| |
| |||||||
Log-Analyse und Auswertung: Avast findet mehrere Viren Win:32NextLife-B und andere Win:32...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.02.2014, 14:09
| #1 |
 |  Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Hallo ihr guten Helfer von Trojanerboard, mein PC hat Vista Betriebsystem und mein Avast findet mehrere Viren, nachdem ich so blöd war, sog. "Gratis!"-Spiele herunterzuladen. Die befallenen Dateien sind nach Reparaturversuch im Quarantänecontainer. Die Einstellungen der Startseite hatte sich auf "awesomehelp" verstellt. Habe ich wieder behoben. Seit dem Befall kommt auch bei jedem Start die Windows-Meldung vom Aufgabenplanungsmodul – siehe sreenshot. Wie mache ich den PC wieder sauber? Ich poste die gemachten screenshots sowie Defogger- und FRST-logfiles. Gmer läuft mit Fehlermeldung 2 x nicht durch. Einmal lief GMER ganz, aber ich konnte danach "save" nicht anklicken und der PC hatte sich aufgehängt. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:03 on 23/02/2014 (M1)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2014
Ran by M1 (administrator) on M1-PC on 23-02-2014 17:05:20
Running from C:\Users\M1\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
() C:\Windows\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\Office-Web\Office-Web Center\Panel.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Skillbrains) C:\Users\M1\AppData\Local\Skillbrains\lightshot\5.0.0.2\LightShot.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
HKLM\...\Run: [QPService] - C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-05-14] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-03-14] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [OnScreenDisplay] - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554288 2007-11-01] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [70912 2008-04-15] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2007-11-20] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Laser mouse] - C:\Program Files\Office-Web\Office-Web Center\Panel.exe [233472 2005-04-25] ()
HKLM\...\Run: [NWEReboot] - [X]
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-08] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3630145962-1711427128-1675247868-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3630145962-1711427128-1675247868-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3630145962-1711427128-1675247868-1000\...\Run: [LightShot] - C:\Users\M1\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226592 2014-02-03] ()
Startup: C:\Users\M1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1392571112&from=amt&uid=FUJITSUXMHZ2320BHXG2_K618T892KTSN
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1392571112&from=amt&uid=FUJITSUXMHZ2320BHXG2_K618T892KTSN
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1392571112&from=amt&uid=FUJITSUXMHZ2320BHXG2_K618T892KTSN
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1392571112&from=amt&uid=FUJITSUXMHZ2320BHXG2_K618T892KTSN
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392571112&from=amt&uid=FUJITSUXMHZ2320BHXG2_K618T892KTSN&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1392571112&from=amt&uid=FUJITSUXMHZ2320BHXG2_K618T892KTSN&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1392571112&from=amt&uid=FUJITSUXMHZ2320BHXG2_K618T892KTSN
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392571112&from=amt&uid=FUJITSUXMHZ2320BHXG2_K618T892KTSN&q={searchTerms}
SearchScopes: HKLM - {2F0B06E6-3E27-4B88-9418-02E9F6330781} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392571112&from=amt&uid=FUJITSUXMHZ2320BHXG2_K618T892KTSN&q={searchTerms}
SearchScopes: HKLM - {5FF7B5FF-CCE7-429D-B22A-B8B5CE1501E2} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392571112&from=amt&uid=FUJITSUXMHZ2320BHXG2_K618T892KTSN&q={searchTerms}
SearchScopes: HKCU - {2F0B06E6-3E27-4B88-9418-02E9F6330781} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKCU - {31CF9EBE-5755-4a1d-AC25-2834D952D9B4} URL = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392571112&from=amt&uid=FUJITSUXMHZ2320BHXG2_K618T892KTSN&q={searchTerms}
SearchScopes: HKCU - {5FF7B5FF-CCE7-429D-B22A-B8B5CE1501E2} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll No File
BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default
FF user.js: detected! => C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\user.js
FF DefaultSearchEngine: awesomehp
FF SelectedSearchEngine: awesomehp
FF Homepage: hxxp://www.awesomehp.com/?type=hp&ts=1392571112&from=amt&uid=FUJITSUXMHZ2320BHXG2_K618T892KTSN
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll (Zylom)
FF SearchPlugin: C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Quick Start - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\quick_start@gmail.com [2014-02-23]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-12-21]
FF Extension: Yahoo! Toolbar - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-04-13]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-09-27]
FF Extension: ep - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi [2014-02-23]
FF Extension: NoScript - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-27]
FF Extension: CoolPreviews - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2012-04-07]
FF Extension: Adblock Plus - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2013-09-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-08]
FF HKLM\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\extensions\lightningnewtab@gmail.com.xpi
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-08] (AVAST Software)
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard)
S2 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
R2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292248 2008-05-14] ()
R2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [116112 2008-05-14] ()
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe [221266 2009-07-21] (IDT, Inc.)
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-02-08] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-02-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-08] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-02-08] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-02-08] ()
S3 AVCSTRM; C:\Windows\System32\DRIVERS\avcstrm.sys [14208 2008-01-21] (Microsoft Corporation)
R3 HidMouse; C:\Windows\System32\Drivers\HidMouse.sys [25216 2005-08-18] (Hama)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2007-01-04] (Pinnacle Systems GmbH)
S3 MSTAPE; C:\Windows\System32\DRIVERS\mstape.sys [50048 2008-01-21] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
U1 eabfiltr;
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-23 17:05 - 2014-02-23 17:05 - 00021236 ____C () C:\Users\M1\Desktop\FRST.txt
2014-02-23 17:05 - 2014-02-23 17:05 - 00000000 ___DC () C:\FRST
2014-02-23 17:03 - 2014-02-23 17:03 - 00000466 ____C () C:\Users\M1\Desktop\defogger_disable.log
2014-02-23 17:03 - 2014-02-23 17:03 - 00000000 ____C () C:\Users\M1\defogger_reenable
2014-02-23 16:38 - 2014-02-23 16:38 - 00380416 ____C () C:\Users\M1\Desktop\Gmer-19357.exe
2014-02-23 16:36 - 2014-02-23 16:36 - 01143808 ____C (Farbar) C:\Users\M1\Desktop\FRST.exe
2014-02-23 16:36 - 2014-02-23 16:36 - 00050477 ____C () C:\Users\M1\Desktop\Defogger.exe
2014-02-22 17:25 - 2014-02-23 16:55 - 00000000 ___DC () C:\Users\M1\Documents\Lightshot
2014-02-22 17:25 - 2014-02-23 01:24 - 00000370 ____C () C:\Windows\Tasks\update-S-1-5-21-3630145962-1711427128-1675247868-1000.job
2014-02-22 17:25 - 2014-02-23 00:19 - 00000370 ____C () C:\Windows\Tasks\update-sys.job
2014-02-22 17:25 - 2014-02-22 17:25 - 00000434 ____C () C:\Users\M1\AppData\Local\UserProducts.xml
2014-02-22 17:25 - 2014-02-22 17:25 - 00000003 ____C () C:\Users\M1\AppData\Local\updater.log
2014-02-22 17:25 - 2014-02-22 17:25 - 00000000 ___DC () C:\Program Files\Skillbrains
2014-02-22 17:24 - 2014-02-22 17:24 - 02150736 ____C (Skillbrains ) C:\Users\M1\Downloads\setup-lightshot.exe
2014-02-22 17:24 - 2014-02-22 17:24 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-02-22 17:24 - 2014-02-22 17:24 - 00000000 ___DC () C:\Users\M1\AppData\Local\Skillbrains
2014-02-18 15:19 - 2014-02-23 16:39 - 00000286 ____C () C:\Windows\Tasks\bench-Updater removing.job
2014-02-16 18:22 - 2014-02-16 18:22 - 00000000 ___DC () C:\Users\M1\AppData\Local\RegistryDR
2014-02-16 18:21 - 2014-02-22 16:41 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\newnext.me
2014-02-16 18:21 - 2014-02-22 16:41 - 00000000 ___DC () C:\Users\M1\AppData\Local\genienext
2014-02-16 18:21 - 2014-02-16 18:29 - 00000000 ___DC () C:\Users\M1\AppData\Local\Mobogenie
2014-02-16 18:21 - 2014-02-16 18:25 - 00000000 ___DC () C:\Users\M1\AppData\Local\cache
2014-02-16 18:21 - 2014-02-16 18:21 - 00000000 ___DC () C:\Users\M1\Documents\Mobogenie
2014-02-16 18:21 - 2014-02-16 18:21 - 00000000 ___DC () C:\Users\M1\.android
2014-02-16 18:21 - 2014-02-16 18:21 - 00000000 ____C () C:\Users\M1\daemonprocess.txt
2014-02-16 18:20 - 2014-02-16 18:30 - 00000000 _SHDC () C:\Windows\system32\AI_RecycleBin
2014-02-16 18:20 - 2014-02-16 18:30 - 00000000 ___DC () C:\Program Files\Registry Dr
2014-02-16 18:20 - 2014-02-16 18:25 - 00000000 ___DC () C:\Users\M1\Documents\RegistryDr
2014-02-16 18:19 - 2014-02-22 15:35 - 00000326 ____C () C:\Windows\Tasks\bench-sys.job
2014-02-16 18:19 - 2014-02-16 18:39 - 00000000 ___DC () C:\Program Files\Bench
2014-02-16 18:19 - 2014-02-16 18:28 - 00000000 ___DC () C:\ProgramData\IePluginService
2014-02-16 18:19 - 2014-02-16 18:26 - 00000000 ___DC () C:\Program Files\SupTab
2014-02-16 18:19 - 2014-02-16 18:19 - 00000000 ___DC () C:\ProgramData\WPM
2014-02-16 18:18 - 2014-02-16 18:28 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\awesomehp
2014-02-16 18:17 - 2014-02-16 18:31 - 00000000 ___DC () C:\Users\M1\AppData\Local\SwvUpdater
2014-02-16 15:14 - 2014-02-16 15:14 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\gbrainy
2014-02-16 15:01 - 2014-02-16 15:01 - 00000899 ____C () C:\Users\M1\Desktop\gbrainy.lnk
2014-02-16 15:01 - 2014-02-16 15:01 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gbrainy
2014-02-16 14:53 - 2014-02-16 15:01 - 00000000 ___DC () C:\Program Files\Spiele
2014-02-16 14:48 - 2014-02-16 14:48 - 00849985 ____C () C:\Users\M1\Downloads\emotiondx.zip
2014-02-16 14:36 - 2014-02-16 14:36 - 00000559 ____C () C:\Users\Public\Desktop\Stranded II.lnk
2014-02-16 14:35 - 2014-02-16 14:35 - 13293344 ____C (Unreal Software ) C:\Users\M1\Downloads\stranded2_setup_de.exe
2014-02-16 14:34 - 2014-02-16 14:34 - 00009050 ____C () C:\Users\M1\AppData\Roaming\.freeciv-client-rc-2.4
2014-02-16 14:31 - 2014-02-16 14:34 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\.freeciv
2014-02-16 14:30 - 2014-02-16 14:31 - 00000000 ___DC () C:\Program Files\Freeciv-2.4.2-gtk2
2014-02-16 14:07 - 2014-02-16 15:15 - 00000000 ___DC () C:\Users\M1\Documents\FreeCol
2014-02-16 14:06 - 2014-02-16 14:06 - 00001684 ____C () C:\Users\Public\Desktop\FreeCol.lnk
2014-02-16 12:13 - 2014-02-16 12:13 - 00216998 ____C () C:\Users\M1\Downloads\simutrans-online-install1122.exe
2014-02-16 12:12 - 2014-02-16 12:20 - 182764979 ____C ( ) C:\Users\M1\Downloads\PatrimoniumInstaller.exe
2014-02-16 12:10 - 2014-02-16 12:10 - 00813169 ____C () C:\Users\M1\Downloads\blobby.zip
2014-02-16 12:07 - 2014-02-16 12:08 - 28215140 ____C () C:\Users\M1\Downloads\Freeciv-2.4.2-win32-gtk2-setup.exe
2014-02-16 12:04 - 2014-02-16 12:04 - 00710848 ____C ( ) C:\Users\M1\Downloads\COMPUTER_BILD-Download-Manager_fuer_stranded2_setup_de.exe
2014-02-16 11:59 - 2014-02-16 11:59 - 00710848 ____C ( ) C:\Users\M1\Downloads\COMPUTER_BILD-Download-Manager_fuer_emotiondx.exe
2014-02-16 11:56 - 2014-02-16 11:58 - 37739520 ____C () C:\Users\M1\Downloads\freecol-0.10.7-installer.exe
2014-02-16 11:55 - 2014-02-16 11:56 - 18256260 ____C () C:\Users\M1\Downloads\gbrainy-206.exe
2014-02-16 11:54 - 2014-02-16 11:55 - 08843012 ____C (Duong Khang NGUYEN ) C:\Users\M1\Downloads\opencity-0.0.6.2stable-i586-setup.exe
2014-02-15 11:40 - 2014-02-15 11:40 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2014-02-15 11:00 - 2014-02-16 18:35 - 00056402 ____C () C:\Windows\PFRO.log
