _____ C:\Windows\MEMORY.DMP
2014-01-09 08:19 - 2013-01-10 18:11 - 00000000 ____D C:\Windows\Minidump
2014-01-09 08:12 - 2013-01-09 18:35 - 00000000 ___RD C:\Users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-07 12:01 - 2013-12-25 17:52 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Skype
2014-01-06 16:48 - 2014-01-06 16:47 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-06 16:47 - 2013-09-25 13:02 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-06 16:47 - 2013-09-25 13:02 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-01-06 16:47 - 2013-09-25 13:02 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-06 16:47 - 2013-09-25 13:02 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-06 16:47 - 2013-09-25 13:02 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-06 16:47 - 2013-09-25 13:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-05 17:51 - 2013-02-24 07:51 - 00000000 ____D C:\Users\M&M&M\AppData\Local\Turbine
2014-01-05 15:30 - 2013-01-10 18:26 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Adobe
2013-12-28 09:05 - 2013-12-28 08:59 - 00000000 ____D C:\Program Files\ShrewSoft
2013-12-28 08:40 - 2013-12-28 08:40 - 00003244 _____ C:\Windows\System32\Tasks\{8C82C656-A00A-4386-8070-97B345C05E57}
2013-12-28 08:34 - 2013-01-09 18:35 - 00000000 ____D C:\Users\M&M&M
2013-12-27 16:01 - 2013-01-09 21:01 - 01625966 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-27 15:01 - 2013-12-27 15:01 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-12-27 15:01 - 2013-12-27 15:01 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Copy
2013-12-26 16:48 - 2013-12-26 16:48 - 00000000 ____D C:\ProgramData\Oracle
2013-12-26 16:47 - 2013-12-26 16:47 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-26 16:47 - 2013-12-26 16:47 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-26 16:47 - 2013-12-26 16:47 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-26 16:47 - 2013-12-26 16:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-26 16:47 - 2013-12-26 16:47 - 00000000 ____D C:\ProgramData\Sun
2013-12-26 09:44 - 2009-07-14 05:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-25 17:52 - 2013-12-25 17:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-25 17:52 - 2013-12-25 17:52 - 00000000 ____D C:\ProgramData\Skype
2013-12-21 17:53 - 2013-12-21 17:53 - 00000000 ____D C:\ProgramData\OO Software
2013-12-20 20:11 - 2013-01-09 18:35 - 00000000 ___RD C:\Users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-20 20:10 - 2013-12-20 20:10 - 00002644 _____ C:\Windows\System32\Tasks\GlaryInitialize 4
2013-12-20 20:10 - 2013-10-30 08:19 - 00000000 ____D C:\ProgramData\GlarySoft
2013-12-20 20:10 - 2013-07-15 11:06 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\GlarySoft
2013-12-20 20:05 - 2013-01-09 21:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 20:05 - 2009-07-14 05:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-20 10:38 - 2013-12-20 10:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 13:39 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-12-19 08:48 - 2013-12-19 08:48 - 00000000 ____D C:\Users\M&M&M\AppData\Local\SoftwareUpdater
2013-12-18 20:21 - 2013-10-18 18:29 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\vlc
2013-12-18 17:42 - 2013-02-23 22:08 - 00000000 ____D C:\Users\M&M&M\AppData\Local\PMB Files
2013-12-18 14:02 - 2013-01-11 09:27 - 00000000 ___RD C:\Users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media
2013-12-18 14:02 - 2013-01-09 18:35 - 00000000 ___RD C:\Users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-18 13:54 - 2013-01-09 18:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-17 05:35 - 2013-12-20 20:10 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-12-17 05:05 - 2013-12-20 20:10 - 00017088 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2013-12-15 09:28 - 2009-07-14 04:45 - 05065224 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-15 09:11 - 2013-01-13 17:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-15 09:10 - 2013-08-12 10:33 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 09:09 - 2013-01-09 21:58 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-15 09:06 - 2013-12-14 16:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-14 17:04 - 2013-12-14 17:04 - 00001541 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-14 17:04 - 2013-12-14 17:04 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-14 17:04 - 2013-12-14 17:04 - 00000000 ____D C:\Program Files\iTunes
2013-12-14 17:04 - 2013-12-14 17:04 - 00000000 ____D C:\Program Files\iPod
2013-12-14 16:54 - 2013-01-10 19:28 - 00000000 ____D C:\Users\M&M&M\AppData\Local\Adobe
2013-12-14 16:54 - 2013-01-10 18:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-14 16:54 - 2013-01-10 18:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-14 16:54 - 2013-01-10 18:26 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-14 16:04 - 2013-07-01 18:18 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-14 16:04 - 2013-07-01 18:18 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-31 13:34
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2014 05
Ran by M&M&M at 2014-01-12 10:49:04
Running from E:\Users\M&M&M\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
„Der Herr der Ringe Online™“ v03.08.00.8025 (x32 Version: 03.08.00.8025 - Turbine, Inc.)
Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.0.0 - Adobe Systems)
Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.0.0 - Adobe Systems) Hidden
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (x32 Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.3 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS6 (x32 Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS6 (x32 Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player (x32 Version: 10.2.0.22 - Adobe Systems, Inc.)
Adobe Widget Browser (x32 Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Advanced Audio FX Engine (x32 Version: 1.12.05 - Creative Technology Ltd)
AlienAutopsy (Version: 3.3.6261.27 - PC-Doctor, Inc.)
Alienware Command Center (Version: 2.8.8.0 - Alienware Corp.) Hidden
Alienware Command Center (x32 Version: 2.8.8.0 - Alienware Corp.)
Alienware On-Screen Display (x32 Version: 0.32.0.2C - )
Alienware On-Screen Display (x32 Version: 0.32.0.2C - ) Hidden
Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18 - Amazon Services LLC)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2013 v.11.0.5 (x32 Version: 11.0.5 - Ashampoo GmbH & Co. KG)
Assassin's Creed(R) III v1.06 (x32 Version: 1.06 - Ubisoft)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.8.8 - Atheros Communications Inc.)
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Battlefield 2(TM) (x32 Version: - )
Battlefield 2: Special Forces (x32 Version: - )
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Citavi (x32 Version: 3.4.0.2 - Swiss Academic Software)
Copy (Version: 1.41.248.0 - Barracuda Networks, Inc.)
CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.6523 - CyberLink Corp.)
CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.6523 - CyberLink Corp.) Hidden
DAEMON Tools Lite (x32 Version: 4.46.1.0327 - DT Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (Version: - Microsoft)
DHTML Editing Component (x32 Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKCU Version: 2.0.22 - Dropbox, Inc.)
DVDFab 9.0.5.5 (26/07/2013) (x32 Version: - Fengtao Software Inc.)
EA.com Matchup (x32 Version: - )
EA.com Update (x32 Version: - )
EMSC (x32 Version: 0.0.0.22C - Compal Electronics, Inc.) Hidden
FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2 - FileZilla Project)
Free FLV Converter V 7.6.0 (x32 Version: 7.6.0.0 - Koyote Soft)
Free YouTube Download Manager (x32 Version: 1.0.0.27 - Freetec)
Free YouTube Download Manager (x32 Version: 1.0.0.27 - Freetec) Hidden
Glary Utilities 4.2 (x32 Version: 4.2.0.74 - Glarysoft Ltd)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Integrated Webcam Live! Central (x32 Version: 2.01.18 - Creative Technology Ltd)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3090 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.0.1.1399 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (x32 Version: - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.1.0.0096 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.1.0.0140 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (Version: 15.01.0000.0830 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.219.2 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LifeScan USB Device Driver vSL2.0 (Driver Removal) (x32 Version: - LifeScan Inc)
LogoMaker 3.0 (x32 Version: - Studio V5)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (x32 Version: - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Need for Speed(TM) Hot Pursuit (x32 Version: 1.0.0.0 - Electronic Arts)
NirSoft BlueScreenView (x32 Version: - )
Origin (x32 Version: 9.1.15.109 - Electronic Arts, Inc.)
Pando Media Booster (x32 Version: 2.6.0.8 - Pando Networks Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PL-2303 USB-to-Serial (x32 Version: 1.3.0 - Prolific Technology INC)
PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek PCIE Card Reader (x32 Version: 6.1.7601.28094 - Realtek Semiconductor Corp.)
Rosetta Stone Version 3 (x32 Version: 3.4.5.0 - Rosetta Stone Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Shrew Soft VPN Client (Version: - )
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Sound Blaster Recon3Di (x32 Version: 1.00.08 - Creative Technology Limited)
Sound Blaster Recon3Di Extras (x32 Version: 1.0 - Creative Technology Limited)
ST Microelectronics 3 Axis Digital Accelerometer Solution (x32 Version: 4.12.0018 - ST Microelectronics)
Synaptics Pointing Device Driver (Version: 16.0.2.0 - Synaptics Incorporated)
TechSmith Screen Codec 2 (x32 Version: 1.0.4.0 - TechSmith Corporation) Hidden
Turbo Lister 2 (x32 Version: 2.00.0000 - eBay Inc.)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (Version: - Microsoft)
Uplay (x32 Version: 2.0 - Ubisoft)
VLC media player 2.1.0 (Version: 2.1.0 - VideoLAN)
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0607C223-AE54-4656-B165-D7384DD14D37} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\AlienAutopsy\sessionchecker.exe [2013-05-07] (PC-Doctor, Inc.)
Task: {3A820E0E-5533-4EFA-94B5-F2CD4864DF5D} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe [2013-01-13] ()
Task: {3D1C11BC-CF3A-47D9-9626-53A6FC10B44F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4688720B-1C95-4F32-A5DC-E302B6AEE480} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-12-19] ()
Task: {487CDF91-71E9-4FA2-A4D1-43DA471E71F6} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3223311984-1010959465-1201995320-1000
Task: {579868E9-8B5E-4395-8378-0687E4793B91} - System32\Tasks\avast! Emergency Update => C:\Program Files\Avast Antivirus\AvastEmUpdate.exe [2014-01-06] (AVAST Software)
Task: {705DA6C5-F55D-40FB-AF39-1B03F42ED331} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-01-13] ()
Task: {90F287D4-EBBF-472B-8FD8-75212AAC0C22} - System32\Tasks\GlaryInitialize 4 => E:\Programme\Glary Utilities 4\Initialize.exe [2013-12-17] (Glarysoft Ltd)
Task: {9D964588-6949-4BE3-B8FF-3EC97A144363} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01] (Google Inc.)
Task: {9DCCB594-1C1D-415A-8169-0D9051FF40B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01] (Google Inc.)