2014-02-14 03:02 - 2014-02-05 09:58 - 12345344 ____C (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 03:02 - 2014-02-05 09:56 - 01806848 ____C (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 03:02 - 2014-02-05 09:53 - 09739264 ____C (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 03:02 - 2014-02-05 09:51 - 01105408 ____C (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 03:02 - 2014-02-05 09:50 - 01129472 ____C (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 03:02 - 2014-02-05 09:49 - 01427968 ____C (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 03:02 - 2014-02-05 09:49 - 00231936 ____C (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-14 03:02 - 2014-02-05 09:48 - 01796096 ____C (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 03:02 - 2014-02-05 09:48 - 00717824 ____C (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-14 03:02 - 2014-02-05 09:48 - 00421376 ____C (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 03:02 - 2014-02-05 09:48 - 00142848 ____C (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 03:02 - 2014-02-05 09:48 - 00065536 ____C (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 03:02 - 2014-02-05 09:47 - 02382848 ____C (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 03:02 - 2014-02-05 09:47 - 00607744 ____C (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 03:02 - 2014-02-05 09:47 - 00073216 ____C (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-14 03:02 - 2014-02-05 09:46 - 00176640 ____C (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 17:07 - 2013-12-05 03:12 - 01248768 ____C (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 22:18 - 2014-02-12 22:18 - 04721920 ____C (Piriform Ltd) C:\Users\M1\Downloads\ccsetup410.exe
2014-02-09 14:24 - 2014-02-09 14:24 - 00000000 ___DC () C:\ProgramData\Oracle
2014-02-09 14:24 - 2014-02-09 14:24 - 00000000 ___DC () C:\Program Files\Common Files\Java
2014-02-09 14:23 - 2014-02-09 14:23 - 00264616 ____C (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-09 14:23 - 2014-02-09 14:23 - 00175016 ____C (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-09 14:23 - 2014-02-09 14:23 - 00174504 ____C (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-09 14:23 - 2014-02-09 14:23 - 00094632 ____C (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-02-09 14:23 - 2014-02-09 14:23 - 00000000 ___DC () C:\Program Files\Java
2014-02-09 14:18 - 2014-02-09 14:19 - 29141928 ____C (Oracle Corporation) C:\Users\M1\Downloads\jre-7u51-windows-i586.exe
2014-02-09 14:16 - 2014-02-09 14:17 - 24677393 ____C () C:\Users\M1\Downloads\vlc-2.1.3-win32.exe
2014-02-09 14:14 - 2014-02-09 14:14 - 01138397 ____C () C:\Users\M1\Downloads\7z922.exe
2014-02-08 13:56 - 2014-02-08 13:56 - 00001873 ____C () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-08 13:56 - 2014-02-08 13:56 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\AVAST Software
2014-02-08 13:55 - 2014-02-08 13:55 - 00775952 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00410784 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00270240 ____C (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-08 13:55 - 2014-02-08 13:55 - 00180248 ____C () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00067824 ____C (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00057672 ____C (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00054832 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00049944 ____C () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00043152 ____C (AVAST Software) C:\Windows\avastSS.scr
2014-02-08 13:54 - 2014-02-08 13:54 - 00000000 ___DC () C:\Program Files\AVAST Software
2014-02-08 13:52 - 2014-02-08 13:52 - 00000000 ___DC () C:\ProgramData\AVAST Software
2014-02-08 11:53 - 2014-02-08 11:57 - 90578216 ____C (AVAST Software) C:\Users\M1\Downloads\avast_free_antivirus_setup.exe
2014-02-07 18:21 - 2014-02-07 18:21 - 00227096 ____C () C:\Users\M1\Downloads\avira_registry_cleaner_de.exe
2014-02-01 15:48 - 2014-02-01 15:48 - 00000000 ___DC () C:\ProgramData\BlueStacks
2014-02-01 15:47 - 2014-02-01 17:30 - 00002134 ____C () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2014-02-01 15:47 - 2014-02-01 15:47 - 00000000 ___DC () C:\Program Files\WildTangent Games
==================== One Month Modified Files and Folders =======
2014-02-23 17:05 - 2014-02-23 17:05 - 00021236 ____C () C:\Users\M1\Desktop\FRST.txt
2014-02-23 17:05 - 2014-02-23 17:05 - 00000000 ___DC () C:\FRST
2014-02-23 17:03 - 2014-02-23 17:03 - 00000466 ____C () C:\Users\M1\Desktop\defogger_disable.log
2014-02-23 17:03 - 2014-02-23 17:03 - 00000000 ____C () C:\Users\M1\defogger_reenable
2014-02-23 17:03 - 2008-12-18 15:09 - 00000000 ___DC () C:\Users\M1
2014-02-23 17:02 - 2008-10-06 17:03 - 01409127 ____C () C:\Windows\WindowsUpdate.log
2014-02-23 16:55 - 2014-02-22 17:25 - 00000000 ___DC () C:\Users\M1\Documents\Lightshot
2014-02-23 16:39 - 2014-02-18 15:19 - 00000286 ____C () C:\Windows\Tasks\bench-Updater removing.job
2014-02-23 16:38 - 2014-02-23 16:38 - 00380416 ____C () C:\Users\M1\Desktop\Gmer-19357.exe
2014-02-23 16:36 - 2014-02-23 16:36 - 01143808 ____C (Farbar) C:\Users\M1\Desktop\FRST.exe
2014-02-23 16:36 - 2014-02-23 16:36 - 00050477 ____C () C:\Users\M1\Desktop\Defogger.exe
2014-02-23 16:22 - 2012-09-01 20:58 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-23 16:20 - 2012-09-01 20:58 - 00692616 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-23 16:20 - 2012-09-01 20:58 - 00071048 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-23 16:20 - 2008-12-19 00:24 - 00000000 ___DC () C:\Users\M1\AppData\Local\Adobe
2014-02-23 16:01 - 2008-10-06 17:55 - 00000269 ____C () C:\Users\Public\Documents\hpqp.ini
2014-02-23 16:01 - 2006-11-02 14:01 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2014-02-23 16:01 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-23 16:01 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-23 02:00 - 2008-06-13 03:37 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-02-23 02:00 - 2006-11-02 14:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-23 01:24 - 2014-02-22 17:25 - 00000370 ____C () C:\Windows\Tasks\update-S-1-5-21-3630145962-1711427128-1675247868-1000.job
2014-02-23 00:19 - 2014-02-22 17:25 - 00000370 ____C () C:\Windows\Tasks\update-sys.job
2014-02-22 17:25 - 2014-02-22 17:25 - 00000434 ____C () C:\Users\M1\AppData\Local\UserProducts.xml
2014-02-22 17:25 - 2014-02-22 17:25 - 00000003 ____C () C:\Users\M1\AppData\Local\updater.log
2014-02-22 17:25 - 2014-02-22 17:25 - 00000000 ___DC () C:\Program Files\Skillbrains
2014-02-22 17:24 - 2014-02-22 17:24 - 02150736 ____C (Skillbrains ) C:\Users\M1\Downloads\setup-lightshot.exe
2014-02-22 17:24 - 2014-02-22 17:24 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-02-22 17:24 - 2014-02-22 17:24 - 00000000 ___DC () C:\Users\M1\AppData\Local\Skillbrains
2014-02-22 16:54 - 2014-01-11 19:15 - 00000000 ___DC () C:\Program Files\CyberGhost 5
2014-02-22 16:41 - 2014-02-16 18:21 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\newnext.me
2014-02-22 16:41 - 2014-02-16 18:21 - 00000000 ___DC () C:\Users\M1\AppData\Local\genienext
2014-02-22 15:35 - 2014-02-16 18:19 - 00000326 ____C () C:\Windows\Tasks\bench-sys.job
2014-02-22 11:46 - 2013-03-19 01:14 - 00000000 __RDC () C:\Program Files\Skype
2014-02-22 11:46 - 2010-04-23 16:09 - 00000000 ___DC () C:\ProgramData\Skype
2014-02-18 18:51 - 2006-11-02 12:18 - 00000000 ___DC () C:\Windows\Microsoft.NET
2014-02-16 18:39 - 2014-02-16 18:19 - 00000000 ___DC () C:\Program Files\Bench
2014-02-16 18:35 - 2014-02-15 11:00 - 00056402 ____C () C:\Windows\PFRO.log
2014-02-16 18:31 - 2014-02-16 18:17 - 00000000 ___DC () C:\Users\M1\AppData\Local\SwvUpdater
2014-02-16 18:30 - 2014-02-16 18:20 - 00000000 _SHDC () C:\Windows\system32\AI_RecycleBin
2014-02-16 18:30 - 2014-02-16 18:20 - 00000000 ___DC () C:\Program Files\Registry Dr
2014-02-16 18:29 - 2014-02-16 18:21 - 00000000 ___DC () C:\Users\M1\AppData\Local\Mobogenie
2014-02-16 18:28 - 2014-02-16 18:19 - 00000000 ___DC () C:\ProgramData\IePluginService
2014-02-16 18:28 - 2014-02-16 18:18 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\awesomehp
2014-02-16 18:28 - 2012-09-01 04:32 - 00001763 ____C () C:\Users\M1\Desktop\Start Download Manager.lnk
2014-02-16 18:28 - 2008-12-19 00:53 - 00000846 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-16 18:28 - 2008-12-18 15:17 - 00000949 ____C () C:\Users\M1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-16 18:26 - 2014-02-16 18:19 - 00000000 ___DC () C:\Program Files\SupTab
2014-02-16 18:25 - 2014-02-16 18:21 - 00000000 ___DC () C:\Users\M1\AppData\Local\cache
2014-02-16 18:25 - 2014-02-16 18:20 - 00000000 ___DC () C:\Users\M1\Documents\RegistryDr
2014-02-16 18:22 - 2014-02-16 18:22 - 00000000 ___DC () C:\Users\M1\AppData\Local\RegistryDR
2014-02-16 18:21 - 2014-02-16 18:21 - 00000000 ___DC () C:\Users\M1\Documents\Mobogenie
2014-02-16 18:21 - 2014-02-16 18:21 - 00000000 ___DC () C:\Users\M1\.android
2014-02-16 18:21 - 2014-02-16 18:21 - 00000000 ____C () C:\Users\M1\daemonprocess.txt
2014-02-16 18:19 - 2014-02-16 18:19 - 00000000 ___DC () C:\ProgramData\WPM
2014-02-16 15:15 - 2014-02-16 14:07 - 00000000 ___DC () C:\Users\M1\Documents\FreeCol
2014-02-16 15:14 - 2014-02-16 15:14 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\gbrainy
2014-02-16 15:01 - 2014-02-16 15:01 - 00000899 ____C () C:\Users\M1\Desktop\gbrainy.lnk
2014-02-16 15:01 - 2014-02-16 15:01 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gbrainy
2014-02-16 15:01 - 2014-02-16 14:53 - 00000000 ___DC () C:\Program Files\Spiele
2014-02-16 14:55 - 2008-12-20 14:59 - 00000349 ____C () C:\Users\Public\Documents\PCLECHAL.INI
2014-02-16 14:48 - 2014-02-16 14:48 - 00849985 ____C () C:\Users\M1\Downloads\emotiondx.zip
2014-02-16 14:36 - 2014-02-16 14:36 - 00000559 ____C () C:\Users\Public\Desktop\Stranded II.lnk
2014-02-16 14:35 - 2014-02-16 14:35 - 13293344 ____C (Unreal Software ) C:\Users\M1\Downloads\stranded2_setup_de.exe
2014-02-16 14:34 - 2014-02-16 14:34 - 00009050 ____C () C:\Users\M1\AppData\Roaming\.freeciv-client-rc-2.4
2014-02-16 14:34 - 2014-02-16 14:31 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\.freeciv
2014-02-16 14:31 - 2014-02-16 14:30 - 00000000 ___DC () C:\Program Files\Freeciv-2.4.2-gtk2
2014-02-16 14:06 - 2014-02-16 14:06 - 00001684 ____C () C:\Users\Public\Desktop\FreeCol.lnk
2014-02-16 12:20 - 2014-02-16 12:12 - 182764979 ____C ( ) C:\Users\M1\Downloads\PatrimoniumInstaller.exe
2014-02-16 12:13 - 2014-02-16 12:13 - 00216998 ____C () C:\Users\M1\Downloads\simutrans-online-install1122.exe
2014-02-16 12:10 - 2014-02-16 12:10 - 00813169 ____C () C:\Users\M1\Downloads\blobby.zip
2014-02-16 12:08 - 2014-02-16 12:07 - 28215140 ____C () C:\Users\M1\Downloads\Freeciv-2.4.2-win32-gtk2-setup.exe
2014-02-16 12:04 - 2014-02-16 12:04 - 00710848 ____C ( ) C:\Users\M1\Downloads\COMPUTER_BILD-Download-Manager_fuer_stranded2_setup_de.exe
2014-02-16 11:59 - 2014-02-16 11:59 - 00710848 ____C ( ) C:\Users\M1\Downloads\COMPUTER_BILD-Download-Manager_fuer_emotiondx.exe
2014-02-16 11:58 - 2014-02-16 11:56 - 37739520 ____C () C:\Users\M1\Downloads\freecol-0.10.7-installer.exe
2014-02-16 11:56 - 2014-02-16 11:55 - 18256260 ____C () C:\Users\M1\Downloads\gbrainy-206.exe
2014-02-16 11:55 - 2014-02-16 11:54 - 08843012 ____C (Duong Khang NGUYEN ) C:\Users\M1\Downloads\opencity-0.0.6.2stable-i586-setup.exe
2014-02-16 10:47 - 2012-05-07 21:36 - 00000000 ___DC () C:\Program Files\Mozilla Maintenance Service
2014-02-15 11:59 - 2006-11-02 11:33 - 01541688 ____C () C:\Windows\system32\PerfStringBackup.INI
2014-02-15 11:40 - 2014-02-15 11:40 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2014-02-14 03:20 - 2008-06-13 05:07 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2014-02-14 03:12 - 2013-07-13 23:23 - 00000000 ___DC () C:\Windows\system32\MRT
2014-02-14 03:09 - 2006-11-02 11:24 - 85946576 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-14 03:04 - 2006-11-02 11:23 - 00000240 ____C () C:\Windows\win.ini
2014-02-12 22:18 - 2014-02-12 22:18 - 04721920 ____C (Piriform Ltd) C:\Users\M1\Downloads\ccsetup410.exe
2014-02-09 14:24 - 2014-02-09 14:24 - 00000000 ___DC () C:\ProgramData\Oracle
2014-02-09 14:24 - 2014-02-09 14:24 - 00000000 ___DC () C:\Program Files\Common Files\Java
2014-02-09 14:23 - 2014-02-09 14:23 - 00264616 ____C (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-09 14:23 - 2014-02-09 14:23 - 00175016 ____C (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-09 14:23 - 2014-02-09 14:23 - 00174504 ____C (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-09 14:23 - 2014-02-09 14:23 - 00094632 ____C (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-02-09 14:23 - 2014-02-09 14:23 - 00000000 ___DC () C:\Program Files\Java
2014-02-09 14:21 - 2013-09-19 12:48 - 00000859 ____C () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-09 14:19 - 2014-02-09 14:18 - 29141928 ____C (Oracle Corporation) C:\Users\M1\Downloads\jre-7u51-windows-i586.exe
2014-02-09 14:17 - 2014-02-09 14:16 - 24677393 ____C () C:\Users\M1\Downloads\vlc-2.1.3-win32.exe
2014-02-09 14:14 - 2014-02-09 14:14 - 01138397 ____C () C:\Users\M1\Downloads\7z922.exe
2014-02-08 13:56 - 2014-02-08 13:56 - 00001873 ____C () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-08 13:56 - 2014-02-08 13:56 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\AVAST Software
2014-02-08 13:55 - 2014-02-08 13:55 - 00775952 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00410784 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00270240 ____C (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-08 13:55 - 2014-02-08 13:55 - 00180248 ____C () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00067824 ____C (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00057672 ____C (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00054832 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00049944 ____C () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00043152 ____C (AVAST Software) C:\Windows\avastSS.scr
2014-02-08 13:54 - 2014-02-08 13:54 - 00000000 ___DC () C:\Program Files\AVAST Software
2014-02-08 13:52 - 2014-02-08 13:52 - 00000000 ___DC () C:\ProgramData\AVAST Software
2014-02-08 13:48 - 2009-02-21 17:09 - 00003207 ____C () C:\Windows\system32\sdkinst.log
2014-02-08 13:45 - 2013-09-24 18:22 - 00000000 ___DC () C:\ProgramData\Avira
2014-02-08 11:57 - 2014-02-08 11:53 - 90578216 ____C (AVAST Software) C:\Users\M1\Downloads\avast_free_antivirus_setup.exe
2014-02-07 18:21 - 2014-02-07 18:21 - 00227096 ____C () C:\Users\M1\Downloads\avira_registry_cleaner_de.exe
2014-02-07 18:13 - 2008-12-18 18:44 - 00043520 ____C () C:\Users\M1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-05 09:58 - 2014-02-14 03:02 - 12345344 ____C (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 09:56 - 2014-02-14 03:02 - 01806848 ____C (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 09:53 - 2014-02-14 03:02 - 09739264 ____C (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 09:51 - 2014-02-14 03:02 - 01105408 ____C (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 09:50 - 2014-02-14 03:02 - 01129472 ____C (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 09:49 - 2014-02-14 03:02 - 01427968 ____C (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 09:49 - 2014-02-14 03:02 - 00231936 ____C (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 09:48 - 2014-02-14 03:02 - 01796096 ____C (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 09:48 - 2014-02-14 03:02 - 00717824 ____C (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 09:48 - 2014-02-14 03:02 - 00421376 ____C (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 09:48 - 2014-02-14 03:02 - 00142848 ____C (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 09:48 - 2014-02-14 03:02 - 00065536 ____C (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 09:47 - 2014-02-14 03:02 - 02382848 ____C (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 09:47 - 2014-02-14 03:02 - 00607744 ____C (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 09:47 - 2014-02-14 03:02 - 00073216 ____C (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:46 - 2014-02-14 03:02 - 00176640 ____C (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-02 19:05 - 2012-06-28 22:10 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\vlc
2014-02-01 17:35 - 2008-06-13 04:38 - 00000000 ___DC () C:\ProgramData\WildTangent
2014-02-01 17:30 - 2014-02-01 15:47 - 00002134 ____C () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2014-02-01 15:48 - 2014-02-01 15:48 - 00000000 ___DC () C:\ProgramData\BlueStacks
2014-02-01 15:48 - 2008-12-18 18:14 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\WildTangent
2014-02-01 15:48 - 2008-06-13 04:38 - 00000000 ___DC () C:\Program Files\HP Games
2014-02-01 15:47 - 2014-02-01 15:47 - 00000000 ___DC () C:\Program Files\WildTangent Games
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-23 16:07
==================== End Of Log ============================
--- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-02-2014
Ran by M1 at 2014-02-23 17:05:54
Running from C:\Users\M1\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
Ashampoo Burning Studio 2009 Advanced (HKLM\...\Ashampoo Burning Studio 2009 Advanced_is1) (Version: 9.0.0 - ashampoo GmbH & Co. KG)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{789EC9D6-5A0D-3CCA-957D-D0523BDE1638}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2013 - Avast Software)
BIAS SoundSoap PE 2.1 (HKLM\...\{42442CA9-90E6-4011-BB55-7C263F6D5EC1}) (Version: 2.1.1 - BIAS Inc)
BIAS SoundSoap PE 2.1.1 (HKLM\...\{8709C596-C0B4-415D-9281-AC846B39EA76}) (Version: 2.1.1 - BIAS Inc)
Catalyst Control Center - Branding (HKLM\...\{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74}) (Version: 1.00.0000 - ATI)
Catalyst Control Center Core Implementation (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2008.0508.2151.37248 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Czech (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Danish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Dutch (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help English (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Finnish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help French (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help German (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Greek (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Hungarian (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Italian (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Japanese (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Korean (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Norwegian (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Polish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Portuguese (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Russian (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Spanish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Swedish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Thai (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Turkish (Version: 2008.0508.2150.37248 - ATI) Hidden
ccc-core-static (Version: 2008.0508.2151.37248 - Ihr Firmenname) Hidden
ccc-utility (Version: 2008.0508.2151.37248 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1519 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1616 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft)
FLV Player 2.0 (build 25) (HKLM\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Freeciv 2.4.2 (GTK+2 client) (HKLM\...\Freeciv-2.4.2-gtk2) (Version: - )
gbrainy 2.06 (HKLM\...\gbrainy) (Version: 2.06 - )
HP Active Support Library (Version: 3.1.4.1 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Officejet 4620 series - Grundlegende Software für das Gerät (HKLM\...\{794EB9A9-BB26-4FA5-AC2C-E3AE166C7427}) (Version: 26.0.784.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Hilfe (HKLM\...\{72EDA2AC-2908-4BB3-97E5-4F9DDEBF9731}) (Version: 6.0.0 - Hewlett Packard)
HP Quick Launch Buttons 6.40 D3 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 D3 - Hewlett-Packard)
HP QuickPlay 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP QuickTouch 1.00 D2 (HKLM\...\{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}) (Version: 1.0.9 - Hewlett-Packard)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP User Guides 0103 (HKLM\...\{B8169E45-8E23-430B-91D1-EC64540C8ED0}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{A5CE7175-080D-49AC-B5A3-E7E3502428F5}) (Version: 3.00 I2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.1.0 - Hewlett-Packard) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.5893.0 - IDT)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron JMB38X Flash Media Controller (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.11.02 - JMicron Technology Corp.)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2719 - CyberLink Corp.)
LightScribe System Software 1.12.33.2 (HKLM\...\{582287DA-0806-4AC0-BF19-C15E3A466034}) (Version: 1.12.33.2 - LightScribe)
lightshot-5.0.0.2 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.0.0.2 - Skillbrains)
Malwarebytes Anti-Malware Version 1.60.1.1000 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.60.1.1000 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft PhotoDraw 2000 V2 (HKLM\...\{3C5EA394-1031-11D2-A2CB-00C04F72F31D}) (Version: 2.00.00.1429 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Microsoft Works Suite-Add-Ins für Microsoft Word (HKLM\...\{90F1DDBF-0C56-44B0-A920-72CC90C51565}) (Version: 8.0.0.0000 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent)
Office-Web Center (HKLM\...\{235C3A50-559F-4CAA-BAC3-4CC9ABF51976}) (Version: 1.00.4 Build 050111 - Office-Web)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.6 - Frank Heindörfer, Philip Chinery)
PDFCreator Toolbar (HKLM\...\PDFCreator Toolbar) (Version: 3.3.0.1 - )
Pinnacle Instant DVD Recorder (HKLM\...\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}) (Version: 2.00.088 - )
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3919 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2719 - CyberLink Corp.)
PowerDirector (Version: 6.5.2719 - CyberLink Corp.) Hidden
proDAD Heroglyph 2.5 (HKLM\...\proDAD-Heroglyph-2.5) (Version: - )
proDAD Vitascene 1.0 (HKLM\...\proDAD-Vitascene-1.0) (Version: - )
ProtectSmart Hard Drive Protection (HKLM\...\{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}) (Version: 3.10 A7 - Hewlett-Packard)
QuickPlay SlingPlayer 0.4.6 (HKLM\...\SlingMedia.QPSlingPlayer_is1) (Version: 0.4.6 - SlingMedia)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Secunia PSI (2.0.0.4003) (HKLM\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Setup-Start von Microsoft Works Suite 2006 (HKLM\...\Works2006Setup) (Version: - )
Skins (Version: 2008.0508.2151.37248 - ATI) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Stranded II 1.0.0.1 (HKLM\...\{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1) (Version: - Unreal Software)
Studio 11 (HKLM\...\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}) (Version: 11.0 - Pinnacle Systems)
Studio 11 (Version: 11.0.0.0 - Pinnacle Systems) Hidden
Studio 11 Bonus DVD (HKLM\...\{45A1BF92-700A-4408-B95E-79F462E3D67D}) (Version: 11.0.0.0 - Pinnacle Systems)
Studio Ultimate (HKLM\...\{CC874CBB-BD87-4126-9465-AE73BB62D6E0}) (Version: 11.00.0013 - Pinnacle Systems)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (Version: - WildTangent) Hidden
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 5.0.9 - Shark007)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WildTangent Games App für HP (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.2 - WildTangent)
Windows Live Messenger (HKLM\...\{279DB581-239C-4E13-97F8-0F48E40BE75C}) (Version: 8.1.0178.00 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Works Update (Version: 8.0.0.0000 - Microsoft Corporation) Hidden
XMedia Recode 2.1.0.3 (HKLM\...\XMedia Recode) (Version: 2.1.0.3 - Sebastian Dörfler)
Yahoo! Desktop Login (Version: 1.00.0001 - Pinnacle Systems) Hidden
Zylom Games Player Plugin (HKLM\...\Zylom Games Player Plugin) (Version: - Zylom Games)
==================== Restore Points =========================
14-02-2014 10:46:17 Windows Update
15-02-2014 10:10:37 Windows Update
15-02-2014 10:57:43 Windows Update
16-02-2014 17:29:41 Removed Registry Dr
22-02-2014 10:42:18 Windows Update
23-02-2014 00:00:03 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0149A0CF-8754-43D9-848C-2BCE22B76D38} - System32\Tasks\{1FC2BF8D-82CB-4F18-95A8-FB3741E57E3E} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/abandoninstall?page=tsProgressBar
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {28837A50-62C5-4A23-83F5-487ABB265E2F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-23] (Adobe Systems Incorporated)
Task: {2916F5FE-F953-4C2B-8C62-E9A3FEAF5C61} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {47471E57-194C-496C-826D-9F8BD99B13D7} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: {4BAAFEFA-0211-48DC-A883-D936ADF852BA} - System32\Tasks\RegistryDr_Start => C:\Program Files\Registry Dr\RegistryDr.exe <==== ATTENTION
Task: {8B4D6D63-AB81-47F1-AB3B-99918A51D529} - System32\Tasks\update-S-1-5-21-3630145962-1711427128-1675247868-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: {8E2E5D3C-7381-4AE7-AF60-DA9E4AA574BD} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {AF767A8A-5CB1-4D8C-BC78-4B68DE5F44CD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-08] (AVAST Software)
Task: {B06CB7B9-FBE2-45BA-988D-D72C20F3EA97} - System32\Tasks\bench-Updater removing
Task: {BD1F988D-DAD2-4E6A-893D-6AD62B25D62A} - System32\Tasks\bench-sys => C:\Program Files\Bench\Updater\updater.exe [2014-02-12] () <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F919EDEE-73EE-46CE-9532-0642C5592D01} - System32\Tasks\RegistryDr_Popup => C:\Program Files\Registry Dr\Splash.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\bench-sys.job => C:\Program Files\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\bench-Updater removing.job => ?