Task: {A5615082-3444-48A1-92E6-646E6D26A57F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-14] (Adobe Systems Incorporated)
Task: {D1E4C2D9-6498-4A4C-9CCA-83D1BD1FB1DA} - System32\Tasks\DSite => C:\Users\M&M&M\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GlaryInitialize 4.job => E:\Programme\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-12-27 15:01 - 2014-01-07 13:56 - 08168448 _____ () C:\Users\M&M&M\AppData\Roaming\Copy\overlay\Brt.dll
2010-01-02 14:42 - 2010-01-02 14:42 - 00098304 _____ () E:\Programme\FileZilla FTP Client\fzshellext_64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-01-09 18:53 - 2012-02-14 08:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-12-23 13:48 - 2014-01-06 20:46 - 02158080 _____ () C:\Users\M&M&M\AppData\Roaming\Copy\Gui.dll
2013-12-23 14:04 - 2014-01-06 20:46 - 08168448 _____ () C:\Users\M&M&M\AppData\Roaming\Copy\Brt.dll
2013-12-23 13:50 - 2014-01-06 20:46 - 09062912 _____ () C:\Users\M&M&M\AppData\Roaming\Copy\AgentSync.dll
2013-12-23 13:48 - 2014-01-06 20:46 - 05379072 _____ () C:\Users\M&M&M\AppData\Roaming\Copy\CloudSync.dll
2014-01-12 08:29 - 2014-01-11 16:34 - 02153984 _____ () C:\Program Files\Avast Antivirus\defs\14011101\algo.dll
2014-01-12 10:46 - 2014-01-12 07:59 - 02153984 _____ () C:\Program Files\Avast Antivirus\defs\14011200\algo.dll
2012-11-28 13:13 - 2012-11-28 13:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 13:13 - 2012-11-28 13:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-12-18 10:07 - 2009-12-18 10:07 - 00577536 _____ () C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll
2013-10-18 23:55 - 2013-10-18 23:55 - 25100288 _____ () C:\Users\M&M&M\AppData\Roaming\Dropbox\bin\libcef.dll
2011-12-22 16:31 - 2011-12-22 16:31 - 00593920 _____ () C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\de-DE\SBRcni.resources.dll
2013-10-23 09:18 - 2013-10-23 09:18 - 19336120 _____ () C:\Program Files\Avast Antivirus\libcef.dll
2013-12-20 10:38 - 2013-12-20 10:38 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-08-26 15:22 - 2013-05-23 05:17 - 00428032 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\FirefoxPickerCommunication.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-12-14 16:47 - 2013-12-14 16:54 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
2012-11-29 21:59 - 2012-11-29 21:59 - 00093696 _____ () E:\Programme\FileZilla FTP Client\fzshellext.dll
2013-08-14 17:08 - 2013-08-14 17:08 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\991a8d378a3e64b31c0f4770ba9ae071\IsdiInterop.ni.dll
2013-01-09 20:54 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-01-09 18:50 - 2012-02-01 13:44 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/12/2014 10:45:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/12/2014 09:58:56 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (01/12/2014 09:58:32 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (01/12/2014 09:58:32 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (01/12/2014 09:45:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/12/2014 08:28:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/11/2014 10:09:52 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 26.0.0.5087 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f50
Startzeit: 01cf0efcc9df0e05
Endzeit: 21
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 13eb2505-7b0d-11e3-b9ac-6036dd76d774
Error: (01/11/2014 06:38:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8958872
Error: (01/11/2014 06:38:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8958872
Error: (01/11/2014 06:38:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (01/12/2014 10:44:48 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (01/11/2014 10:09:17 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (01/11/2014 07:59:47 AM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (01/09/2014 08:19:50 AM) (Source: BugCheck) (User: )
Description: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80003094325)C:\Windows\MEMORY.DMP010914-13072-01
Error: (01/09/2014 08:19:49 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 09.01.2014 um 08:18:23 unerwartet heruntergefahren.
Error: (01/07/2014 10:37:56 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (01/07/2014 11:46:49 AM) (Source: BTHUSB) (User: )
Description: Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter und einem Gerät mit Bluetooth-Adapteradresse (00:16:20:b9:cc:dc) ist fehlgeschlagen.
Error: (01/07/2014 11:45:48 AM) (Source: BTHUSB) (User: )
Description: Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter und einem Gerät mit Bluetooth-Adapteradresse (00:16:20:b9:cc:dc) ist fehlgeschlagen.
Error: (01/06/2014 04:48:26 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (12/26/2013 11:38:04 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Microsoft Office Sessions:
=========================
Error: (01/12/2014 10:45:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/12/2014 09:58:56 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exeC:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe24
Error: (01/12/2014 09:58:32 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exeC:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe24
Error: (01/12/2014 09:58:32 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exeC:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe24
Error: (01/12/2014 09:45:43 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/12/2014 08:28:32 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/11/2014 10:09:52 PM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.5087f5001cf0efcc9df0e0521C:\Program Files (x86)\Mozilla Firefox\firefox.exe13eb2505-7b0d-11e3-b9ac-6036dd76d774
Error: (01/11/2014 06:38:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8958872
Error: (01/11/2014 06:38:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8958872
Error: (01/11/2014 06:38:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
CodeIntegrity Errors:
===================================
Date: 2013-12-18 16:08:06.589
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Programme\Glary Utilities 3\ProcObsrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-18 16:08:06.531
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Programme\Glary Utilities 3\ProcObsrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 42%
Total physical RAM: 6026.36 MB
Available physical RAM: 3444.01 MB
Total Pagefile: 12050.89 MB
Available Pagefile: 9454.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.47 GB) (Free:190.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (HDD) (Fixed) (Total:456.98 GB) (Free:209.14 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 680FA396)
Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 802D14F7)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=457 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Danke LP |
|
12.01.2014, 13:05
| #2 | |
| /// the machine /// TB-Ausbilder    | SoftwareUpdater.Ui.exe hi,
__________________Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
12.01.2014, 16:01
| #3 |
| | SoftwareUpdater.Ui.exeCode:
ATTFilter ComboFix 14-01-08.03 - M&M&M 12.01.2014 14:49:21.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6026.2377 [GMT 0:00]
ausgeführt von:: e:\users\M&M&M\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Alienware
c:\programdata\Alienware\CommandCenter\AlienAdrenaline\Profiles.xml
c:\programdata\Roaming
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-12-12 bis 2014-01-12 ))))))))))))))))))))))))))))))
.
.
2014-01-12 14:53 . 2014-01-12 14:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-12 12:53 . 2014-01-12 12:53 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AC4E208-3651-4030-91FC-1737A32D9789}\offreg.dll
2014-01-12 10:55 . 2014-01-12 11:25 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-12 10:54 . 2014-01-12 11:04 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-12 10:48 . 2014-01-12 10:48 -------- d-----w- C:\FRST
2014-01-12 09:55 . 2014-01-12 09:55 -------- d-----w- c:\users\M&M&M\AppData\Roaming\Malwarebytes
2014-01-12 09:55 . 2014-01-12 09:55 -------- d-----w- c:\programdata\Malwarebytes
2014-01-12 09:55 . 2013-04-04 14:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-10 11:52 . 2014-01-10 11:52 -------- d-s---w- c:\windows\SysWow64\Microsoft
2014-01-10 09:59 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AC4E208-3651-4030-91FC-1737A32D9789}\mpengine.dll
2014-01-06 16:47 . 2014-01-06 16:48 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2013-12-28 08:59 . 2013-12-28 09:05 -------- d-----w- c:\program files\ShrewSoft
2013-12-27 16:00 . 2013-12-27 16:00 -------- d-----w- c:\windows\Migration
2013-12-27 15:01 . 2013-12-27 15:01 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-12-27 15:01 . 2014-01-12 12:25 -------- d-----w- c:\users\M&M&M\AppData\Roaming\Copy
2013-12-26 16:48 . 2013-12-26 16:48 -------- d-----w- c:\programdata\Oracle
2013-12-26 16:47 . 2013-12-26 16:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-12-26 16:47 . 2013-12-26 16:47 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-25 17:52 . 2014-01-07 12:01 -------- d-----w- c:\users\M&M&M\AppData\Roaming\Skype
2013-12-25 17:52 . 2013-12-25 17:52 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-12-25 17:52 . 2013-12-25 17:52 -------- d-----r- c:\program files (x86)\Skype
2013-12-25 17:52 . 2013-12-25 17:52 -------- d-----w- c:\programdata\Skype
2013-12-21 17:53 . 2013-12-21 17:53 -------- d-----w- c:\programdata\OO Software
2013-12-20 20:10 . 2013-12-17 05:35 117024 ----a-w- c:\windows\system32\BootDefrag.exe
2013-12-20 20:10 . 2013-12-17 05:05 17088 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2013-12-19 08:48 . 2013-12-19 08:48 -------- d-----w- c:\users\M&M&M\AppData\Local\SoftwareUpdater
2013-12-18 16:08 . 2013-12-18 16:08 -------- d-----w- c:\users\M&M&M\AppData\Roaming\Absolute Uninstaller
2013-12-15 09:12 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-15 09:12 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-15 09:12 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-15 09:12 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-15 09:12 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-14 20:15 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-14 17:04 . 2013-12-14 17:04 -------- d-----w- c:\program files\iPod
2013-12-14 17:04 . 2013-12-14 17:04 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-14 17:04 . 2013-12-14 17:04 -------- d-----w- c:\program files\iTunes
2013-12-14 16:27 . 2013-12-15 09:06 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-12 10:45 . 2013-10-01 15:04 78848 ----a-w- c:\windows\KMSEmulator.exe
2014-01-06 16:47 . 2013-09-25 13:02 422216 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-01-06 16:47 . 2013-09-25 13:02 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-06 16:47 . 2013-09-25 13:02 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-06 16:47 . 2013-09-25 13:02 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-06 16:47 . 2013-09-25 13:02 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-06 16:47 . 2013-09-25 13:02 43152 ----a-w- c:\windows\avastSS.scr
2013-12-15 09:09 . 2013-01-09 21:58 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-14 16:54 . 2013-01-10 18:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-14 16:54 . 2013-01-10 18:26 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-28 09:27 . 2013-11-28 09:27 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-28 09:27 . 2013-11-28 09:27 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-28 09:27 . 2013-11-28 09:27 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-28 09:27 . 2013-11-28 09:27 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-28 09:27 . 2013-11-28 09:27 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-28 09:27 . 2013-11-28 09:27 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-28 09:27 . 2013-11-28 09:27 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-28 09:27 . 2013-11-28 09:27 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-28 09:27 . 2013-11-28 09:27 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-28 09:27 . 2013-11-28 09:27 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-28 09:27 . 2013-11-28 09:27 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-28 09:27 . 2013-11-28 09:27 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-28 09:27 . 2013-11-28 09:27 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-28 09:27 . 2013-11-28 09:27 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-28 09:27 . 2013-11-28 09:27 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-28 09:27 . 2013-11-28 09:27 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-28 09:27 . 2013-11-28 09:27 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-28 09:27 . 2013-11-28 09:27 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-28 09:27 . 2013-11-28 09:27 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-28 09:27 . 2013-11-28 09:27 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-28 09:27 . 2013-11-28 09:27 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-28 09:27 . 2013-11-28 09:27 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-28 09:27 . 2013-11-28 09:27 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-28 09:27 . 2013-11-28 09:27 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-28 09:27 . 2013-11-28 09:27 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-28 09:27 . 2013-11-28 09:27 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-28 09:27 . 2013-11-28 09:27 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-28 09:27 . 2013-11-28 09:27 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-28 09:27 . 2013-11-28 09:27 413696 ----a-w- c:\windows\system32\html.iec
2013-11-28 09:27 . 2013-11-28 09:27 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-28 09:27 . 2013-11-28 09:27 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-28 09:27 . 2013-11-28 09:27 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-28 09:27 . 2013-11-28 09:27 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-28 09:27 . 2013-11-28 09:27 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-28 09:27 . 2013-11-28 09:27 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-28 09:27 . 2013-11-28 09:27 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-28 09:27 . 2013-11-28 09:27 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-28 09:27 . 2013-11-28 09:27 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-28 09:27 . 2013-11-28 09:27 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-28 09:27 . 2013-11-28 09:27 235520 ----a-w- c:\windows\system32\url.dll
2013-11-28 09:27 . 2013-11-28 09:27 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-28 09:27 . 2013-11-28 09:27 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-28 09:27 . 2013-11-28 09:27 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-28 09:27 . 2013-11-28 09:27 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-28 09:27 . 2013-11-28 09:27 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-28 09:27 . 2013-11-28 09:27 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-28 09:27 . 2013-11-28 09:27 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-28 09:27 . 2013-11-28 09:27 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-28 09:27 . 2013-11-28 09:27 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-28 09:27 . 2013-11-28 09:27 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-28 09:27 . 2013-11-28 09:27 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-28 09:27 . 2013-11-28 09:27 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-28 09:27 . 2013-11-28 09:27 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-28 09:27 . 2013-11-28 09:27 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-28 09:27 . 2013-11-28 09:27 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-28 09:27 . 2013-11-28 09:27 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-28 09:27 . 2013-11-28 09:27 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-28 09:27 . 2013-11-28 09:27 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-28 09:27 . 2013-11-28 09:27 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-19 03:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-23 09:18 . 2013-09-25 13:02 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-23 09:18 . 2013-09-25 13:02 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-10-14 18:00 . 2013-11-28 09:29 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-14 10:02 222832 ----a-w- c:\users\M&M&M\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-14 10:02 222832 ----a-w- c:\users\M&M&M\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-14 10:02 222832 ----a-w- c:\users\M&M&M\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyDrive"="c:\users\M&M&M\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-08-14 257136]
"DAEMON Tools Lite"="e:\programme\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"Copy"="c:\users\M&M&M\AppData\Roaming\Copy\CopyAgent.exe" [2014-01-06 15501456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2011-12-01 1636208]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Sound Blaster Recon3Di Control Panel"="c:\program files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" [2011-12-21 880640]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-19 291608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"AvastUI.exe"="c:\program files\Avast Antivirus\AvastUI.exe" [2014-01-06 3764024]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Copy"="c:\users\M&M&M\AppData\Roaming\Copy\CopyAgent.exe" [2014-01-06 15501456]
.
c:\users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\M&M&M\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk * \0aswBoot.exe /M:1d66c44e /wow /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Integrated Webcam Live! Central"="c:\program files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2013/07/10 20:24;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SystemStoreService;System Store;c:\program files (x86)\SoftwareUpdater\SystemStore.exe -displayname System Store -servicename SystemStoreService;c:\program files (x86)\SoftwareUpdater\SystemStore.exe -displayname System Store -servicename SystemStoreService [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 silabenm;LifeScan USB Device Driver vSL2.0 Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys;c:\windows\SYSNATIVE\DRIVERS\silabenm.sys [x]
R3 silabser;LifeScan USB Device Driver vSL2.0 Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vdrive;vdrive;c:\windows\system32\DRIVERS\vdrive.sys;c:\windows\SYSNATIVE\DRIVERS\vdrive.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys;c:\windows\SYSNATIVE\DRIVERS\virtualnet.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS;c:\windows\SYSNATIVE\DRIVERS\EMSC.SYS [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys;c:\windows\SYSNATIVE\DRIVERS\vfilter.sys [x]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe;c:\program files\Alienware\Command Center\AlienFusionService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CtHdaSvc;Sound Core3D Service;c:\windows\sysWow64\CtHdaSvc.exe;c:\windows\sysWow64\CtHdaSvc.exe [x]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe;c:\program files\ShrewSoft\VPN Client\dtpd.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe;c:\program files\ShrewSoft\VPN Client\iked.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 cthda;Sound Core3D(CtHda.sys);c:\windows\system32\drivers\cthda.sys;c:\windows\SYSNATIVE\drivers\cthda.sys [x]
S3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas64.sys;c:\windows\SYSNATIVE\DRIVERS\dcdbas64.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-07 16:05 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-10 16:54]
.
2014-01-12 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2013-01-13 17:35]
.
2014-01-12 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS\AutoKMS.exe [2013-01-13 17:35]
.
2014-01-12 c:\windows\Tasks\GlaryInitialize 4.job
- e:\programme\Glary Utilities 4\Initialize.exe [2013-12-17 05:32]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01 18:18]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01 18:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-14 10:02 261744 ----a-w- c:\users\M&M&M\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-14 10:02 261744 ----a-w- c:\users\M&M&M\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-14 10:02 261744 ----a-w- c:\users\M&M&M\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-06 16:47 287280 ----a-w- c:\program files\Avast Antivirus\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1aCopyShExtError]
@="{83BEA36E-7680-4598-A4DF-994426F6E78D}"
[HKEY_CLASSES_ROOT\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}]
2014-01-07 13:56 3975168 ----a-w- c:\users\M&M&M\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2aCopyShExtSynced]
@="{845B7388-6F85-4F32-9FD5-F02DC7882B89}"
[HKEY_CLASSES_ROOT\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}]
2014-01-07 13:56 3975168 ----a-w- c:\users\M&M&M\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3aCopyShExtSyncing]
@="{F6378A7A-F753-449B-AE1B-997A96132E61}"
[HKEY_CLASSES_ROOT\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}]
2014-01-07 13:56 3975168 ----a-w- c:\users\M&M&M\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4aCopyShExtSyncingProg1]
@="{3A511828-777D-46F8-82F4-5B530C1B3D9E}"
[HKEY_CLASSES_ROOT\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}]
2014-01-07 13:56 3975168 ----a-w- c:\users\M&M&M\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5aCopyShExtSyncingProg2]
@="{C8C88204-5B14-40EC-BA72-8AEBC762047E}"
[HKEY_CLASSES_ROOT\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}]
2014-01-07 13:56 3975168 ----a-w- c:\users\M&M&M\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6aCopyShExtSyncingProg3]
@="{ACFF45C3-3EEB-4351-86C2-6696BA264239}"
[HKEY_CLASSES_ROOT\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}]
2014-01-07 13:56 3975168 ----a-w- c:\users\M&M&M\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7aCopyShExtSyncingProg4]
@="{29AF997F-488B-46F0-AE78-7146F1B89CC3}"
[HKEY_CLASSES_ROOT\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}]
2014-01-07 13:56 3975168 ----a-w- c:\users\M&M&M\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8aCopyShExtSyncingProg5]
@="{03F9AD29-1C78-4B66-8890-B177B5430C53}"
[HKEY_CLASSES_ROOT\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}]
2014-01-07 13:56 3975168 ----a-w- c:\users\M&M&M\AppData\Roaming\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\M&M&M\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\M&M&M\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\M&M&M\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\M&M&M\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-21 11406608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-26 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-26 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-26 439064]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2012-06-15 12656]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: An OneNote s&enden - e:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandenes PDF anfügen - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xcel exportieren - e:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - e:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9CDFBA31-E683-4CFE-A137-1793DC61945A}: NameServer = 141.78.7.250,141.78.7.200
FF - ProfilePath - c:\users\M&M&M\AppData\Roaming\Mozilla\Firefox\Profiles\jetjjre1.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\M&M&M\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\M&M&M\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\M&M&M\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-LFSVCOMM&10C4&85A7 - c:\program files (x86)\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\LFSVCOMM&10C4&85A7
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-01-12 14:54:12
ComboFix-quarantined-files.txt 2014-01-12 14:54
.
Vor Suchlauf: 12 Verzeichnis(se), 204.079.468.544 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 204.107.210.752 Bytes frei
.
- - End Of File - - BB163DD1B9FD140139B08D3D45DCA646
|
|
13.01.2014, 10:25
| #4 |
| /// the machine /// TB-Ausbilder | SoftwareUpdater.Ui.exe Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.01.2014, 21:48
| #5 |
| | SoftwareUpdater.Ui.exe Malwarebytes Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.13.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 M&M&M :: ALIENWARE [Administrator] 13.01.2014 16:17:16 mbam-log-2014-01-13 (16-17-16).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 222603 Laufzeit: 1 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 13/01/2014 um 16:22:17
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : M&M&M - ALIENWARE
# Gestartet von : E:\Users\M&M&M\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : SystemStoreService
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Users\M&M&M\AppData\Local\Software_Updater
Ordner Gelöscht : C:\Users\M&M&M\AppData\Local\SoftwareUpdater
Ordner Gelöscht : C:\Users\M&M&M\AppData\Roaming\DSite
Datei Gelöscht : C:\Windows\System32\Tasks\DSite
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater Ui
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\InstallCore
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\M&M&M\AppData\Roaming\Mozilla\Firefox\Profiles\jetjjre1.default\prefs.js ]
-\\ Google Chrome v31.0.1650.63
[ Datei : C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1935 octets] - [13/01/2014 16:19:34]
AdwCleaner[R1].txt - [1995 octets] - [13/01/2014 16:21:20]
AdwCleaner[S0].txt - [1810 octets] - [13/01/2014 16:22:17]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1870 octets] ##########
Code:
ATTFilter Creating a registery backup
Der befehl "M" ist entweder falsch geschrieben oder konnte nicht gefunden werden
Der befehl "M" ist entweder falsch geschrieben oder konnte nicht gefunden werden
Der befehl "M" ist entweder falsch geschrieben oder konnte nicht gefunden werden
Der befehl "M" ist entweder falsch geschrieben oder konnte nicht gefunden werden
Der befehl "M" ist entweder falsch geschrieben oder konnte nicht gefunden werden
Der befehl "M" ist entweder falsch geschrieben oder konnte nicht gefunden werden
Checking Startup
Checking Modules
A bad module has been detected!
A reboot is required to remove modules.
reboot y/n
reboot...
Checking processes
Checking services
Checking files
Checking folders
Checking registery
Der befehl "M" ist entweder falsch geschrieben oder konnte nicht gefunden werden
Das System kann den angegebenen Pfad nicht finden
"&" kann syntaktisch an dieser Stelle nicht.... (den Rest konnte ich nicht lesen)
Ich habe das Programm drei Mal laufen lassen, jedoch jedes mal mit dem selben Ergebnis. Gibt es noch eine Alternative zu JRT? FRST habe ich noch nicht laufen lassen, da JRT ja noch nicht fertig geworden ist. LP -------- EDIT Ich habe jetzt noch einmal kurz nachgeschaut und "SoftwareUpdater.Ui.exe" und der dazugehörige Ordner wurden gelöscht. Avast findet nur noch ComboFix als potentielle Bedrohung! EDIT 2 FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-01-2014 02
Ran by M&M&M (administrator) on ALIENWARE on 13-01-2014 20:44:35
Running from E:\Users\M&M&M\Downloads\Trojaner Board\FRST
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\Avast Antivirus\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Users\M&M&M\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Barracuda Networks, Inc.) C:\Users\M&M&M\AppData\Roaming\Copy\CopyAgent.exe
(Dropbox, Inc.) C:\Users\M&M&M\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\Avast Antivirus\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Adobe Systems Inc.) E:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Acresso Software Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2012-02-21] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2886416 2012-03-01] (Synaptics Incorporated)
HKLM\...\Run: [Command Center Controllers] - C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-15] (Alienware)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1636208 2011-12-01] ()
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3Di Control Panel] - C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [880640 2011-12-21] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-19] (Intel Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\Avast Antivirus\AvastUI.exe [3764024 2014-01-06] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SkyDrive] - C:\Users\M&M&M\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - E:\Programme\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKCU\...\Run: [Copy] - C:\Users\M&M&M\AppData\Roaming\Copy\CopyAgent.exe [15501456 2014-01-06] (Barracuda Networks, Inc.)