Task: C:\Windows\Tasks\update-S-1-5-21-3630145962-1711427128-1675247868-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe
==================== Loaded Modules (whitelisted) =============
2014-02-23 16:02 - 2014-02-23 08:31 - 02181632 ____C () C:\Program Files\AVAST Software\Avast\defs\14022300\algo.dll
2009-01-18 15:46 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2008-06-13 04:12 - 2008-05-14 21:56 - 00292248 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2008-06-13 04:12 - 2008-05-14 21:56 - 00259480 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2008-06-13 04:12 - 2008-05-14 21:56 - 00038184 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
2008-06-13 04:12 - 2008-05-14 21:56 - 00116112 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
2008-06-13 04:12 - 2008-05-14 21:56 - 00120216 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
2008-06-13 04:12 - 2008-05-14 21:56 - 00345384 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
2008-06-13 05:32 - 2008-03-26 14:26 - 00341328 _____ () C:\Windows\SMINST\BLService.exe
2008-06-13 05:32 - 2006-09-13 12:54 - 00081920 _____ () C:\Windows\SMINST\STString.dll
2008-06-13 05:32 - 2007-11-14 14:46 - 00126976 _____ () C:\Windows\SMINST\STWmiM.dll
2008-06-13 05:23 - 2007-01-09 10:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-05-08 23:14 - 2008-05-08 23:14 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 ____C () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2008-12-18 16:52 - 2005-04-25 18:44 - 00114688 _____ () C:\Windows\system32\Hook.dll
2009-02-21 18:08 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2008-12-18 16:52 - 2005-04-25 18:51 - 00233472 _____ () C:\Program Files\Office-Web\Office-Web Center\Panel.exe
2008-12-18 16:52 - 2005-04-25 18:53 - 01089536 _____ () C:\Windows\system32\XWheel.dll
2014-02-08 13:55 - 2014-02-08 13:55 - 19336120 ____C () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-06-13 04:12 - 2008-05-14 21:56 - 00066856 _____ () C:\Program Files\HP\QuickPlay\Kernel\Common\MCEMediaStatus.dll
2008-02-04 12:29 - 2008-02-04 12:29 - 00688128 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
2008-06-13 04:25 - 2008-04-11 08:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2008-02-27 13:48 - 2008-02-27 13:48 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/23/2014 04:39:00 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung taskeng.exe, Version 6.0.6002.18342, Zeitstempel 0x4cd2e07b, fehlerhaftes Modul msvcrt.dll, Version 7.0.6002.18551, Zeitstempel 0x4ee8cc5a, Ausnahmecode 0xc0000005, Fehleroffset 0x0000a249,
Prozess-ID 0x13c8, Anwendungsstartzeit taskeng.exe0.
Error: (02/23/2014 04:01:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/23/2014 04:01:32 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung taskeng.exe, Version 6.0.6002.18342, Zeitstempel 0x4cd2e07b, fehlerhaftes Modul msvcrt.dll, Version 7.0.6002.18551, Zeitstempel 0x4ee8cc5a, Ausnahmecode 0xc0000005, Fehleroffset 0x0000a249,
Prozess-ID 0xdec, Anwendungsstartzeit taskeng.exe0.
Error: (02/23/2014 01:57:28 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung taskeng.exe, Version 6.0.6002.18342, Zeitstempel 0x4cd2e07b, fehlerhaftes Modul msvcrt.dll, Version 7.0.6002.18551, Zeitstempel 0x4ee8cc5a, Ausnahmecode 0xc0000005, Fehleroffset 0x0000a249,
Prozess-ID 0xeb0, Anwendungsstartzeit taskeng.exe0.
Error: (02/23/2014 00:39:00 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung taskeng.exe, Version 6.0.6002.18342, Zeitstempel 0x4cd2e07b, fehlerhaftes Modul msvcrt.dll, Version 7.0.6002.18551, Zeitstempel 0x4ee8cc5a, Ausnahmecode 0xc0000005, Fehleroffset 0x0000a249,
Prozess-ID 0xcdc, Anwendungsstartzeit taskeng.exe0.
Error: (02/23/2014 00:20:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/22/2014 04:39:00 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung taskeng.exe, Version 6.0.6002.18342, Zeitstempel 0x4cd2e07b, fehlerhaftes Modul msvcrt.dll, Version 7.0.6002.18551, Zeitstempel 0x4ee8cc5a, Ausnahmecode 0xc0000005, Fehleroffset 0x0000a249,
Prozess-ID 0x944, Anwendungsstartzeit taskeng.exe0.
Error: (02/22/2014 00:47:34 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung taskeng.exe, Version 6.0.6002.18342, Zeitstempel 0x4cd2e07b, fehlerhaftes Modul msvcrt.dll, Version 7.0.6002.18551, Zeitstempel 0x4ee8cc5a, Ausnahmecode 0xc0000005, Fehleroffset 0x0000a249,
Prozess-ID 0xee8, Anwendungsstartzeit taskeng.exe0.
Error: (02/22/2014 11:25:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/22/2014 11:24:44 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung taskeng.exe, Version 6.0.6002.18342, Zeitstempel 0x4cd2e07b, fehlerhaftes Modul msvcrt.dll, Version 7.0.6002.18551, Zeitstempel 0x4ee8cc5a, Ausnahmecode 0xc0000005, Fehleroffset 0x0000a249,
Prozess-ID 0xa40, Anwendungsstartzeit taskeng.exe0.
System errors:
=============
Error: (02/23/2014 05:03:06 PM) (Source: VDS Dynamic Provider) (User: )
Description: Der Anbieter konnte Benachrichtigungen nicht speichern, die vom Treiber stammen. Der Dienst für virtuelle Datenträger muss neu gestartet werden. hr=80042505
Error: (02/23/2014 04:01:36 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (02/23/2014 00:20:10 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (02/22/2014 11:25:27 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (02/19/2014 07:27:13 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (02/19/2014 07:27:11 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (02/19/2014 06:45:29 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (02/18/2014 06:30:01 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (02/18/2014 03:19:46 PM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection
Error: (02/16/2014 06:37:21 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Microsoft Office Sessions:
=========================
Error: (02/23/2014 04:39:00 PM) (Source: Application Error)(User: )
Description: taskeng.exe6.0.6002.183424cd2e07bmsvcrt.dll7.0.6002.185514ee8cc5ac00000050000a24913c801cf30a840ece660
Error: (02/23/2014 04:01:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/23/2014 04:01:32 PM) (Source: Application Error)(User: )
Description: taskeng.exe6.0.6002.183424cd2e07bmsvcrt.dll7.0.6002.185514ee8cc5ac00000050000a249dec01cf30a823496f50
Error: (02/23/2014 01:57:28 AM) (Source: Application Error)(User: )
Description: taskeng.exe6.0.6002.183424cd2e07bmsvcrt.dll7.0.6002.185514ee8cc5ac00000050000a249eb001cf30320822c40d
Error: (02/23/2014 00:39:00 AM) (Source: Application Error)(User: )
Description: taskeng.exe6.0.6002.183424cd2e07bmsvcrt.dll7.0.6002.185514ee8cc5ac00000050000a249cdc01cf30260ff0226d
Error: (02/23/2014 00:20:09 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/22/2014 04:39:00 PM) (Source: Application Error)(User: )
Description: taskeng.exe6.0.6002.183424cd2e07bmsvcrt.dll7.0.6002.185514ee8cc5ac00000050000a24994401cf2fc4060e5c34
Error: (02/22/2014 00:47:34 PM) (Source: Application Error)(User: )
Description: taskeng.exe6.0.6002.183424cd2e07bmsvcrt.dll7.0.6002.185514ee8cc5ac00000050000a249ee801cf2fb86510b5e4
Error: (02/22/2014 11:25:27 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/22/2014 11:24:44 AM) (Source: Application Error)(User: )
Description: taskeng.exe6.0.6002.183424cd2e07bmsvcrt.dll7.0.6002.185514ee8cc5ac00000050000a249a4001cf2fb84d490894
CodeIntegrity Errors:
===================================
Date: 2012-04-07 16:34:02.712
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-04-07 16:34:02.447
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-04-07 16:34:02.135
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-04-07 16:34:01.885
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-04-07 16:34:01.636
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-04-07 16:34:01.371
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-04-07 16:34:00.981
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-04-07 16:34:00.762
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-04-07 16:34:00.497
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-04-07 16:34:00.232
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 3068.9 MB
Available physical RAM: 1925.79 MB
Total Pagefile: 6362.35 MB
Available Pagefile: 5222.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.4 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:289.24 GB) (Free:62.66 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:8.84 GB) (Free:1.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 7129B57F)
Partition 1: (Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Ich bitte um Hilfe. Danke! rairai |
|
24.02.2014, 14:19
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
24.02.2014, 16:46
| #3 |
| | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Hallo cosinus,
__________________Danke erst mal, dass du dich um meinen Fall kümmerst. Außer Avast und den geposteten FRST und defogger habe ich noch GMER versucht, aber das ging ja nicht, sonst habe ich keine scans gemacht. rairai |
|
24.02.2014, 21:10
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.02.2014, 12:26
| #5 |
| | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Hallo Cosinus, nach dem 1. scan und dem cleanup von MBAR kam nach dem Neustart die Meldung: - Load DLL - "Hook Load failed" das ist die infizierte Stelle, die von MBAR entfernt wurde. Muss ich das irgendwie wieder herstellen? Hier sind die 2 Files Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.02.25.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
M1 :: M1-PC [administrator]
25.02.2014 11:10:55
mbar-log-2014-02-25 (11-10-55).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 220042
Time elapsed: 17 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 2
C:\Windows\System32\Hook.dll (Trojan.Keylogger) -> Delete on reboot.
C:\Windows\System32\Hook.dll (Trojan.Keylogger) -> Delete on reboot.
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\System32\Hook.dll (Trojan.Keylogger) -> Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.02.25.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
M1 :: M1-PC [administrator]
25.02.2014 11:43:10
mbar-log-2014-02-25 (11-43-10).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 220145
Time elapsed: 16 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
rairai |
|
25.02.2014, 13:12
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... |
|
25.02.2014, 15:09
| #7 |
| | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Hallo Cosinus, Hier die logfiles der angegebenen Tools AdwCleaner hat 2 txt-Dateien erstellt: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.019 - Bericht erstellt am 25/02/2014 um 14:14:49
# Aktualisiert 17/02/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : M1 - M1-PC
# Gestartet von : C:\Users\M1\Desktop\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\user.js
Datei Gefunden : C:\Windows\System32\Tasks\bench-sys
Datei Gefunden : C:\Windows\Tasks\bench-sys.job
Ordner Gefunden : C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Ordner Gefunden C:\Program Files\Bench
Ordner Gefunden C:\Program Files\SupTab
Ordner Gefunden C:\Program Files\Viewpoint
Ordner Gefunden C:\ProgramData\apn
Ordner Gefunden C:\ProgramData\IePluginService
Ordner Gefunden C:\ProgramData\Viewpoint
Ordner Gefunden C:\ProgramData\WPM
Ordner Gefunden C:\Users\M1\AppData\Local\genienext
Ordner Gefunden C:\Users\M1\AppData\Local\Mobogenie
Ordner Gefunden C:\Users\M1\AppData\Local\SwvUpdater
Ordner Gefunden C:\Users\M1\AppData\Roaming\newnext.me
Ordner Gefunden C:\Users\M1\Documents\Mobogenie
Ordner Gefunden C:\Windows\system32\AI_RecycleBin
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1392571112&from=amt&uid=FUJITSUXMHZ2320BHXG2_K618T892KTSN
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gefunden : HKCU\Software\pdfforge.org
Schlüssel Gefunden : HKCU\Software\WEDLMNGR
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\Software\Bench
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S
Schlüssel Gefunden : HKLM\Software\MetaStream
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\bench-sys
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD1F988D-DAD2-4E6A-893D-6AD62B25D62A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gefunden : HKLM\Software\pdfforge.org
Schlüssel Gefunden : HKLM\Software\supTab
Schlüssel Gefunden : HKLM\Software\supWPM
Schlüssel Gefunden : HKLM\Software\Viewpoint
Schlüssel Gefunden : HKLM\Software\Wpm
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16533
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.awesomehp.com/?type=hp&ts=1392571112&from=amt&uid=FUJITSUXMHZ2320BHXG2_K618T892KTSN
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.awesomehp.com/?type=hp&ts=1392571112&from=amt&uid=FUJITSUXMHZ2320BHXG2_K618T892KTSN
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.awesomehp.com/?type=hp&ts=1392571112&from=amt&uid=FUJITSUXMHZ2320BHXG2_K618T892KTSN
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.awesomehp.com/?type=hp&ts=1392571112&from=amt&uid=FUJITSUXMHZ2320BHXG2_K618T892KTSN
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.awesomehp.com/web/?type=ds&ts=1392571112&from=amt&uid=FUJITSUXMHZ2320BHXG2_K618T892KTSN&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.awesomehp.com/web/?type=ds&ts=1392571112&from=amt&uid=FUJITSUXMHZ2320BHXG2_K618T892KTSN&q={searchTerms}
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\prefs.js ]
Zeile gefunden : user_pref("accessibility.lightning.homepage", "hxxp://www.awesomehp.com/?type=hp&ts=1392571112&from=amt&uid=FUJITSUXMHZ2320BHXG2_K618T892KTSN");
Zeile gefunden : user_pref("plugin.blocklisted.npviewpoint", true);
*************************
AdwCleaner[R0].txt - [7999 octets] - [25/02/2014 14:14:49]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8059 octets] ##########
[/CODE] und AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.019 - Bericht erstellt am 25/02/2014 um 14:21:13
# Aktualisiert 17/02/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : M1 - M1-PC
# Gestartet von : C:\Users\M1\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\IePluginService
Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files\Bench
Ordner Gelöscht : C:\Program Files\SupTab
Ordner Gelöscht : C:\Program Files\Viewpoint
Ordner Gelöscht : C:\Windows\system32\AI_RecycleBin
Ordner Gelöscht : C:\Users\M1\AppData\Local\genienext
Ordner Gelöscht : C:\Users\M1\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\M1\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\M1\AppData\Roaming\newnext.me
Ordner Gelöscht : C:\Users\M1\Documents\Mobogenie
Ordner Gelöscht : C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Datei Gelöscht : C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\user.js
Datei Gelöscht : C:\Windows\Tasks\bench-sys.job
Datei Gelöscht : C:\Windows\System32\Tasks\bench-sys
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD1F988D-DAD2-4E6A-893D-6AD62B25D62A}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD1F988D-DAD2-4E6A-893D-6AD62B25D62A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\pdfforge.org
Schlüssel Gelöscht : HKCU\Software\WEDLMNGR
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Bench
Schlüssel Gelöscht : HKLM\Software\MetaStream
Schlüssel Gelöscht : HKLM\Software\pdfforge.org
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Viewpoint
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16533
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\prefs.js ]
Zeile gelöscht : user_pref("accessibility.lightning.homepage", "hxxp://www.awesomehp.com/?type=hp&ts=1392571112&from=amt&uid=FUJITSUXMHZ2320BHXG2_K618T892KTSN");
Zeile gelöscht : user_pref("plugin.blocklisted.npviewpoint", true);
*************************
AdwCleaner[R0].txt - [8139 octets] - [25/02/2014 14:14:49]
AdwCleaner[S0].txt - [7407 octets] - [25/02/2014 14:21:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7467 octets] ##########
[/CODE] das JRT-file: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by M1 on 25.02.2014 at 14:28:02,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2F0B06E6-3E27-4B88-9418-02E9F6330781}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5FF7B5FF-CCE7-429D-B22A-B8B5CE1501E2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2F0B06E6-3E27-4B88-9418-02E9F6330781}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{5FF7B5FF-CCE7-429D-B22A-B8B5CE1501E2}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\M1\AppData\Roaming\mozilla\firefox\profiles\j6dqox3l.default\prefs.js
user_pref("browser.startup.homepage", "hxxps://www.ixquick.com/");
Emptied folder: C:\Users\M1\AppData\Roaming\mozilla\firefox\profiles\j6dqox3l.default\minidumps [37 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.02.2014 at 14:33:35,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2014
Ran by M1 (administrator) on M1-PC on 25-02-2014 14:39:54
Running from C:\Users\M1\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
() C:\Windows\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
() C:\Program Files\Office-Web\Office-Web Center\Panel.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Skillbrains) C:\Users\M1\AppData\Local\Skillbrains\lightshot\5.0.0.2\LightShot.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
HKLM\...\Run: [QPService] - C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-05-14] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-03-14] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [OnScreenDisplay] - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554288 2007-11-01] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [70912 2008-04-15] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2007-11-20] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Laser mouse] - C:\Program Files\Office-Web\Office-Web Center\Panel.exe [233472 2005-04-25] ()
HKLM\...\Run: [NWEReboot] - [X]
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-08] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3630145962-1711427128-1675247868-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3630145962-1711427128-1675247868-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3630145962-1711427128-1675247868-1000\...\Run: [LightShot] - C:\Users\M1\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226592 2014-02-03] ()
Startup: C:\Users\M1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll No File
BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll (Zylom)
FF SearchPlugin: C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Quick Start - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\quick_start@gmail.com [2014-02-23]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-12-21]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-09-27]
FF Extension: ep - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi [2014-02-23]
FF Extension: NoScript - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-27]
FF Extension: CoolPreviews - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2012-04-07]
FF Extension: Adblock Plus - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2013-09-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-08]
FF HKLM\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\extensions\lightningnewtab@gmail.com.xpi
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-08] (AVAST Software)
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard)
S2 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
R2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292248 2008-05-14] ()
R2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [116112 2008-05-14] ()
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe [221266 2009-07-21] (IDT, Inc.)
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-02-08] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-02-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-08] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-02-08] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-02-08] ()
S3 AVCSTRM; C:\Windows\System32\DRIVERS\avcstrm.sys [14208 2008-01-21] (Microsoft Corporation)
R3 HidMouse; C:\Windows\System32\Drivers\HidMouse.sys [25216 2005-08-18] (Hama)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2007-01-04] (Pinnacle Systems GmbH)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-02-25] (Malwarebytes Corporation)
S3 MSTAPE; C:\Windows\System32\DRIVERS\mstape.sys [50048 2008-01-21] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
U1 eabfiltr;
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-25 14:33 - 2014-02-25 14:33 - 00001534 ____C () C:\Users\M1\Desktop\JRT.txt
2014-02-25 14:27 - 2014-02-25 14:27 - 00000000 ___DC () C:\Windows\ERUNT
2014-02-25 14:14 - 2014-02-25 14:21 - 00000000 ___DC () C:\AdwCleaner
2014-02-25 14:12 - 2014-02-25 14:12 - 01037734 ____C (Thisisu) C:\Users\M1\Desktop\JRT.exe
2014-02-25 14:11 - 2014-02-25 14:11 - 01241834 ____C () C:\Users\M1\Desktop\adwcleaner.exe
2014-02-25 11:02 - 2014-02-25 11:43 - 00107224 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-25 10:58 - 2014-02-25 12:04 - 00000000 ___DC () C:\Users\M1\Desktop\mbar
2014-02-25 10:58 - 2014-02-25 10:58 - 00075480 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-25 10:54 - 2014-02-25 10:55 - 12589848 ____C (Malwarebytes Corp.) C:\Users\M1\Desktop\mbar-1.07.0.1009.exe
2014-02-23 17:05 - 2014-02-25 14:40 - 00017262 ____C () C:\Users\M1\Desktop\FRST.txt
2014-02-23 17:05 - 2014-02-25 14:39 - 00000000 ___DC () C:\FRST
2014-02-23 17:05 - 2014-02-23 17:07 - 00040672 ____C () C:\Users\M1\Desktop\Addition.txt
2014-02-23 17:03 - 2014-02-23 17:03 - 00000466 ____C () C:\Users\M1\Desktop\defogger_disable.log
2014-02-23 17:03 - 2014-02-23 17:03 - 00000000 ____C () C:\Users\M1\defogger_reenable
2014-02-23 16:36 - 2014-02-23 16:36 - 01143808 ____C (Farbar) C:\Users\M1\Desktop\FRST.exe
2014-02-23 16:36 - 2014-02-23 16:36 - 00050477 ____C () C:\Users\M1\Desktop\Defogger.exe
2014-02-22 17:25 - 2014-02-25 14:15 - 00000370 ____C () C:\Windows\Tasks\update-sys.job
2014-02-22 17:25 - 2014-02-25 14:07 - 00000370 ____C () C:\Windows\Tasks\update-S-1-5-21-3630145962-1711427128-1675247868-1000.job
2014-02-22 17:25 - 2014-02-23 16:55 - 00000000 ___DC () C:\Users\M1\Documents\Lightshot
2014-02-22 17:25 - 2014-02-22 17:25 - 00000434 ____C () C:\Users\M1\AppData\Local\UserProducts.xml
2014-02-22 17:25 - 2014-02-22 17:25 - 00000003 ____C () C:\Users\M1\AppData\Local\updater.log
2014-02-22 17:25 - 2014-02-22 17:25 - 00000000 ___DC () C:\Program Files\Skillbrains
2014-02-22 17:24 - 2014-02-22 17:24 - 02150736 ____C (Skillbrains ) C:\Users\M1\Downloads\setup-lightshot.exe
2014-02-22 17:24 - 2014-02-22 17:24 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-02-22 17:24 - 2014-02-22 17:24 - 00000000 ___DC () C:\Users\M1\AppData\Local\Skillbrains