Startup: C:\Users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\M&M&M\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA4722AAD7FEFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast Antivirus\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast Antivirus\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast Antivirus\aswWebRepIE.dll (AVAST Software)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programme\Java\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast Antivirus\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Avast Antivirus\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Avast Antivirus\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9CDFBA31-E683-4CFE-A137-1793DC61945A}: [NameServer]141.78.7.250,141.78.7.200
FireFox:
========
FF ProfilePath: C:\Users\M&M&M\AppData\Roaming\Mozilla\Firefox\Profiles\jetjjre1.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - E:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - E:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - E:\Programme\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - E:\Programme\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\M&M&M\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Xmarks - C:\Users\M&M&M\AppData\Roaming\Mozilla\Firefox\Profiles\jetjjre1.default\Extensions\foxmarks@kei.com [2014-01-12]
FF Extension: ProxTube - Unblock YouTube - C:\Users\M&M&M\AppData\Roaming\Mozilla\Firefox\Profiles\jetjjre1.default\Extensions\ich@maltegoetz.de [2013-12-14]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-02-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Avast Antivirus\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Avast Antivirus\WebRep\FF [2013-09-25]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-01-13]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (iTunes Application Detector) - E:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-07-02]
CHR Extension: (Google Drive) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-07-02]
CHR Extension: (YouTube) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-07-02]
CHR Extension: (Google Search) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-07-02]
CHR Extension: (APK Downloader) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\johbbanbdddngnjkcemcdnplpobhccdd\1.2.1_0 [2013-07-02]
CHR Extension: (Google Wallet) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-26]
CHR Extension: (Citavi Picker) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\piehhloihgjjiomhieeddiidpekaajio\2013.5.30_0 [2013-09-25]
CHR Extension: (Gmail) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-07-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Avast Antivirus\WebRep\Chrome\aswWebRepChrome.crx [2013-10-23]
CHR HKLM-x32\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx [2013-08-26]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\Avast Antivirus\AvastSvc.exe [50344 2014-01-06] (AVAST Software)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [247328 2013-01-02] (CyberLink)
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [122880 2012-03-27] (Creative Technology Ltd)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [50688 2009-11-15] ()
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [948224 2009-11-15] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [690688 2009-11-15] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-01] (Intel Corporation)
S3 Microsoft SharePoint Workspace Audit Service; E:\Programme\Microsoft Office\Office14\GROOVE.EXE [50921648 2013-03-08] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-01-11] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-06] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-06] ()
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17088 2013-12-17] (Glarysoft Ltd)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1052760 2012-03-27] (Creative Technology Ltd)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [38472 2011-02-02] (Dell Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-18] (DT Soft Ltd)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [67184 2012-01-03] (STMicroelectronics)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 vdrive; system32\DRIVERS\vdrive.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-13 18:05 - 2014-01-13 18:05 - 00000000 ____D C:\Program Files (x86)\PDF Architect
2014-01-13 18:04 - 2014-01-13 18:04 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\pdfforge
2014-01-13 18:04 - 2013-04-09 14:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-01-13 18:04 - 2012-05-05 10:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-01-13 18:04 - 2012-05-05 10:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-01-13 18:04 - 1998-07-06 17:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-01-13 18:04 - 1998-07-06 17:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-01-13 18:04 - 1998-07-06 17:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2014-01-13 16:28 - 2014-01-13 16:28 - 00000000 ____D C:\Windows\ERUNT
2014-01-13 16:19 - 2014-01-13 16:22 - 00000000 ____D C:\AdwCleaner
2014-01-12 14:54 - 2014-01-12 14:54 - 00039701 _____ C:\ComboFix.txt
2014-01-12 14:48 - 2014-01-12 14:54 - 00000000 ____D C:\Qoobox
2014-01-12 14:48 - 2014-01-12 14:53 - 00000000 ____D C:\Windows\erdnt
2014-01-12 14:48 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-12 14:48 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-12 14:48 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-12 14:48 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-12 14:48 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-12 14:48 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-12 14:48 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-12 14:48 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-12 10:55 - 2014-01-12 11:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-12 10:54 - 2014-01-13 15:24 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-12 10:48 - 2014-01-13 18:45 - 00000000 ____D C:\FRST
2014-01-12 09:55 - 2014-01-12 09:55 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Malwarebytes
2014-01-12 09:55 - 2014-01-12 09:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-12 09:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-09 08:19 - 2014-01-09 08:19 - 00285360 _____ C:\Windows\Minidump\010914-13072-01.dmp
2014-01-06 16:47 - 2014-01-06 16:48 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-28 08:59 - 2013-12-28 09:05 - 00000000 ____D C:\Program Files\ShrewSoft
2013-12-28 08:40 - 2013-12-28 08:40 - 00003244 _____ C:\Windows\System32\Tasks\{8C82C656-A00A-4386-8070-97B345C05E57}
2013-12-27 15:01 - 2014-01-13 19:00 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Copy
2013-12-27 15:01 - 2013-12-27 15:01 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Copy
2013-12-26 16:48 - 2013-12-26 16:48 - 00000000 ____D C:\ProgramData\Oracle
2013-12-26 16:47 - 2013-12-26 16:47 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-26 16:47 - 2013-12-26 16:47 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-26 16:47 - 2013-12-26 16:47 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-26 16:47 - 2013-12-26 16:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-26 16:47 - 2013-12-26 16:47 - 00000000 ____D C:\ProgramData\Sun
2013-12-25 17:52 - 2014-01-07 12:01 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Skype
2013-12-25 17:52 - 2013-12-25 17:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-25 17:52 - 2013-12-25 17:52 - 00000000 ____D C:\ProgramData\Skype
2013-12-21 17:53 - 2013-12-21 17:53 - 00000000 ____D C:\ProgramData\OO Software
2013-12-20 20:10 - 2014-01-13 17:42 - 00000314 _____ C:\Windows\Tasks\GlaryInitialize 4.job
2013-12-20 20:10 - 2013-12-20 20:10 - 00002644 _____ C:\Windows\System32\Tasks\GlaryInitialize 4
2013-12-20 20:10 - 2013-12-17 05:35 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-12-20 20:10 - 2013-12-17 05:05 - 00017088 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2013-12-20 10:38 - 2013-12-20 10:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-15 09:12 - 2013-05-10 05:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-15 09:12 - 2013-05-10 05:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-15 09:12 - 2013-05-10 04:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-15 09:12 - 2013-05-10 04:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-15 09:11 - 2013-11-26 11:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-15 09:11 - 2013-11-26 10:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-15 09:11 - 2013-11-26 10:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-15 09:11 - 2013-11-26 10:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-15 09:11 - 2013-11-26 09:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-15 09:11 - 2013-11-26 09:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-15 09:11 - 2013-11-26 09:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-15 09:11 - 2013-11-26 09:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-15 09:11 - 2013-11-26 09:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-15 09:11 - 2013-11-26 09:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-15 09:11 - 2013-11-26 09:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-15 09:11 - 2013-11-26 09:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-15 09:11 - 2013-11-26 09:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-15 09:11 - 2013-11-26 09:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-15 09:11 - 2013-11-26 08:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-15 09:11 - 2013-11-26 08:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-15 09:11 - 2013-11-26 08:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-15 09:11 - 2013-11-26 08:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-15 09:11 - 2013-11-26 08:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-15 09:11 - 2013-11-26 08:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-15 09:11 - 2013-11-26 08:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-15 09:11 - 2013-11-26 08:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-15 09:11 - 2013-11-26 07:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-15 09:11 - 2013-11-26 07:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-15 09:11 - 2013-11-26 07:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-15 09:11 - 2013-11-26 07:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-15 09:11 - 2013-11-26 06:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-15 09:11 - 2013-11-26 06:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-15 09:11 - 2013-11-26 06:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-15 09:11 - 2013-11-26 06:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-15 09:11 - 2013-11-26 06:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-14 20:15 - 2013-11-23 18:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-14 20:15 - 2013-11-23 17:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-14 20:15 - 2013-11-12 02:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-14 20:15 - 2013-11-12 02:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-14 20:15 - 2013-10-30 02:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-14 20:15 - 2013-10-30 02:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-14 20:15 - 2013-10-30 01:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-14 20:15 - 2013-10-19 02:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-14 20:15 - 2013-10-19 01:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-14 20:15 - 2013-10-12 02:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-14 20:15 - 2013-10-12 02:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-14 20:15 - 2013-10-12 02:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-14 20:15 - 2013-10-12 02:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-14 20:15 - 2013-10-12 01:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-14 20:15 - 2013-10-12 01:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-14 20:15 - 2013-10-12 01:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-14 20:15 - 2013-10-12 01:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-14 20:15 - 2013-10-04 02:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-14 20:15 - 2013-10-04 01:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-14 17:04 - 2013-12-14 17:04 - 00001541 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-14 17:04 - 2013-12-14 17:04 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-14 17:04 - 2013-12-14 17:04 - 00000000 ____D C:\Program Files\iTunes
2013-12-14 17:04 - 2013-12-14 17:04 - 00000000 ____D C:\Program Files\iPod
2013-12-14 16:27 - 2013-12-15 09:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
==================== One Month Modified Files and Folders =======
2014-01-13 20:09 - 2013-07-01 18:18 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-13 19:47 - 2013-01-10 18:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-13 19:00 - 2013-12-27 15:01 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Copy
2014-01-13 18:45 - 2014-01-12 10:48 - 00000000 ____D C:\FRST
2014-01-13 18:38 - 2013-01-09 18:35 - 01055003 _____ C:\Windows\WindowsUpdate.log
2014-01-13 18:05 - 2014-01-13 18:05 - 00000000 ____D C:\Program Files (x86)\PDF Architect
2014-01-13 18:04 - 2014-01-13 18:04 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\pdfforge
2014-01-13 17:48 - 2013-01-10 03:29 - 00710752 _____ C:\Windows\system32\perfh007.dat
2014-01-13 17:48 - 2013-01-10 03:29 - 00155050 _____ C:\Windows\system32\perfc007.dat