2014-02-18 15:19 - 2014-02-25 14:23 - 00000286 ____C () C:\Windows\Tasks\bench-Updater removing.job
2014-02-16 18:22 - 2014-02-16 18:22 - 00000000 ___DC () C:\Users\M1\AppData\Local\RegistryDR
2014-02-16 18:21 - 2014-02-16 18:25 - 00000000 ___DC () C:\Users\M1\AppData\Local\cache
2014-02-16 18:21 - 2014-02-16 18:21 - 00000000 ___DC () C:\Users\M1\.android
2014-02-16 18:21 - 2014-02-16 18:21 - 00000000 ____C () C:\Users\M1\daemonprocess.txt
2014-02-16 18:20 - 2014-02-16 18:30 - 00000000 ___DC () C:\Program Files\Registry Dr
2014-02-16 18:20 - 2014-02-16 18:25 - 00000000 ___DC () C:\Users\M1\Documents\RegistryDr
2014-02-16 18:18 - 2014-02-16 18:28 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\awesomehp
2014-02-16 15:14 - 2014-02-16 15:14 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\gbrainy
2014-02-16 15:01 - 2014-02-16 15:01 - 00000899 ____C () C:\Users\M1\Desktop\gbrainy.lnk
2014-02-16 15:01 - 2014-02-16 15:01 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gbrainy
2014-02-16 14:53 - 2014-02-16 15:01 - 00000000 ___DC () C:\Program Files\Spiele
2014-02-16 14:48 - 2014-02-16 14:48 - 00849985 ____C () C:\Users\M1\Downloads\emotiondx.zip
2014-02-16 14:36 - 2014-02-16 14:36 - 00000559 ____C () C:\Users\Public\Desktop\Stranded II.lnk
2014-02-16 14:35 - 2014-02-16 14:35 - 13293344 ____C (Unreal Software ) C:\Users\M1\Downloads\stranded2_setup_de.exe
2014-02-16 14:34 - 2014-02-16 14:34 - 00009050 ____C () C:\Users\M1\AppData\Roaming\.freeciv-client-rc-2.4
2014-02-16 14:31 - 2014-02-16 14:34 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\.freeciv
2014-02-16 14:30 - 2014-02-16 14:31 - 00000000 ___DC () C:\Program Files\Freeciv-2.4.2-gtk2
2014-02-16 14:07 - 2014-02-16 15:15 - 00000000 ___DC () C:\Users\M1\Documents\FreeCol
2014-02-16 14:06 - 2014-02-16 14:06 - 00001684 ____C () C:\Users\Public\Desktop\FreeCol.lnk
2014-02-16 12:13 - 2014-02-16 12:13 - 00216998 ____C () C:\Users\M1\Downloads\simutrans-online-install1122.exe
2014-02-16 12:12 - 2014-02-16 12:20 - 182764979 ____C ( ) C:\Users\M1\Downloads\PatrimoniumInstaller.exe
2014-02-16 12:10 - 2014-02-16 12:10 - 00813169 ____C () C:\Users\M1\Downloads\blobby.zip
2014-02-16 12:07 - 2014-02-16 12:08 - 28215140 ____C () C:\Users\M1\Downloads\Freeciv-2.4.2-win32-gtk2-setup.exe
2014-02-16 12:04 - 2014-02-16 12:04 - 00710848 ____C ( ) C:\Users\M1\Downloads\COMPUTER_BILD-Download-Manager_fuer_stranded2_setup_de.exe
2014-02-16 11:59 - 2014-02-16 11:59 - 00710848 ____C ( ) C:\Users\M1\Downloads\COMPUTER_BILD-Download-Manager_fuer_emotiondx.exe
2014-02-16 11:56 - 2014-02-16 11:58 - 37739520 ____C () C:\Users\M1\Downloads\freecol-0.10.7-installer.exe
2014-02-16 11:55 - 2014-02-16 11:56 - 18256260 ____C () C:\Users\M1\Downloads\gbrainy-206.exe
2014-02-16 11:54 - 2014-02-16 11:55 - 08843012 ____C (Duong Khang NGUYEN ) C:\Users\M1\Downloads\opencity-0.0.6.2stable-i586-setup.exe
2014-02-15 11:40 - 2014-02-15 11:40 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2014-02-15 11:00 - 2014-02-25 11:36 - 00056706 ____C () C:\Windows\PFRO.log
2014-02-14 03:02 - 2014-02-05 09:58 - 12345344 ____C (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 03:02 - 2014-02-05 09:56 - 01806848 ____C (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 03:02 - 2014-02-05 09:53 - 09739264 ____C (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 03:02 - 2014-02-05 09:51 - 01105408 ____C (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 03:02 - 2014-02-05 09:50 - 01129472 ____C (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 03:02 - 2014-02-05 09:49 - 01427968 ____C (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 03:02 - 2014-02-05 09:49 - 00231936 ____C (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-14 03:02 - 2014-02-05 09:48 - 01796096 ____C (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 03:02 - 2014-02-05 09:48 - 00717824 ____C (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-14 03:02 - 2014-02-05 09:48 - 00421376 ____C (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 03:02 - 2014-02-05 09:48 - 00142848 ____C (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 03:02 - 2014-02-05 09:48 - 00065536 ____C (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 03:02 - 2014-02-05 09:47 - 02382848 ____C (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 03:02 - 2014-02-05 09:47 - 00607744 ____C (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 03:02 - 2014-02-05 09:47 - 00073216 ____C (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-14 03:02 - 2014-02-05 09:46 - 00176640 ____C (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 17:07 - 2013-12-05 03:12 - 01248768 ____C (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 22:18 - 2014-02-12 22:18 - 04721920 ____C (Piriform Ltd) C:\Users\M1\Downloads\ccsetup410.exe
2014-02-09 14:24 - 2014-02-09 14:24 - 00000000 ___DC () C:\ProgramData\Oracle
2014-02-09 14:24 - 2014-02-09 14:24 - 00000000 ___DC () C:\Program Files\Common Files\Java
2014-02-09 14:23 - 2014-02-09 14:23 - 00264616 ____C (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-09 14:23 - 2014-02-09 14:23 - 00175016 ____C (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-09 14:23 - 2014-02-09 14:23 - 00174504 ____C (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-09 14:23 - 2014-02-09 14:23 - 00094632 ____C (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-02-09 14:23 - 2014-02-09 14:23 - 00000000 ___DC () C:\Program Files\Java
2014-02-09 14:18 - 2014-02-09 14:19 - 29141928 ____C (Oracle Corporation) C:\Users\M1\Downloads\jre-7u51-windows-i586.exe
2014-02-09 14:16 - 2014-02-09 14:17 - 24677393 ____C () C:\Users\M1\Downloads\vlc-2.1.3-win32.exe
2014-02-09 14:14 - 2014-02-09 14:14 - 01138397 ____C () C:\Users\M1\Downloads\7z922.exe
2014-02-08 13:56 - 2014-02-08 13:56 - 00001873 ____C () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-08 13:56 - 2014-02-08 13:56 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\AVAST Software
2014-02-08 13:55 - 2014-02-08 13:55 - 00775952 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00410784 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00270240 ____C (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-08 13:55 - 2014-02-08 13:55 - 00180248 ____C () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00067824 ____C (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00057672 ____C (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00054832 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00049944 ____C () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00043152 ____C (AVAST Software) C:\Windows\avastSS.scr
2014-02-08 13:54 - 2014-02-08 13:54 - 00000000 ___DC () C:\Program Files\AVAST Software
2014-02-08 13:52 - 2014-02-08 13:52 - 00000000 ___DC () C:\ProgramData\AVAST Software
2014-02-08 11:53 - 2014-02-08 11:57 - 90578216 ____C (AVAST Software) C:\Users\M1\Downloads\avast_free_antivirus_setup.exe
2014-02-07 18:21 - 2014-02-07 18:21 - 00227096 ____C () C:\Users\M1\Downloads\avira_registry_cleaner_de.exe
2014-02-01 15:48 - 2014-02-01 15:48 - 00000000 ___DC () C:\ProgramData\BlueStacks
2014-02-01 15:47 - 2014-02-01 17:30 - 00002134 ____C () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2014-02-01 15:47 - 2014-02-01 15:47 - 00000000 ___DC () C:\Program Files\WildTangent Games
==================== One Month Modified Files and Folders =======
2014-02-25 14:40 - 2014-02-23 17:05 - 00017262 ____C () C:\Users\M1\Desktop\FRST.txt
2014-02-25 14:39 - 2014-02-23 17:05 - 00000000 ___DC () C:\FRST
2014-02-25 14:33 - 2014-02-25 14:33 - 00001534 ____C () C:\Users\M1\Desktop\JRT.txt
2014-02-25 14:27 - 2014-02-25 14:27 - 00000000 ___DC () C:\Windows\ERUNT
2014-02-25 14:27 - 2008-10-06 17:03 - 01470089 ____C () C:\Windows\WindowsUpdate.log
2014-02-25 14:23 - 2014-02-18 15:19 - 00000286 ____C () C:\Windows\Tasks\bench-Updater removing.job
2014-02-25 14:23 - 2008-10-06 17:55 - 00000269 ____C () C:\Users\Public\Documents\hpqp.ini
2014-02-25 14:22 - 2006-11-02 14:01 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2014-02-25 14:22 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-25 14:22 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-25 14:21 - 2014-02-25 14:14 - 00000000 ___DC () C:\AdwCleaner
2014-02-25 14:21 - 2008-06-13 03:37 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-02-25 14:21 - 2006-11-02 14:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-25 14:15 - 2014-02-22 17:25 - 00000370 ____C () C:\Windows\Tasks\update-sys.job
2014-02-25 14:12 - 2014-02-25 14:12 - 01037734 ____C (Thisisu) C:\Users\M1\Desktop\JRT.exe
2014-02-25 14:11 - 2014-02-25 14:11 - 01241834 ____C () C:\Users\M1\Desktop\adwcleaner.exe
2014-02-25 14:07 - 2014-02-22 17:25 - 00000370 ____C () C:\Windows\Tasks\update-S-1-5-21-3630145962-1711427128-1675247868-1000.job
2014-02-25 14:07 - 2012-09-01 20:58 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-25 12:04 - 2014-02-25 10:58 - 00000000 ___DC () C:\Users\M1\Desktop\mbar
2014-02-25 11:43 - 2014-02-25 11:02 - 00107224 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-25 11:36 - 2014-02-15 11:00 - 00056706 ____C () C:\Windows\PFRO.log
2014-02-25 11:36 - 2006-11-02 12:18 - 00000000 ___DC () C:\Windows\nap
2014-02-25 10:58 - 2014-02-25 10:58 - 00075480 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-25 10:55 - 2014-02-25 10:54 - 12589848 ____C (Malwarebytes Corp.) C:\Users\M1\Desktop\mbar-1.07.0.1009.exe
2014-02-24 14:01 - 2009-01-12 18:37 - 00009194 ____C () C:\Users\M1\AppData\Roaming\wklnhst.dat
2014-02-24 13:53 - 2013-11-09 13:25 - 00002617 ____C () C:\Users\M1\Desktop\Microsoft Word 2010.lnk
2014-02-23 17:07 - 2014-02-23 17:05 - 00040672 ____C () C:\Users\M1\Desktop\Addition.txt
2014-02-23 17:03 - 2014-02-23 17:03 - 00000466 ____C () C:\Users\M1\Desktop\defogger_disable.log
2014-02-23 17:03 - 2014-02-23 17:03 - 00000000 ____C () C:\Users\M1\defogger_reenable
2014-02-23 17:03 - 2008-12-18 15:09 - 00000000 ___DC () C:\Users\M1
2014-02-23 16:55 - 2014-02-22 17:25 - 00000000 ___DC () C:\Users\M1\Documents\Lightshot
2014-02-23 16:36 - 2014-02-23 16:36 - 01143808 ____C (Farbar) C:\Users\M1\Desktop\FRST.exe
2014-02-23 16:36 - 2014-02-23 16:36 - 00050477 ____C () C:\Users\M1\Desktop\Defogger.exe
2014-02-23 16:20 - 2012-09-01 20:58 - 00692616 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-23 16:20 - 2012-09-01 20:58 - 00071048 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-23 16:20 - 2008-12-19 00:24 - 00000000 ___DC () C:\Users\M1\AppData\Local\Adobe
2014-02-22 17:25 - 2014-02-22 17:25 - 00000434 ____C () C:\Users\M1\AppData\Local\UserProducts.xml
2014-02-22 17:25 - 2014-02-22 17:25 - 00000003 ____C () C:\Users\M1\AppData\Local\updater.log
2014-02-22 17:25 - 2014-02-22 17:25 - 00000000 ___DC () C:\Program Files\Skillbrains
2014-02-22 17:24 - 2014-02-22 17:24 - 02150736 ____C (Skillbrains ) C:\Users\M1\Downloads\setup-lightshot.exe
2014-02-22 17:24 - 2014-02-22 17:24 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-02-22 17:24 - 2014-02-22 17:24 - 00000000 ___DC () C:\Users\M1\AppData\Local\Skillbrains
2014-02-22 16:54 - 2014-01-11 19:15 - 00000000 ___DC () C:\Program Files\CyberGhost 5
2014-02-22 11:46 - 2013-03-19 01:14 - 00000000 __RDC () C:\Program Files\Skype
2014-02-22 11:46 - 2010-04-23 16:09 - 00000000 ___DC () C:\ProgramData\Skype
2014-02-18 18:51 - 2006-11-02 12:18 - 00000000 ___DC () C:\Windows\Microsoft.NET
2014-02-16 18:30 - 2014-02-16 18:20 - 00000000 ___DC () C:\Program Files\Registry Dr
2014-02-16 18:28 - 2014-02-16 18:18 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\awesomehp
2014-02-16 18:28 - 2012-09-01 04:32 - 00001763 ____C () C:\Users\M1\Desktop\Start Download Manager.lnk
2014-02-16 18:28 - 2008-12-19 00:53 - 00000846 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-16 18:28 - 2008-12-18 15:17 - 00000949 ____C () C:\Users\M1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-16 18:25 - 2014-02-16 18:21 - 00000000 ___DC () C:\Users\M1\AppData\Local\cache
2014-02-16 18:25 - 2014-02-16 18:20 - 00000000 ___DC () C:\Users\M1\Documents\RegistryDr
2014-02-16 18:22 - 2014-02-16 18:22 - 00000000 ___DC () C:\Users\M1\AppData\Local\RegistryDR
2014-02-16 18:21 - 2014-02-16 18:21 - 00000000 ___DC () C:\Users\M1\.android
2014-02-16 18:21 - 2014-02-16 18:21 - 00000000 ____C () C:\Users\M1\daemonprocess.txt
2014-02-16 15:15 - 2014-02-16 14:07 - 00000000 ___DC () C:\Users\M1\Documents\FreeCol
2014-02-16 15:14 - 2014-02-16 15:14 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\gbrainy
2014-02-16 15:01 - 2014-02-16 15:01 - 00000899 ____C () C:\Users\M1\Desktop\gbrainy.lnk
2014-02-16 15:01 - 2014-02-16 15:01 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gbrainy