2014-01-13 17:48 - 2009-07-14 05:13 - 01651686 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-13 17:48 - 2009-07-14 04:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-13 17:48 - 2009-07-14 04:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-13 17:46 - 2009-07-14 04:51 - 07488492 _____ C:\Windows\setupact.log
2014-01-13 17:42 - 2013-12-20 20:10 - 00000314 _____ C:\Windows\Tasks\GlaryInitialize 4.job
2014-01-13 17:42 - 2013-01-29 19:18 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Dropbox
2014-01-13 17:41 - 2013-10-01 15:04 - 00078848 _____ C:\Windows\KMSEmulator.exe
2014-01-13 17:41 - 2013-07-01 18:18 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-13 17:41 - 2013-01-13 17:35 - 00002756 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2014-01-13 17:41 - 2013-01-13 17:35 - 00000218 _____ C:\Windows\Tasks\AutoKMSDaily.job
2014-01-13 17:41 - 2013-01-13 17:35 - 00000216 _____ C:\Windows\Tasks\AutoKMS.job
2014-01-13 17:41 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-13 16:28 - 2014-01-13 16:28 - 00000000 ____D C:\Windows\ERUNT
2014-01-13 16:22 - 2014-01-13 16:19 - 00000000 ____D C:\AdwCleaner
2014-01-13 15:24 - 2014-01-12 10:54 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-12 14:55 - 2010-11-21 03:47 - 00360080 _____ C:\Windows\PFRO.log
2014-01-12 14:54 - 2014-01-12 14:54 - 00039701 _____ C:\ComboFix.txt
2014-01-12 14:54 - 2014-01-12 14:48 - 00000000 ____D C:\Qoobox
2014-01-12 14:53 - 2014-01-12 14:48 - 00000000 ____D C:\Windows\erdnt
2014-01-12 14:53 - 2009-07-14 02:34 - 00000215 _____ C:\Windows\system.ini
2014-01-12 11:25 - 2014-01-12 10:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-12 09:55 - 2014-01-12 09:55 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Malwarebytes
2014-01-12 09:55 - 2014-01-12 09:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-10 11:53 - 2013-09-25 13:02 - 00000000 ____D C:\Program Files\Avast Antivirus
2014-01-10 11:52 - 2013-09-25 13:02 - 00003914 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-09 08:19 - 2014-01-09 08:19 - 00285360 _____ C:\Windows\Minidump\010914-13072-01.dmp
2014-01-09 08:19 - 2013-01-10 18:11 - 686003420 _____ C:\Windows\MEMORY.DMP
2014-01-09 08:19 - 2013-01-10 18:11 - 00000000 ____D C:\Windows\Minidump
2014-01-09 08:12 - 2013-01-09 18:35 - 00000000 ___RD C:\Users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-07 12:01 - 2013-12-25 17:52 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Skype
2014-01-06 16:48 - 2014-01-06 16:47 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-06 16:47 - 2013-09-25 13:02 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-06 16:47 - 2013-09-25 13:02 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-01-06 16:47 - 2013-09-25 13:02 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-06 16:47 - 2013-09-25 13:02 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-06 16:47 - 2013-09-25 13:02 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-06 16:47 - 2013-09-25 13:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-05 17:51 - 2013-02-24 07:51 - 00000000 ____D C:\Users\M&M&M\AppData\Local\Turbine
2014-01-05 15:30 - 2013-01-10 18:26 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Adobe
2013-12-28 09:05 - 2013-12-28 08:59 - 00000000 ____D C:\Program Files\ShrewSoft
2013-12-28 08:40 - 2013-12-28 08:40 - 00003244 _____ C:\Windows\System32\Tasks\{8C82C656-A00A-4386-8070-97B345C05E57}
2013-12-28 08:34 - 2013-01-09 18:35 - 00000000 ____D C:\Users\M&M&M
2013-12-27 16:01 - 2013-01-09 21:01 - 01625966 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-27 15:01 - 2013-12-27 15:01 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Copy
2013-12-26 16:48 - 2013-12-26 16:48 - 00000000 ____D C:\ProgramData\Oracle
2013-12-26 16:47 - 2013-12-26 16:47 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-26 16:47 - 2013-12-26 16:47 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-26 16:47 - 2013-12-26 16:47 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-26 16:47 - 2013-12-26 16:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-26 16:47 - 2013-12-26 16:47 - 00000000 ____D C:\ProgramData\Sun
2013-12-26 09:44 - 2009-07-14 05:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-25 17:52 - 2013-12-25 17:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-25 17:52 - 2013-12-25 17:52 - 00000000 ____D C:\ProgramData\Skype
2013-12-21 17:53 - 2013-12-21 17:53 - 00000000 ____D C:\ProgramData\OO Software
2013-12-20 20:11 - 2013-01-09 18:35 - 00000000 ___RD C:\Users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-20 20:10 - 2013-12-20 20:10 - 00002644 _____ C:\Windows\System32\Tasks\GlaryInitialize 4
2013-12-20 20:10 - 2013-10-30 08:19 - 00000000 ____D C:\ProgramData\GlarySoft
2013-12-20 20:10 - 2013-07-15 11:06 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\GlarySoft
2013-12-20 20:05 - 2013-01-09 21:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 20:05 - 2009-07-14 05:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-20 10:38 - 2013-12-20 10:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 13:39 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-12-18 20:21 - 2013-10-18 18:29 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\vlc
2013-12-18 17:42 - 2013-02-23 22:08 - 00000000 ____D C:\Users\M&M&M\AppData\Local\PMB Files
2013-12-18 14:02 - 2013-01-11 09:27 - 00000000 ___RD C:\Users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media
2013-12-18 14:02 - 2013-01-09 18:35 - 00000000 ___RD C:\Users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-18 13:54 - 2013-01-09 18:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-17 05:35 - 2013-12-20 20:10 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-12-17 05:05 - 2013-12-20 20:10 - 00017088 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2013-12-15 09:28 - 2009-07-14 04:45 - 05065224 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-15 09:11 - 2013-01-13 17:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-15 09:10 - 2013-08-12 10:33 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 09:09 - 2013-01-09 21:58 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-15 09:06 - 2013-12-14 16:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-14 17:04 - 2013-12-14 17:04 - 00001541 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-14 17:04 - 2013-12-14 17:04 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-14 17:04 - 2013-12-14 17:04 - 00000000 ____D C:\Program Files\iTunes
2013-12-14 17:04 - 2013-12-14 17:04 - 00000000 ____D C:\Program Files\iPod
2013-12-14 16:54 - 2013-01-10 19:28 - 00000000 ____D C:\Users\M&M&M\AppData\Local\Adobe
2013-12-14 16:54 - 2013-01-10 18:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-14 16:54 - 2013-01-10 18:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-14 16:54 - 2013-01-10 18:26 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-14 16:04 - 2013-07-01 18:18 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-14 16:04 - 2013-07-01 18:18 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
Some content of TEMP:
====================
C:\Users\M&M&M\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-12 12:53
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-01-2014 02
Ran by M&M&M at 2014-01-13 20:46:40
Running from E:\Users\M&M&M\Downloads\Trojaner Board\FRST
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
„Der Herr der Ringe Online™“ v03.08.00.8025 (x32 Version: 03.08.00.8025 - Turbine, Inc.)
Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.0.0 - Adobe Systems)
Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.0.0 - Adobe Systems) Hidden
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (x32 Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.3 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS6 (x32 Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS6 (x32 Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player (x32 Version: 10.2.0.22 - Adobe Systems, Inc.)
Adobe Widget Browser (x32 Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Advanced Audio FX Engine (x32 Version: 1.12.05 - Creative Technology Ltd)
AlienAutopsy (Version: 3.3.6261.27 - PC-Doctor, Inc.)
Alienware Command Center (Version: 2.8.8.0 - Alienware Corp.) Hidden
Alienware Command Center (x32 Version: 2.8.8.0 - Alienware Corp.)
Alienware On-Screen Display (x32 Version: 0.32.0.2C - )
Alienware On-Screen Display (x32 Version: 0.32.0.2C - ) Hidden
Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18 - Amazon Services LLC)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2013 v.11.0.5 (x32 Version: 11.0.5 - Ashampoo GmbH & Co. KG)
Assassin's Creed(R) III v1.06 (x32 Version: 1.06 - Ubisoft)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.8.8 - Atheros Communications Inc.)
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Battlefield 2(TM) (x32 Version: - )
Battlefield 2: Special Forces (x32 Version: - )
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Citavi (x32 Version: 3.4.0.2 - Swiss Academic Software)
Copy (Version: 1.41.248.0 - Barracuda Networks, Inc.)
CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.6523 - CyberLink Corp.)
CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.6523 - CyberLink Corp.) Hidden
DAEMON Tools Lite (x32 Version: 4.46.1.0327 - DT Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (Version: - Microsoft)
DHTML Editing Component (x32 Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKCU Version: 2.0.22 - Dropbox, Inc.)
DVDFab 9.0.5.5 (26/07/2013) (x32 Version: - Fengtao Software Inc.)
EA.com Matchup (x32 Version: - )
EA.com Update (x32 Version: - )
EMSC (x32 Version: 0.0.0.22C - Compal Electronics, Inc.) Hidden
FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2 - FileZilla Project)
Free FLV Converter V 7.6.0 (x32 Version: 7.6.0.0 - Koyote Soft)
Free YouTube Download Manager (x32 Version: 1.0.0.27 - Freetec)
Free YouTube Download Manager (x32 Version: 1.0.0.27 - Freetec) Hidden
Glary Utilities 4.2 (x32 Version: 4.2.0.74 - Glarysoft Ltd)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Integrated Webcam Live! Central (x32 Version: 2.01.18 - Creative Technology Ltd)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3090 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.0.1.1399 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (x32 Version: - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.1.0.0096 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.1.0.0140 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (Version: 15.01.0000.0830 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.219.2 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LifeScan USB Device Driver vSL2.0 (Driver Removal) (x32 Version: - LifeScan Inc)
LogoMaker 3.0 (x32 Version: - Studio V5)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (x32 Version: - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Need for Speed(TM) Hot Pursuit (x32 Version: 1.0.0.0 - Electronic Arts)
NirSoft BlueScreenView (x32 Version: - )
Origin (x32 Version: 9.1.15.109 - Electronic Arts, Inc.)
Pando Media Booster (x32 Version: 2.6.0.8 - Pando Networks Inc.)
PDF Architect (x32 Version: 1.1.83.9982 - pdfforge GmbH)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFCreator (x32 Version: 1.7.2 - pdfforge)
PL-2303 USB-to-Serial (x32 Version: 1.3.0 - Prolific Technology INC)
PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek PCIE Card Reader (x32 Version: 6.1.7601.28094 - Realtek Semiconductor Corp.)
Rosetta Stone Version 3 (x32 Version: 3.4.5.0 - Rosetta Stone Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Shrew Soft VPN Client (Version: - )
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Sound Blaster Recon3Di (x32 Version: 1.00.08 - Creative Technology Limited)
Sound Blaster Recon3Di Extras (x32 Version: 1.0 - Creative Technology Limited)
ST Microelectronics 3 Axis Digital Accelerometer Solution (x32 Version: 4.12.0018 - ST Microelectronics)
Synaptics Pointing Device Driver (Version: 16.0.2.0 - Synaptics Incorporated)
TechSmith Screen Codec 2 (x32 Version: 1.0.4.0 - TechSmith Corporation) Hidden
Turbo Lister 2 (x32 Version: 2.00.0000 - eBay Inc.)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (Version: - Microsoft)
Uplay (x32 Version: 2.0 - Ubisoft)
VLC media player 2.1.0 (Version: 2.1.0 - VideoLAN)
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 02:34 - 2014-01-12 14:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0607C223-AE54-4656-B165-D7384DD14D37} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\AlienAutopsy\sessionchecker.exe [2013-05-07] (PC-Doctor, Inc.)
Task: {212306D5-D93E-4252-B723-AC0AC404517E} - \Software Updater Ui No Task File
Task: {3A820E0E-5533-4EFA-94B5-F2CD4864DF5D} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe [2013-01-13] ()
Task: {3D1C11BC-CF3A-47D9-9626-53A6FC10B44F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4688720B-1C95-4F32-A5DC-E302B6AEE480} - \Software Updater No Task File
Task: {487CDF91-71E9-4FA2-A4D1-43DA471E71F6} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3223311984-1010959465-1201995320-1000
Task: {579868E9-8B5E-4395-8378-0687E4793B91} - System32\Tasks\avast! Emergency Update => C:\Program Files\Avast Antivirus\AvastEmUpdate.exe [2014-01-06] (AVAST Software)
Task: {705DA6C5-F55D-40FB-AF39-1B03F42ED331} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-01-13] ()
Task: {90F287D4-EBBF-472B-8FD8-75212AAC0C22} - System32\Tasks\GlaryInitialize 4 => E:\Programme\Glary Utilities 4\Initialize.exe [2013-12-17] (Glarysoft Ltd)
Task: {9D964588-6949-4BE3-B8FF-3EC97A144363} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01] (Google Inc.)
Task: {9DCCB594-1C1D-415A-8169-0D9051FF40B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01] (Google Inc.)
Task: {A5615082-3444-48A1-92E6-646E6D26A57F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-14] (Adobe Systems Incorporated)
Task: {D1E4C2D9-6498-4A4C-9CCA-83D1BD1FB1DA} - \DSite No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GlaryInitialize 4.job => E:\Programme\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2009-11-15 18:24 - 2009-11-15 18:24 - 00026624 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2009-11-15 18:23 - 2009-11-15 18:23 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2009-11-15 18:23 - 2009-11-15 18:23 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2009-11-15 18:24 - 2009-11-15 18:24 - 00119296 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2009-11-15 18:24 - 2009-11-15 18:24 - 00034816 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2009-11-15 18:25 - 2009-11-15 18:25 - 00019456 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2009-11-15 18:24 - 2009-11-15 18:24 - 00030720 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2009-11-15 18:24 - 2009-11-15 18:24 - 00034304 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2009-11-15 18:24 - 2009-11-15 18:24 - 00028160 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2013-01-09 18:53 - 2012-02-14 08:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-12-23 13:48 - 2014-01-06 20:46 - 02158080 _____ () C:\Users\M&M&M\AppData\Roaming\Copy\Gui.dll
2013-12-23 14:04 - 2014-01-06 20:46 - 08168448 _____ () C:\Users\M&M&M\AppData\Roaming\Copy\Brt.dll
2013-12-23 13:50 - 2014-01-06 20:46 - 09062912 _____ () C:\Users\M&M&M\AppData\Roaming\Copy\AgentSync.dll
2013-12-23 13:48 - 2014-01-06 20:46 - 05379072 _____ () C:\Users\M&M&M\AppData\Roaming\Copy\CloudSync.dll
2013-12-27 15:01 - 2014-01-07 13:56 - 08168448 _____ () C:\Users\M&M&M\AppData\Roaming\Copy\overlay\Brt.dll
2010-01-02 14:42 - 2010-01-02 14:42 - 00098304 _____ () E:\Programme\FileZilla FTP Client\fzshellext_64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-01-13 15:20 - 2014-01-13 09:57 - 02153984 _____ () C:\Program Files\Avast Antivirus\defs\14011300\algo.dll
2012-11-28 13:13 - 2012-11-28 13:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 13:13 - 2012-11-28 13:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-18 23:55 - 2013-10-18 23:55 - 25100288 _____ () C:\Users\M&M&M\AppData\Roaming\Dropbox\bin\libcef.dll
2009-12-18 10:07 - 2009-12-18 10:07 - 00577536 _____ () C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll
2011-12-22 16:31 - 2011-12-22 16:31 - 00593920 _____ () C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\de-DE\SBRcni.resources.dll
2013-10-23 09:18 - 2013-10-23 09:18 - 19336120 _____ () C:\Program Files\Avast Antivirus\libcef.dll
2013-08-14 17:08 - 2013-08-14 17:08 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\991a8d378a3e64b31c0f4770ba9ae071\IsdiInterop.ni.dll
2013-01-09 20:54 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-01-09 18:50 - 2012-02-01 13:44 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-12-14 16:27 - 2013-12-14 16:27 - 03017840 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-12-14 16:27 - 2013-12-14 16:27 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-12-14 16:27 - 2013-12-14 16:27 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-12-20 10:38 - 2013-12-20 10:38 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-08-26 15:22 - 2013-05-23 05:17 - 00428032 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\FirefoxPickerCommunication.dll
2013-12-14 16:47 - 2013-12-14 16:54 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/13/2014 06:38:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1115985
Error: (01/13/2014 06:38:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1115985
Error: (01/13/2014 06:38:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/13/2014 06:19:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1997
Error: (01/13/2014 06:19:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1997
Error: (01/13/2014 06:19:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/13/2014 06:19:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999
Error: (01/13/2014 06:19:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 999
Error: (01/13/2014 06:19:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/13/2014 06:05:17 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: PDFCreator-1_7_2_setup.tmp, Version: 51.52.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce753
ID des fehlerhaften Prozesses: 0x1254
Startzeit der fehlerhaften Anwendung: 0xPDFCreator-1_7_2_setup.tmp0
Pfad der fehlerhaften Anwendung: PDFCreator-1_7_2_setup.tmp1
Pfad des fehlerhaften Moduls: PDFCreator-1_7_2_setup.tmp2
Berichtskennung: PDFCreator-1_7_2_setup.tmp3
System errors:
=============
Error: (01/13/2014 05:42:00 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Skype Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/13/2014 05:34:58 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Skype Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/13/2014 05:04:14 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (01/13/2014 04:59:22 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Skype Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/12/2014 02:53:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (01/12/2014 02:52:45 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (01/12/2014 02:50:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (01/12/2014 10:44:48 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (01/11/2014 10:09:17 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (01/11/2014 07:59:47 AM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Microsoft Office Sessions:
=========================
Error: (01/13/2014 06:38:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1115985
Error: (01/13/2014 06:38:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1115985
Error: (01/13/2014 06:38:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/13/2014 06:19:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1997
Error: (01/13/2014 06:19:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1997
Error: (01/13/2014 06:19:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/13/2014 06:19:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999
Error: (01/13/2014 06:19:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 999
Error: (01/13/2014 06:19:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/13/2014 06:05:17 PM) (Source: Application Error)(User: )
Description: PDFCreator-1_7_2_setup.tmp51.52.0.02a425e19ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753125401cf108995b333beC:\Users\M&M&M\AppData\Local\Temp\is-95KNA.tmp\PDFCreator-1_7_2_setup.tmpC:\Windows\SysWOW64\ntdll.dll4170c57b-7c7d-11e3-8745-6036dd76d774
CodeIntegrity Errors:
===================================
Date: 2014-01-12 14:52:45.176
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-01-12 14:52:45.134
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-18 16:08:06.589
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Programme\Glary Utilities 3\ProcObsrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-18 16:08:06.531
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Programme\Glary Utilities 3\ProcObsrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 53%
Total physical RAM: 6026.36 MB
Available physical RAM: 2804.9 MB
Total Pagefile: 12050.89 MB
Available Pagefile: 8744.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.47 GB) (Free:190.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (HDD) (Fixed) (Total:456.98 GB) (Free:221.98 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 680FA396)
Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 802D14F7)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=457 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
14.01.2014, 14:59
| #6 |
| /// the machine /// TB-Ausbilder | SoftwareUpdater.Ui.exeESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> SoftwareUpdater.Ui.exe |
|
14.01.2014, 20:26
| #7 |
| | SoftwareUpdater.Ui.exeCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c60b13c36293884e9ae6a4c19ba8376d
# engine=16649
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-14 06:45:57
# local_time=2014-01-14 06:45:57 (+0000, Westeuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 44615 142190207 0 0
# scanned=455434
# found=0
# cleaned=0
# scan_time=7465
"Das System kann den angegebenen Pfad nicht finden. Der Befehl M ist entweder falsch geschrieben oder konnte nicht gefunden werden. Der Befehlt "M\AppData\Local\Temp\RarSFX1\SecurityCheck\" ist entweder falsch geschrieben oder konnte nicht gefunden werden." Dann folge ich der Anweisung "beliebige Taste drücken" und dann werde eine Reihe von Dateien aufgelistet, welche nicht gefunden werden können und schließlich folgt die leere checkup.txt Datei... FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-01-2014 02
Ran by M&M&M (administrator) on ALIENWARE on 14-01-2014 19:24:03
Running from E:\Users\M&M&M\Downloads\Trojaner Board\FRST
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\Avast Antivirus\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Microsoft Corporation) C:\Users\M&M&M\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Barracuda Networks, Inc.) C:\Users\M&M&M\AppData\Roaming\Copy\CopyAgent.exe
(Dropbox, Inc.) C:\Users\M&M&M\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\Avast Antivirus\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Microsoft Corporation) E:\Programme\Microsoft Office\Office14\WINWORD.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2012-02-21] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2886416 2012-03-01] (Synaptics Incorporated)
HKLM\...\Run: [Command Center Controllers] - C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-15] (Alienware)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1636208 2011-12-01] ()
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3Di Control Panel] - C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [880640 2011-12-21] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-19] (Intel Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\Avast Antivirus\AvastUI.exe [3764024 2014-01-06] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SkyDrive] - C:\Users\M&M&M\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - E:\Programme\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKCU\...\Run: [Copy] - C:\Users\M&M&M\AppData\Roaming\Copy\CopyAgent.exe [15501456 2014-01-06] (Barracuda Networks, Inc.)
Startup: C:\Users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\M&M&M\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA4722AAD7FEFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast Antivirus\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast Antivirus\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast Antivirus\aswWebRepIE.dll (AVAST Software)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programme\Java\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast Antivirus\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Avast Antivirus\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Avast Antivirus\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9CDFBA31-E683-4CFE-A137-1793DC61945A}: [NameServer]141.78.7.250,141.78.7.200
FireFox:
========
FF ProfilePath: C:\Users\M&M&M\AppData\Roaming\Mozilla\Firefox\Profiles\jetjjre1.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - E:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - E:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - E:\Programme\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - E:\Programme\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\M&M&M\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Xmarks - C:\Users\M&M&M\AppData\Roaming\Mozilla\Firefox\Profiles\jetjjre1.default\Extensions\foxmarks@kei.com [2014-01-12]
FF Extension: ProxTube - Unblock YouTube - C:\Users\M&M&M\AppData\Roaming\Mozilla\Firefox\Profiles\jetjjre1.default\Extensions\ich@maltegoetz.de [2013-12-14]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-02-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Avast Antivirus\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Avast Antivirus\WebRep\FF [2013-09-25]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-01-13]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (iTunes Application Detector) - E:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-07-02]
CHR Extension: (Google Drive) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-07-02]
CHR Extension: (YouTube) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-07-02]
CHR Extension: (Google Search) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-07-02]
CHR Extension: (APK Downloader) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\johbbanbdddngnjkcemcdnplpobhccdd\1.2.1_0 [2013-07-02]
CHR Extension: (Google Wallet) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-26]
CHR Extension: (Citavi Picker) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\piehhloihgjjiomhieeddiidpekaajio\2013.5.30_0 [2013-09-25]
CHR Extension: (Gmail) - C:\Users\M&M&M\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-07-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Avast Antivirus\WebRep\Chrome\aswWebRepChrome.crx [2013-10-23]
CHR HKLM-x32\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx [2013-08-26]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\Avast Antivirus\AvastSvc.exe [50344 2014-01-06] (AVAST Software)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [247328 2013-01-02] (CyberLink)
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [122880 2012-03-27] (Creative Technology Ltd)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [50688 2009-11-15] ()
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [948224 2009-11-15] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [690688 2009-11-15] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-01] (Intel Corporation)
S3 Microsoft SharePoint Workspace Audit Service; E:\Programme\Microsoft Office\Office14\GROOVE.EXE [50921648 2013-03-08] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-01-11] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-06] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-06] ()
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17088 2013-12-17] (Glarysoft Ltd)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1052760 2012-03-27] (Creative Technology Ltd)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [38472 2011-02-02] (Dell Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-18] (DT Soft Ltd)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [67184 2012-01-03] (STMicroelectronics)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 vdrive; system32\DRIVERS\vdrive.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-13 18:05 - 2014-01-13 18:05 - 00000000 ____D C:\Program Files (x86)\PDF Architect
2014-01-13 18:04 - 2014-01-13 18:04 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\pdfforge
2014-01-13 18:04 - 2013-04-09 14:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-01-13 18:04 - 2012-05-05 10:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-01-13 18:04 - 2012-05-05 10:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-01-13 18:04 - 1998-07-06 17:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-01-13 18:04 - 1998-07-06 17:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-01-13 18:04 - 1998-07-06 17:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2014-01-13 16:28 - 2014-01-13 16:28 - 00000000 ____D C:\Windows\ERUNT