2014-02-16 15:01 - 2014-02-16 14:53 - 00000000 ___DC () C:\Program Files\Spiele
2014-02-16 14:55 - 2008-12-20 14:59 - 00000349 ____C () C:\Users\Public\Documents\PCLECHAL.INI
2014-02-16 14:48 - 2014-02-16 14:48 - 00849985 ____C () C:\Users\M1\Downloads\emotiondx.zip
2014-02-16 14:36 - 2014-02-16 14:36 - 00000559 ____C () C:\Users\Public\Desktop\Stranded II.lnk
2014-02-16 14:35 - 2014-02-16 14:35 - 13293344 ____C (Unreal Software ) C:\Users\M1\Downloads\stranded2_setup_de.exe
2014-02-16 14:34 - 2014-02-16 14:34 - 00009050 ____C () C:\Users\M1\AppData\Roaming\.freeciv-client-rc-2.4
2014-02-16 14:34 - 2014-02-16 14:31 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\.freeciv
2014-02-16 14:31 - 2014-02-16 14:30 - 00000000 ___DC () C:\Program Files\Freeciv-2.4.2-gtk2
2014-02-16 14:06 - 2014-02-16 14:06 - 00001684 ____C () C:\Users\Public\Desktop\FreeCol.lnk
2014-02-16 12:20 - 2014-02-16 12:12 - 182764979 ____C ( ) C:\Users\M1\Downloads\PatrimoniumInstaller.exe
2014-02-16 12:13 - 2014-02-16 12:13 - 00216998 ____C () C:\Users\M1\Downloads\simutrans-online-install1122.exe
2014-02-16 12:10 - 2014-02-16 12:10 - 00813169 ____C () C:\Users\M1\Downloads\blobby.zip
2014-02-16 12:08 - 2014-02-16 12:07 - 28215140 ____C () C:\Users\M1\Downloads\Freeciv-2.4.2-win32-gtk2-setup.exe
2014-02-16 12:04 - 2014-02-16 12:04 - 00710848 ____C ( ) C:\Users\M1\Downloads\COMPUTER_BILD-Download-Manager_fuer_stranded2_setup_de.exe
2014-02-16 11:59 - 2014-02-16 11:59 - 00710848 ____C ( ) C:\Users\M1\Downloads\COMPUTER_BILD-Download-Manager_fuer_emotiondx.exe
2014-02-16 11:58 - 2014-02-16 11:56 - 37739520 ____C () C:\Users\M1\Downloads\freecol-0.10.7-installer.exe
2014-02-16 11:56 - 2014-02-16 11:55 - 18256260 ____C () C:\Users\M1\Downloads\gbrainy-206.exe
2014-02-16 11:55 - 2014-02-16 11:54 - 08843012 ____C (Duong Khang NGUYEN ) C:\Users\M1\Downloads\opencity-0.0.6.2stable-i586-setup.exe
2014-02-16 10:47 - 2012-05-07 21:36 - 00000000 ___DC () C:\Program Files\Mozilla Maintenance Service
2014-02-15 11:59 - 2006-11-02 11:33 - 01541688 ____C () C:\Windows\system32\PerfStringBackup.INI
2014-02-15 11:40 - 2014-02-15 11:40 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2014-02-14 03:20 - 2008-06-13 05:07 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2014-02-14 03:12 - 2013-07-13 23:23 - 00000000 ___DC () C:\Windows\system32\MRT
2014-02-14 03:09 - 2006-11-02 11:24 - 85946576 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-14 03:04 - 2006-11-02 11:23 - 00000240 ____C () C:\Windows\win.ini
2014-02-12 22:18 - 2014-02-12 22:18 - 04721920 ____C (Piriform Ltd) C:\Users\M1\Downloads\ccsetup410.exe
2014-02-09 14:24 - 2014-02-09 14:24 - 00000000 ___DC () C:\ProgramData\Oracle
2014-02-09 14:24 - 2014-02-09 14:24 - 00000000 ___DC () C:\Program Files\Common Files\Java
2014-02-09 14:23 - 2014-02-09 14:23 - 00264616 ____C (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-09 14:23 - 2014-02-09 14:23 - 00175016 ____C (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-09 14:23 - 2014-02-09 14:23 - 00174504 ____C (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-09 14:23 - 2014-02-09 14:23 - 00094632 ____C (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-02-09 14:23 - 2014-02-09 14:23 - 00000000 ___DC () C:\Program Files\Java
2014-02-09 14:21 - 2013-09-19 12:48 - 00000859 ____C () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-09 14:19 - 2014-02-09 14:18 - 29141928 ____C (Oracle Corporation) C:\Users\M1\Downloads\jre-7u51-windows-i586.exe
2014-02-09 14:17 - 2014-02-09 14:16 - 24677393 ____C () C:\Users\M1\Downloads\vlc-2.1.3-win32.exe
2014-02-09 14:14 - 2014-02-09 14:14 - 01138397 ____C () C:\Users\M1\Downloads\7z922.exe
2014-02-08 13:56 - 2014-02-08 13:56 - 00001873 ____C () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-08 13:56 - 2014-02-08 13:56 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\AVAST Software
2014-02-08 13:55 - 2014-02-08 13:55 - 00775952 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00410784 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00270240 ____C (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-08 13:55 - 2014-02-08 13:55 - 00180248 ____C () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00067824 ____C (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00057672 ____C (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00054832 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00049944 ____C () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-08 13:55 - 2014-02-08 13:55 - 00043152 ____C (AVAST Software) C:\Windows\avastSS.scr
2014-02-08 13:54 - 2014-02-08 13:54 - 00000000 ___DC () C:\Program Files\AVAST Software
2014-02-08 13:52 - 2014-02-08 13:52 - 00000000 ___DC () C:\ProgramData\AVAST Software
2014-02-08 13:48 - 2009-02-21 17:09 - 00003207 ____C () C:\Windows\system32\sdkinst.log
2014-02-08 13:45 - 2013-09-24 18:22 - 00000000 ___DC () C:\ProgramData\Avira
2014-02-08 11:57 - 2014-02-08 11:53 - 90578216 ____C (AVAST Software) C:\Users\M1\Downloads\avast_free_antivirus_setup.exe
2014-02-07 18:21 - 2014-02-07 18:21 - 00227096 ____C () C:\Users\M1\Downloads\avira_registry_cleaner_de.exe
2014-02-07 18:13 - 2008-12-18 18:44 - 00043520 ____C () C:\Users\M1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-05 09:58 - 2014-02-14 03:02 - 12345344 ____C (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 09:56 - 2014-02-14 03:02 - 01806848 ____C (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 09:53 - 2014-02-14 03:02 - 09739264 ____C (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 09:51 - 2014-02-14 03:02 - 01105408 ____C (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 09:50 - 2014-02-14 03:02 - 01129472 ____C (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 09:49 - 2014-02-14 03:02 - 01427968 ____C (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 09:49 - 2014-02-14 03:02 - 00231936 ____C (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 09:48 - 2014-02-14 03:02 - 01796096 ____C (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 09:48 - 2014-02-14 03:02 - 00717824 ____C (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 09:48 - 2014-02-14 03:02 - 00421376 ____C (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 09:48 - 2014-02-14 03:02 - 00142848 ____C (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 09:48 - 2014-02-14 03:02 - 00065536 ____C (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 09:47 - 2014-02-14 03:02 - 02382848 ____C (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 09:47 - 2014-02-14 03:02 - 00607744 ____C (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 09:47 - 2014-02-14 03:02 - 00073216 ____C (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:46 - 2014-02-14 03:02 - 00176640 ____C (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-02 19:05 - 2012-06-28 22:10 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\vlc
2014-02-01 17:35 - 2008-06-13 04:38 - 00000000 ___DC () C:\ProgramData\WildTangent
2014-02-01 17:30 - 2014-02-01 15:47 - 00002134 ____C () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2014-02-01 15:48 - 2014-02-01 15:48 - 00000000 ___DC () C:\ProgramData\BlueStacks
2014-02-01 15:48 - 2008-12-18 18:14 - 00000000 ___DC () C:\Users\M1\AppData\Roaming\WildTangent
2014-02-01 15:48 - 2008-06-13 04:38 - 00000000 ___DC () C:\Program Files\HP Games
2014-02-01 15:47 - 2014-02-01 15:47 - 00000000 ___DC () C:\Program Files\WildTangent Games
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
Some content of TEMP:
====================
C:\Users\M1\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-25 14:30
==================== End Of Log ============================
--- --- --- und FRST addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-02-2014
Ran by M1 at 2014-02-25 14:40:34
Running from C:\Users\M1\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
Ashampoo Burning Studio 2009 Advanced (HKLM\...\Ashampoo Burning Studio 2009 Advanced_is1) (Version: 9.0.0 - ashampoo GmbH & Co. KG)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{789EC9D6-5A0D-3CCA-957D-D0523BDE1638}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2013 - Avast Software)
BIAS SoundSoap PE 2.1 (HKLM\...\{42442CA9-90E6-4011-BB55-7C263F6D5EC1}) (Version: 2.1.1 - BIAS Inc)
BIAS SoundSoap PE 2.1.1 (HKLM\...\{8709C596-C0B4-415D-9281-AC846B39EA76}) (Version: 2.1.1 - BIAS Inc)
Catalyst Control Center - Branding (HKLM\...\{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74}) (Version: 1.00.0000 - ATI)
Catalyst Control Center Core Implementation (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2008.0508.2151.37248 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Czech (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Danish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Dutch (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help English (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Finnish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help French (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help German (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Greek (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Hungarian (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Italian (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Japanese (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Korean (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Norwegian (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Polish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Portuguese (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Russian (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Spanish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Swedish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Thai (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Turkish (Version: 2008.0508.2150.37248 - ATI) Hidden
ccc-core-static (Version: 2008.0508.2151.37248 - Ihr Firmenname) Hidden
ccc-utility (Version: 2008.0508.2151.37248 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1519 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1616 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft)
Freeciv 2.4.2 (GTK+2 client) (HKLM\...\Freeciv-2.4.2-gtk2) (Version: - )
gbrainy 2.06 (HKLM\...\gbrainy) (Version: 2.06 - )
HP Active Support Library (Version: 3.1.4.1 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Officejet 4620 series - Grundlegende Software für das Gerät (HKLM\...\{794EB9A9-BB26-4FA5-AC2C-E3AE166C7427}) (Version: 26.0.784.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Hilfe (HKLM\...\{72EDA2AC-2908-4BB3-97E5-4F9DDEBF9731}) (Version: 6.0.0 - Hewlett Packard)
HP Quick Launch Buttons 6.40 D3 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 D3 - Hewlett-Packard)
HP QuickPlay 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP QuickTouch 1.00 D2 (HKLM\...\{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}) (Version: 1.0.9 - Hewlett-Packard)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP User Guides 0103 (HKLM\...\{B8169E45-8E23-430B-91D1-EC64540C8ED0}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{A5CE7175-080D-49AC-B5A3-E7E3502428F5}) (Version: 3.00 I2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.1.0 - Hewlett-Packard) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.5893.0 - IDT)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron JMB38X Flash Media Controller (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.11.02 - JMicron Technology Corp.)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2719 - CyberLink Corp.)
LightScribe System Software 1.12.33.2 (HKLM\...\{582287DA-0806-4AC0-BF19-C15E3A466034}) (Version: 1.12.33.2 - LightScribe)
lightshot-5.0.0.2 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.0.0.2 - Skillbrains)
Malwarebytes Anti-Malware Version 1.60.1.1000 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.60.1.1000 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft PhotoDraw 2000 V2 (HKLM\...\{3C5EA394-1031-11D2-A2CB-00C04F72F31D}) (Version: 2.00.00.1429 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Microsoft Works Suite-Add-Ins für Microsoft Word (HKLM\...\{90F1DDBF-0C56-44B0-A920-72CC90C51565}) (Version: 8.0.0.0000 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent)
Office-Web Center (HKLM\...\{235C3A50-559F-4CAA-BAC3-4CC9ABF51976}) (Version: 1.00.4 Build 050111 - Office-Web)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.6 - Frank Heindörfer, Philip Chinery)
PDFCreator Toolbar (HKLM\...\PDFCreator Toolbar) (Version: 3.3.0.1 - )
Pinnacle Instant DVD Recorder (HKLM\...\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}) (Version: 2.00.088 - )
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3919 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2719 - CyberLink Corp.)