2014-01-13 16:19 - 2014-01-13 16:22 - 00000000 ____D C:\AdwCleaner
2014-01-12 14:54 - 2014-01-12 14:54 - 00039701 _____ C:\ComboFix.txt
2014-01-12 14:48 - 2014-01-12 14:54 - 00000000 ____D C:\Qoobox
2014-01-12 14:48 - 2014-01-12 14:53 - 00000000 ____D C:\Windows\erdnt
2014-01-12 14:48 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-12 14:48 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-12 14:48 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-12 14:48 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-12 14:48 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-12 14:48 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-12 14:48 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-12 14:48 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-12 10:55 - 2014-01-12 11:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-12 10:54 - 2014-01-13 15:24 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-12 10:48 - 2014-01-13 18:45 - 00000000 ____D C:\FRST
2014-01-12 09:55 - 2014-01-12 09:55 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Malwarebytes
2014-01-12 09:55 - 2014-01-12 09:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-12 09:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-09 08:19 - 2014-01-09 08:19 - 00285360 _____ C:\Windows\Minidump\010914-13072-01.dmp
2014-01-06 16:47 - 2014-01-06 16:48 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-28 08:59 - 2013-12-28 09:05 - 00000000 ____D C:\Program Files\ShrewSoft
2013-12-28 08:40 - 2013-12-28 08:40 - 00003244 _____ C:\Windows\System32\Tasks\{8C82C656-A00A-4386-8070-97B345C05E57}
2013-12-27 15:01 - 2014-01-14 07:18 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Copy
2013-12-27 15:01 - 2013-12-27 15:01 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Copy
2013-12-26 16:48 - 2013-12-26 16:48 - 00000000 ____D C:\ProgramData\Oracle
2013-12-26 16:47 - 2013-12-26 16:47 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-26 16:47 - 2013-12-26 16:47 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-26 16:47 - 2013-12-26 16:47 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-26 16:47 - 2013-12-26 16:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-26 16:47 - 2013-12-26 16:47 - 00000000 ____D C:\ProgramData\Sun
2013-12-25 17:52 - 2014-01-07 12:01 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Skype
2013-12-25 17:52 - 2013-12-25 17:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-25 17:52 - 2013-12-25 17:52 - 00000000 ____D C:\ProgramData\Skype
2013-12-21 17:53 - 2013-12-21 17:53 - 00000000 ____D C:\ProgramData\OO Software
2013-12-20 20:10 - 2014-01-14 07:19 - 00000314 _____ C:\Windows\Tasks\GlaryInitialize 4.job
2013-12-20 20:10 - 2013-12-20 20:10 - 00002644 _____ C:\Windows\System32\Tasks\GlaryInitialize 4
2013-12-20 20:10 - 2013-12-17 05:35 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-12-20 20:10 - 2013-12-17 05:05 - 00017088 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2013-12-20 10:38 - 2013-12-20 10:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-15 09:12 - 2013-05-10 05:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-15 09:12 - 2013-05-10 05:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-15 09:12 - 2013-05-10 04:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-15 09:12 - 2013-05-10 04:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-15 09:11 - 2013-11-26 11:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-15 09:11 - 2013-11-26 10:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-15 09:11 - 2013-11-26 10:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-15 09:11 - 2013-11-26 10:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-15 09:11 - 2013-11-26 09:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-15 09:11 - 2013-11-26 09:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-15 09:11 - 2013-11-26 09:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-15 09:11 - 2013-11-26 09:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-15 09:11 - 2013-11-26 09:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-15 09:11 - 2013-11-26 09:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-15 09:11 - 2013-11-26 09:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-15 09:11 - 2013-11-26 09:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-15 09:11 - 2013-11-26 09:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-15 09:11 - 2013-11-26 09:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-15 09:11 - 2013-11-26 08:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-15 09:11 - 2013-11-26 08:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-15 09:11 - 2013-11-26 08:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-15 09:11 - 2013-11-26 08:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-15 09:11 - 2013-11-26 08:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-15 09:11 - 2013-11-26 08:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-15 09:11 - 2013-11-26 08:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-15 09:11 - 2013-11-26 08:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-15 09:11 - 2013-11-26 07:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-15 09:11 - 2013-11-26 07:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-15 09:11 - 2013-11-26 07:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-15 09:11 - 2013-11-26 07:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-15 09:11 - 2013-11-26 06:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-15 09:11 - 2013-11-26 06:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-15 09:11 - 2013-11-26 06:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-15 09:11 - 2013-11-26 06:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-15 09:11 - 2013-11-26 06:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
==================== One Month Modified Files and Folders =======
2014-01-14 19:09 - 2013-07-01 18:18 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-14 19:04 - 2013-01-09 18:35 - 01107501 _____ C:\Windows\WindowsUpdate.log
2014-01-14 18:47 - 2013-01-10 18:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-14 16:09 - 2013-07-01 18:18 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-14 09:40 - 2013-02-24 11:32 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\FileZilla
2014-01-14 07:25 - 2009-07-14 04:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-14 07:25 - 2009-07-14 04:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-14 07:24 - 2013-01-10 03:29 - 00710752 _____ C:\Windows\system32\perfh007.dat
2014-01-14 07:24 - 2013-01-10 03:29 - 00155050 _____ C:\Windows\system32\perfc007.dat
2014-01-14 07:24 - 2009-07-14 05:13 - 01651686 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-14 07:23 - 2009-07-14 04:51 - 07488884 _____ C:\Windows\setupact.log
2014-01-14 07:19 - 2013-12-20 20:10 - 00000314 _____ C:\Windows\Tasks\GlaryInitialize 4.job
2014-01-14 07:19 - 2013-01-29 19:18 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Dropbox
2014-01-14 07:18 - 2013-12-27 15:01 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Copy
2014-01-14 07:18 - 2013-10-01 15:04 - 00078848 _____ C:\Windows\KMSEmulator.exe
2014-01-14 07:18 - 2013-01-13 17:35 - 00002756 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2014-01-14 07:18 - 2013-01-13 17:35 - 00000218 _____ C:\Windows\Tasks\AutoKMSDaily.job
2014-01-14 07:18 - 2013-01-13 17:35 - 00000216 _____ C:\Windows\Tasks\AutoKMS.job
2014-01-14 07:18 - 2010-11-21 03:47 - 00362448 _____ C:\Windows\PFRO.log
2014-01-14 07:18 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-13 18:45 - 2014-01-12 10:48 - 00000000 ____D C:\FRST
2014-01-13 18:05 - 2014-01-13 18:05 - 00000000 ____D C:\Program Files (x86)\PDF Architect
2014-01-13 18:04 - 2014-01-13 18:04 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\pdfforge
2014-01-13 16:28 - 2014-01-13 16:28 - 00000000 ____D C:\Windows\ERUNT
2014-01-13 16:22 - 2014-01-13 16:19 - 00000000 ____D C:\AdwCleaner
2014-01-13 15:24 - 2014-01-12 10:54 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-12 14:54 - 2014-01-12 14:54 - 00039701 _____ C:\ComboFix.txt
2014-01-12 14:54 - 2014-01-12 14:48 - 00000000 ____D C:\Qoobox
2014-01-12 14:53 - 2014-01-12 14:48 - 00000000 ____D C:\Windows\erdnt
2014-01-12 14:53 - 2009-07-14 02:34 - 00000215 _____ C:\Windows\system.ini
2014-01-12 11:25 - 2014-01-12 10:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-12 09:55 - 2014-01-12 09:55 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Malwarebytes
2014-01-12 09:55 - 2014-01-12 09:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-10 11:53 - 2013-09-25 13:02 - 00000000 ____D C:\Program Files\Avast Antivirus
2014-01-10 11:52 - 2013-09-25 13:02 - 00003914 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-09 08:19 - 2014-01-09 08:19 - 00285360 _____ C:\Windows\Minidump\010914-13072-01.dmp
2014-01-09 08:19 - 2013-01-10 18:11 - 686003420 _____ C:\Windows\MEMORY.DMP
2014-01-09 08:19 - 2013-01-10 18:11 - 00000000 ____D C:\Windows\Minidump
2014-01-09 08:12 - 2013-01-09 18:35 - 00000000 ___RD C:\Users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-07 12:01 - 2013-12-25 17:52 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Skype
2014-01-06 16:48 - 2014-01-06 16:47 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-06 16:47 - 2013-09-25 13:02 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-06 16:47 - 2013-09-25 13:02 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-01-06 16:47 - 2013-09-25 13:02 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-06 16:47 - 2013-09-25 13:02 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-06 16:47 - 2013-09-25 13:02 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-06 16:47 - 2013-09-25 13:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-05 17:51 - 2013-02-24 07:51 - 00000000 ____D C:\Users\M&M&M\AppData\Local\Turbine
2014-01-05 15:30 - 2013-01-10 18:26 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Adobe
2013-12-28 09:05 - 2013-12-28 08:59 - 00000000 ____D C:\Program Files\ShrewSoft
2013-12-28 08:40 - 2013-12-28 08:40 - 00003244 _____ C:\Windows\System32\Tasks\{8C82C656-A00A-4386-8070-97B345C05E57}
2013-12-28 08:34 - 2013-01-09 18:35 - 00000000 ____D C:\Users\M&M&M
2013-12-27 16:01 - 2013-01-09 21:01 - 01625966 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-27 15:01 - 2013-12-27 15:01 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Copy
2013-12-26 16:48 - 2013-12-26 16:48 - 00000000 ____D C:\ProgramData\Oracle
2013-12-26 16:47 - 2013-12-26 16:47 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-26 16:47 - 2013-12-26 16:47 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-26 16:47 - 2013-12-26 16:47 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-26 16:47 - 2013-12-26 16:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-26 16:47 - 2013-12-26 16:47 - 00000000 ____D C:\ProgramData\Sun
2013-12-26 09:44 - 2009-07-14 05:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-25 17:52 - 2013-12-25 17:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-25 17:52 - 2013-12-25 17:52 - 00000000 ____D C:\ProgramData\Skype
2013-12-21 17:53 - 2013-12-21 17:53 - 00000000 ____D C:\ProgramData\OO Software
2013-12-20 20:11 - 2013-01-09 18:35 - 00000000 ___RD C:\Users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-20 20:10 - 2013-12-20 20:10 - 00002644 _____ C:\Windows\System32\Tasks\GlaryInitialize 4
2013-12-20 20:10 - 2013-10-30 08:19 - 00000000 ____D C:\ProgramData\GlarySoft
2013-12-20 20:10 - 2013-07-15 11:06 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\GlarySoft
2013-12-20 20:05 - 2013-01-09 21:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 20:05 - 2009-07-14 05:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-20 10:38 - 2013-12-20 10:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 13:39 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-12-18 20:21 - 2013-10-18 18:29 - 00000000 ____D C:\Users\M&M&M\AppData\Roaming\vlc
2013-12-18 17:42 - 2013-02-23 22:08 - 00000000 ____D C:\Users\M&M&M\AppData\Local\PMB Files
2013-12-18 14:02 - 2013-01-11 09:27 - 00000000 ___RD C:\Users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media
2013-12-18 14:02 - 2013-01-09 18:35 - 00000000 ___RD C:\Users\M&M&M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-18 13:54 - 2013-01-09 18:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-17 05:35 - 2013-12-20 20:10 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-12-17 05:05 - 2013-12-20 20:10 - 00017088 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2013-12-15 09:28 - 2009-07-14 04:45 - 05065224 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-15 09:11 - 2013-01-13 17:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-15 09:10 - 2013-08-12 10:33 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 09:09 - 2013-01-09 21:58 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-15 09:06 - 2013-12-14 16:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
Some content of TEMP:
====================
C:\Users\M&M&M\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-12 12:53
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-01-2014 02
Ran by M&M&M at 2014-01-14 19:24:20
Running from E:\Users\M&M&M\Downloads\Trojaner Board\FRST
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
„Der Herr der Ringe Online™“ v03.08.00.8025 (x32 Version: 03.08.00.8025 - Turbine, Inc.)
Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.0.0 - Adobe Systems)
Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.0.0 - Adobe Systems) Hidden
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (x32 Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.3 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS6 (x32 Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS6 (x32 Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player (x32 Version: 10.2.0.22 - Adobe Systems, Inc.)
Adobe Widget Browser (x32 Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Advanced Audio FX Engine (x32 Version: 1.12.05 - Creative Technology Ltd)
AlienAutopsy (Version: 3.3.6261.27 - PC-Doctor, Inc.)
Alienware Command Center (Version: 2.8.8.0 - Alienware Corp.) Hidden
Alienware Command Center (x32 Version: 2.8.8.0 - Alienware Corp.)
Alienware On-Screen Display (x32 Version: 0.32.0.2C - )
Alienware On-Screen Display (x32 Version: 0.32.0.2C - ) Hidden
Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18 - Amazon Services LLC)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2013 v.11.0.5 (x32 Version: 11.0.5 - Ashampoo GmbH & Co. KG)
Assassin's Creed(R) III v1.06 (x32 Version: 1.06 - Ubisoft)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.8.8 - Atheros Communications Inc.)
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Battlefield 2(TM) (x32 Version: - )
Battlefield 2: Special Forces (x32 Version: - )
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Citavi (x32 Version: 3.4.0.2 - Swiss Academic Software)
Copy (Version: 1.41.248.0 - Barracuda Networks, Inc.)
CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.6523 - CyberLink Corp.)
CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.6523 - CyberLink Corp.) Hidden
DAEMON Tools Lite (x32 Version: 4.46.1.0327 - DT Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (Version: - Microsoft)
DHTML Editing Component (x32 Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKCU Version: 2.0.22 - Dropbox, Inc.)
DVDFab 9.0.5.5 (26/07/2013) (x32 Version: - Fengtao Software Inc.)