PowerDirector (Version: 6.5.2719 - CyberLink Corp.) Hidden
proDAD Heroglyph 2.5 (HKLM\...\proDAD-Heroglyph-2.5) (Version: - )
proDAD Vitascene 1.0 (HKLM\...\proDAD-Vitascene-1.0) (Version: - )
ProtectSmart Hard Drive Protection (HKLM\...\{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}) (Version: 3.10 A7 - Hewlett-Packard)
QuickPlay SlingPlayer 0.4.6 (HKLM\...\SlingMedia.QPSlingPlayer_is1) (Version: 0.4.6 - SlingMedia)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Secunia PSI (2.0.0.4003) (HKLM\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Setup-Start von Microsoft Works Suite 2006 (HKLM\...\Works2006Setup) (Version: - )
Skins (Version: 2008.0508.2151.37248 - ATI) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Stranded II 1.0.0.1 (HKLM\...\{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1) (Version: - Unreal Software)
Studio 11 (HKLM\...\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}) (Version: 11.0 - Pinnacle Systems)
Studio 11 (Version: 11.0.0.0 - Pinnacle Systems) Hidden
Studio 11 Bonus DVD (HKLM\...\{45A1BF92-700A-4408-B95E-79F462E3D67D}) (Version: 11.0.0.0 - Pinnacle Systems)
Studio Ultimate (HKLM\...\{CC874CBB-BD87-4126-9465-AE73BB62D6E0}) (Version: 11.00.0013 - Pinnacle Systems)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (Version: - WildTangent) Hidden
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 5.0.9 - Shark007)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WildTangent Games App für HP (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.2 - WildTangent)
Windows Live Messenger (HKLM\...\{279DB581-239C-4E13-97F8-0F48E40BE75C}) (Version: 8.1.0178.00 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Works Update (Version: 8.0.0.0000 - Microsoft Corporation) Hidden
XMedia Recode 2.1.0.3 (HKLM\...\XMedia Recode) (Version: 2.1.0.3 - Sebastian Dörfler)
Yahoo! Desktop Login (Version: 1.00.0001 - Pinnacle Systems) Hidden
Zylom Games Player Plugin (HKLM\...\Zylom Games Player Plugin) (Version: - Zylom Games)
==================== Restore Points =========================
14-02-2014 10:46:17 Windows Update
15-02-2014 10:10:37 Windows Update
15-02-2014 10:57:43 Windows Update
16-02-2014 17:29:41 Removed Registry Dr
22-02-2014 10:42:18 Windows Update
23-02-2014 00:00:03 Geplanter Prüfpunkt
23-02-2014 19:18:32 Geplanter Prüfpunkt
25-02-2014 10:34:46 Malwarebytes Anti-Rootkit Restore Point
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0149A0CF-8754-43D9-848C-2BCE22B76D38} - System32\Tasks\{1FC2BF8D-82CB-4F18-95A8-FB3741E57E3E} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/abandoninstall?page=tsProgressBar
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {28837A50-62C5-4A23-83F5-487ABB265E2F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-23] (Adobe Systems Incorporated)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {47471E57-194C-496C-826D-9F8BD99B13D7} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: {4BAAFEFA-0211-48DC-A883-D936ADF852BA} - System32\Tasks\RegistryDr_Start => C:\Program Files\Registry Dr\RegistryDr.exe <==== ATTENTION
Task: {8B4D6D63-AB81-47F1-AB3B-99918A51D529} - System32\Tasks\update-S-1-5-21-3630145962-1711427128-1675247868-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: {8E2E5D3C-7381-4AE7-AF60-DA9E4AA574BD} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {AF767A8A-5CB1-4D8C-BC78-4B68DE5F44CD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-08] (AVAST Software)
Task: {B06CB7B9-FBE2-45BA-988D-D72C20F3EA97} - System32\Tasks\bench-Updater removing
Task: {D349089A-6B81-43AD-A342-C15DE3467A4B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F919EDEE-73EE-46CE-9532-0642C5592D01} - System32\Tasks\RegistryDr_Popup => C:\Program Files\Registry Dr\Splash.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\bench-Updater removing.job => ?
Task: C:\Windows\Tasks\update-S-1-5-21-3630145962-1711427128-1675247868-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe
==================== Loaded Modules (whitelisted) =============
2014-02-25 11:09 - 2014-02-24 19:47 - 02181632 ____C () C:\Program Files\AVAST Software\Avast\defs\14022401\algo.dll
2009-01-18 15:46 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2008-06-13 04:12 - 2008-05-14 21:56 - 00292248 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2008-06-13 04:12 - 2008-05-14 21:56 - 00259480 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2008-06-13 04:12 - 2008-05-14 21:56 - 00038184 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
2008-06-13 04:12 - 2008-05-14 21:56 - 00116112 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
2008-06-13 05:32 - 2008-03-26 14:26 - 00341328 _____ () C:\Windows\SMINST\BLService.exe
2008-06-13 05:32 - 2006-09-13 12:54 - 00081920 _____ () C:\Windows\SMINST\STString.dll
2008-06-13 05:32 - 2007-11-14 14:46 - 00126976 _____ () C:\Windows\SMINST\STWmiM.dll
2008-06-13 05:23 - 2007-01-09 10:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-05-08 23:14 - 2008-05-08 23:14 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2008-12-18 16:52 - 2005-04-25 18:51 - 00233472 _____ () C:\Program Files\Office-Web\Office-Web Center\Panel.exe
2008-12-18 16:52 - 2005-04-25 18:53 - 01089536 _____ () C:\Windows\system32\XWheel.dll
2014-02-08 13:55 - 2014-02-08 13:55 - 19336120 ____C () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-06-13 04:12 - 2008-05-14 21:56 - 00066856 _____ () C:\Program Files\HP\QuickPlay\Kernel\Common\MCEMediaStatus.dll
2008-06-13 04:25 - 2008-04-11 08:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2008-02-27 13:48 - 2008-02-27 13:48 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 ____C () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2009-02-21 18:08 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-02-25 14:40:28.146
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-25 14:40:27.491
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-25 14:40:26.867
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-25 14:40:26.228
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-25 14:40:25.588
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-25 14:40:24.948
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-25 14:40:24.309
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-25 14:40:23.654
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-25 14:40:05.168
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-25 14:40:04.512
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 35%
Total physical RAM: 3068.9 MB
Available physical RAM: 1975.94 MB
Total Pagefile: 6360.31 MB
Available Pagefile: 5325.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.48 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:289.24 GB) (Free:52.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:8.84 GB) (Free:1.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 7129B57F)
Partition 1: (Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Danke für die schnelle Hilfe soweit!! Gruß rairai |
|
25.02.2014, 15:43
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.02.2014, 17:37
| #9 |
| | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Hallo Cosinus, sieht leider nicht so gut aus. MBAW hat einiges gefunden im screenshot sind es mehr Stellen als im Logfile. hier das file Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.25.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 M1 :: M1-PC [Administrator] 25.02.2014 17:11:33 MBAM-log-2014-02-25 (17-25-34).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 217270 Laufzeit: 10 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5682CA62-1A80-40AE-82A0-B67833CE75FF} (PUP.Optional.SavingsWizard.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39B931CF-F1E2-4D04-8129-9EE8159A91C5} (PUP.Optional.SavingsWizard.A) -> Keine Aktion durchgeführt. HKLM\Software\awesomehpSoftware (PUP.Optional.Awesomehp.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Mozilla\Firefox\Extensions|lightningnewtab@gmail.com (PUP.Optional.Lightning.A) -> Daten: C:\Users\M1\AppData\Roaming\Mozilla\Firefox\Profiles\j6dqox3l.default\extensions\lightningnewtab@gmail.com.xpi -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Users\M1\AppData\Roaming\awesomehp (PUP.Optional.Awesomehp.A) -> Keine Aktion durchgeführt. C:\Users\M1\AppData\Roaming\awesomehp\log (PUP.Optional.Awesomehp.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 10 C:\Users\M1\AppData\Roaming\awesomehp\QQBrowserFrame.dll (PUP.Optional.SkyTech.A) -> Keine Aktion durchgeführt. C:\Users\M1\AppData\Local\Temp\fullpackage_temp1392571039\package1.zip (PUP.Optional.SkyTech.A) -> Keine Aktion durchgeführt. C:\Users\M1\AppData\Local\Temp\fullpackage_temp1392571039\QQBrowserFrame.dll (PUP.Optional.SkyTech.A) -> Keine Aktion durchgeführt. C:\Users\M1\AppData\Local\Temp\fullpackage_temp1392571039\tmp\SupTab.exe (PUP.Optional.SupTab.A) -> Keine Aktion durchgeführt. C:\Users\M1\AppData\Roaming\awesomehp\67.json (PUP.Optional.Awesomehp.A) -> Keine Aktion durchgeführt. C:\Users\M1\AppData\Roaming\awesomehp\awesomehp.exe (PUP.Optional.Awesomehp.A) -> Keine Aktion durchgeführt. C:\Users\M1\AppData\Roaming\awesomehp\DataBase (PUP.Optional.Awesomehp.A) -> Keine Aktion durchgeführt. C:\Users\M1\AppData\Roaming\awesomehp\log\awesomehp.LOG (PUP.Optional.Awesomehp.A) -> Keine Aktion durchgeführt. C:\Program Files\Mozilla Firefox\browser\searchplugins\awesomehp.xml (PUP.Optional.Awesomehp.A) -> Keine Aktion durchgeführt. C:\Windows\Tasks\bench-Updater removing.job (PUP.Optional.BenchUpdater.A) -> Keine Aktion durchgeführt. (Ende) werde dann noch ESET machen. Gruß rairai |
|
25.02.2014, 21:32
| #10 |
| | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Ich habe die MBAM-funde nach dem scan entfernt, das logfile von Eset hat dann nichts mehr gefunden: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dd402f4de068f5468170dbb87862bf14
# engine=17223
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-25 08:09:05
# local_time=2014-02-25 09:09:05 (+0100, Mitteleuropäische Zeit )
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=774 16777213 71 76 1494789 1498409 0 0
# compatibility_mode=5892 16776573 100 100 36420 230891673 0 0
# scanned=249711
# found=0
# cleaned=0
# scan_time=10637
rairai |
|
26.02.2014, 01:21
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Sind nur Reste Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\M1\AppData\Roaming\awesomehp
C:\Program Files\Mozilla Firefox\browser\searchplugins\awesomehp.xml
C:\Windows\Tasks\bench-Updater removing.job
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.02.2014, 11:39
| #12 |
| | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Hallo Cosinus, hier das Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-02-2014
Ran by M1 at 2014-02-26 11:36:17 Run:1
Running from C:\Users\M1\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\M1\AppData\Roaming\awesomehp
C:\Program Files\Mozilla Firefox\browser\searchplugins\awesomehp.xml
C:\Windows\Tasks\bench-Updater removing.job
*****************
C:\Users\M1\AppData\Roaming\awesomehp => Moved successfully.
C:\Program Files\Mozilla Firefox\browser\searchplugins\awesomehp.xml => Moved successfully.
C:\Windows\Tasks\bench-Updater removing.job => Moved successfully.
==== End of Fixlog ====
rairai |
|
26.02.2014, 14:05
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.02.2014, 14:56
| #14 |
| | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Hallo Cosinus, erst mal besten Dank für deine gute und schnelle Hilfe! Beim Start kommen immer noch die 2 Meldungen: 1. "Aufgabenplanungsmodul wurde beendet und geschlossen" und 2. - Load DLL - "Hook Load failed" wie mache ich das wieder richtig? Ansonsten sieht es gut aus und es gibt keine weiteren Probleme. DANKE  werde mir die von dir vorgeschlagenen Hilfen gerne ansehen Gruß rairai |
|
26.02.2014, 15:36
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... Frische FRST Logs bitte
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Avast findet mehrere Viren Win:32NextLife-B und andere Win:32... |
| adobe, avira, awesomehp, awesomehp entfernen, benachrichtigungen, branding, ccsetup, computer_bild-download-manager, cyberghost, device driver, dll -, einstellungen, fehlermeldung, flash player, homepage, iexplore.exe, launch, lightning, mobogenie, mobogenie entfernen, officejet, pup.optional.awesomehp.a, pup.optional.benchupdater.a, pup.optional.lightning.a, pup.optional.savingswizard.a, pup.optional.skytech.a, pup.optional.suptab.a, quick_start, secunia psi, services.exe, svchost.exe, trojan.keylogger, wildtangent games |
Linear-Darstellung