EA.com Matchup (x32 Version: - )
EA.com Update (x32 Version: - )
EMSC (x32 Version: 0.0.0.22C - Compal Electronics, Inc.) Hidden
FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2 - FileZilla Project)
Free FLV Converter V 7.6.0 (x32 Version: 7.6.0.0 - Koyote Soft)
Free YouTube Download Manager (x32 Version: 1.0.0.27 - Freetec)
Free YouTube Download Manager (x32 Version: 1.0.0.27 - Freetec) Hidden
Glary Utilities 4.2 (x32 Version: 4.2.0.74 - Glarysoft Ltd)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Integrated Webcam Live! Central (x32 Version: 2.01.18 - Creative Technology Ltd)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3090 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.0.1.1399 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (x32 Version: - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.1.0.0096 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.1.0.0140 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (Version: 15.01.0000.0830 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.219.2 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LifeScan USB Device Driver vSL2.0 (Driver Removal) (x32 Version: - LifeScan Inc)
LogoMaker 3.0 (x32 Version: - Studio V5)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (x32 Version: - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Need for Speed(TM) Hot Pursuit (x32 Version: 1.0.0.0 - Electronic Arts)
NirSoft BlueScreenView (x32 Version: - )
Origin (x32 Version: 9.1.15.109 - Electronic Arts, Inc.)
Pando Media Booster (x32 Version: 2.6.0.8 - Pando Networks Inc.)
PDF Architect (x32 Version: 1.1.83.9982 - pdfforge GmbH)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFCreator (x32 Version: 1.7.2 - pdfforge)
PL-2303 USB-to-Serial (x32 Version: 1.3.0 - Prolific Technology INC)
PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek PCIE Card Reader (x32 Version: 6.1.7601.28094 - Realtek Semiconductor Corp.)
Rosetta Stone Version 3 (x32 Version: 3.4.5.0 - Rosetta Stone Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Shrew Soft VPN Client (Version: - )
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Sound Blaster Recon3Di (x32 Version: 1.00.08 - Creative Technology Limited)
Sound Blaster Recon3Di Extras (x32 Version: 1.0 - Creative Technology Limited)
ST Microelectronics 3 Axis Digital Accelerometer Solution (x32 Version: 4.12.0018 - ST Microelectronics)
Synaptics Pointing Device Driver (Version: 16.0.2.0 - Synaptics Incorporated)
TechSmith Screen Codec 2 (x32 Version: 1.0.4.0 - TechSmith Corporation) Hidden
Turbo Lister 2 (x32 Version: 2.00.0000 - eBay Inc.)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (Version: - Microsoft)
Uplay (x32 Version: 2.0 - Ubisoft)
VLC media player 2.1.0 (Version: 2.1.0 - VideoLAN)
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 02:34 - 2014-01-12 14:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0607C223-AE54-4656-B165-D7384DD14D37} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\AlienAutopsy\sessionchecker.exe [2013-05-07] (PC-Doctor, Inc.)
Task: {212306D5-D93E-4252-B723-AC0AC404517E} - \Software Updater Ui No Task File
Task: {3A820E0E-5533-4EFA-94B5-F2CD4864DF5D} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe [2013-01-13] ()
Task: {3D1C11BC-CF3A-47D9-9626-53A6FC10B44F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4688720B-1C95-4F32-A5DC-E302B6AEE480} - \Software Updater No Task File
Task: {487CDF91-71E9-4FA2-A4D1-43DA471E71F6} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3223311984-1010959465-1201995320-1000
Task: {579868E9-8B5E-4395-8378-0687E4793B91} - System32\Tasks\avast! Emergency Update => C:\Program Files\Avast Antivirus\AvastEmUpdate.exe [2014-01-06] (AVAST Software)
Task: {705DA6C5-F55D-40FB-AF39-1B03F42ED331} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-01-13] ()
Task: {90F287D4-EBBF-472B-8FD8-75212AAC0C22} - System32\Tasks\GlaryInitialize 4 => E:\Programme\Glary Utilities 4\Initialize.exe [2013-12-17] (Glarysoft Ltd)
Task: {9D964588-6949-4BE3-B8FF-3EC97A144363} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01] (Google Inc.)
Task: {9DCCB594-1C1D-415A-8169-0D9051FF40B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01] (Google Inc.)
Task: {A5615082-3444-48A1-92E6-646E6D26A57F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-14] (Adobe Systems Incorporated)
Task: {D1E4C2D9-6498-4A4C-9CCA-83D1BD1FB1DA} - \DSite No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GlaryInitialize 4.job => E:\Programme\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-01-09 18:53 - 2012-02-14 08:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-12-23 13:48 - 2014-01-06 20:46 - 02158080 _____ () C:\Users\M&M&M\AppData\Roaming\Copy\Gui.dll
2013-12-23 14:04 - 2014-01-06 20:46 - 08168448 _____ () C:\Users\M&M&M\AppData\Roaming\Copy\Brt.dll
2013-12-23 13:50 - 2014-01-06 20:46 - 09062912 _____ () C:\Users\M&M&M\AppData\Roaming\Copy\AgentSync.dll
2013-12-23 13:48 - 2014-01-06 20:46 - 05379072 _____ () C:\Users\M&M&M\AppData\Roaming\Copy\CloudSync.dll
2013-12-27 15:01 - 2014-01-07 13:56 - 08168448 _____ () C:\Users\M&M&M\AppData\Roaming\Copy\overlay\Brt.dll
2010-01-02 14:42 - 2010-01-02 14:42 - 00098304 _____ () E:\Programme\FileZilla FTP Client\fzshellext_64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-01-13 15:20 - 2014-01-13 09:57 - 02153984 _____ () C:\Program Files\Avast Antivirus\defs\14011300\algo.dll
2014-01-14 07:19 - 2014-01-13 22:44 - 02153984 _____ () C:\Program Files\Avast Antivirus\defs\14011301\algo.dll
2012-11-28 13:13 - 2012-11-28 13:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 13:13 - 2012-11-28 13:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-18 23:55 - 2013-10-18 23:55 - 25100288 _____ () C:\Users\M&M&M\AppData\Roaming\Dropbox\bin\libcef.dll
2009-12-18 10:07 - 2009-12-18 10:07 - 00577536 _____ () C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll
2011-12-22 16:31 - 2011-12-22 16:31 - 00593920 _____ () C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\de-DE\SBRcni.resources.dll
2013-10-23 09:18 - 2013-10-23 09:18 - 19336120 _____ () C:\Program Files\Avast Antivirus\libcef.dll
2013-08-14 17:08 - 2013-08-14 17:08 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\991a8d378a3e64b31c0f4770ba9ae071\IsdiInterop.ni.dll
2013-01-09 20:54 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-01-09 18:50 - 2012-02-01 13:44 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-12-20 10:38 - 2013-12-20 10:38 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-08-26 15:22 - 2013-05-23 05:17 - 00428032 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\FirefoxPickerCommunication.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-12-14 16:27 - 2013-12-14 16:27 - 03017840 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-12-14 16:27 - 2013-12-14 16:27 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-12-14 16:27 - 2013-12-14 16:27 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-12-14 16:47 - 2013-12-14 16:54 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/14/2014 07:16:14 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/14/2014 07:14:13 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/14/2014 06:16:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1860546
Error: (01/14/2014 06:16:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1860546
Error: (01/14/2014 06:16:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/14/2014 05:45:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013
Error: (01/14/2014 05:45:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2013
Error: (01/14/2014 05:45:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/14/2014 05:45:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999
Error: (01/14/2014 05:45:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 999
System errors:
=============
Error: (01/13/2014 05:42:00 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Skype Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/13/2014 05:34:58 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Skype Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/13/2014 05:04:14 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (01/13/2014 04:59:22 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Skype Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/12/2014 02:53:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (01/12/2014 02:52:45 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (01/12/2014 02:50:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (01/12/2014 10:44:48 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (01/11/2014 10:09:17 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (01/11/2014 07:59:47 AM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Microsoft Office Sessions:
=========================
Error: (01/14/2014 07:16:14 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\$RECYCLE.BIN\S-1-5-21-3223311984-1010959465-1201995320-1000\$RFIATFS.exe
Error: (01/14/2014 07:14:13 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (01/14/2014 06:16:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1860546
Error: (01/14/2014 06:16:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1860546
Error: (01/14/2014 06:16:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/14/2014 05:45:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013
Error: (01/14/2014 05:45:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2013
Error: (01/14/2014 05:45:51 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/14/2014 05:45:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999
Error: (01/14/2014 05:45:50 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 999
CodeIntegrity Errors:
===================================
Date: 2014-01-12 14:52:45.176
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-01-12 14:52:45.134
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-18 16:08:06.589
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Programme\Glary Utilities 3\ProcObsrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-18 16:08:06.531
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Programme\Glary Utilities 3\ProcObsrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 53%
Total physical RAM: 6026.36 MB
Available physical RAM: 2799.42 MB
Total Pagefile: 12050.89 MB
Available Pagefile: 8885.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.47 GB) (Free:190.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (HDD) (Fixed) (Total:456.98 GB) (Free:222.05 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 680FA396)
Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 802D14F7)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=457 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
15.01.2014, 12:41
| #8 |
| /// the machine /// TB-Ausbilder | SoftwareUpdater.Ui.exe Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.01.2014, 13:53
| #9 |
| | SoftwareUpdater.Ui.exe Alles erledigt. Danke für die Hilfe |
|
16.01.2014, 08:56
| #10 |
| /// the machine /// TB-Ausbilder | SoftwareUpdater.Ui.exe Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.01.2014, 17:21
| #11 |
| | SoftwareUpdater.Ui.exe Bei mir hat sich, seit dem ich die unten stehenden Programme zur Bereinigung laufen haben lasse, folgendes "Problem" ergeben. Jedes Mal wenn ich den PC neu starte, lädt dieser bis zum Desktop durch, jedoch verschwinden kurz nach dem alle Symbole/die Leiste, es folgt der Abmeldesound und ich sehe nur noch den An-/Abmeldehintergrund. Zirka 10 Sek später erscheint dann alles wieder (inkl. Anmeldesound – der PC wird jedoch nicht heruntergefahren) Kann mir evtl. jemand weiter helfen, mein System wieder in Ordnung zu bringen? Danke LP |
|
18.01.2014, 08:06
| #12 |
| /// the machine /// TB-Ausbilder | SoftwareUpdater.Ui.exe Seit welchem Programm ist das so? Und das merkst Du erst jetzt?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.01.2014, 11:18
| #13 |
| | SoftwareUpdater.Ui.exe Seit dem ich Combofix habe laufen lassen. Ich dachte, dass es sich wieder normalisiert nachdem ich den PC bereinigt habe. LP |
|
19.01.2014, 09:26
| #14 |
| /// the machine /// TB-Ausbilder | SoftwareUpdater.Ui.exe warum sagst du mir das nit direkt? Downloade dir bitte Windows Repair (All In One) von hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.01.2014, 20:17
| #15 |
| | SoftwareUpdater.Ui.exe Hallo, ich wollte gerade Windows Repair - Step 2 (Check Disk) ausführen, jedoch startet der PC nicht automatisch neu und führt die Aktion aus! Ich schaue mal ob es Check Disk evtl. bei einem manuellen Start ausgeführt wird. LP Edit 1 Check Disk hat manuell funktioniert. Wenn ich aber Step 3 ausführen möchtet, öffnet er cmd für eine Sekunde und sagt: "Das System kann den angegebenen Pfad nicht finden. Der Befehl M ist entweder falsch geschrieben oder konnte nicht gefunden werden." (oder so ähnlich). Das Problem scheint das gleiche zu sein, wie bei den vorherigen Programmen! Soll ich nun auf Start Repair gehen und Step 3 auslassen? |
|
| Themen zu SoftwareUpdater.Ui.exe |
| 4d36e972-e325-11ce-bfc1-08002be10318, adobe, alienware, antivirus, authentifizierung, avast, bonjour, branding, browser, converter, cpu, defender, desktop, device driver, excel, explorer, fehler, firefox, flash player, home, installation, koyote, minidump, mozilla, photoshop, realtek, registry, richtlinie, services.exe, svchost.exe, usb, virus, virus total, vista |
Linear-Darstellung
