| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Trojaner Proxy-Server 127.0.0.1 Port: 8877Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.03.2014, 11:30
| #1 |
 |  Windows 7: Trojaner Proxy-Server 127.0.0.1 Port: 8877 Hallo zuasmmen, vorab: wir sind ein kleines Institut mit 3 Mitarbeitern und haben keine eigene IT-Abteilung, die sich mit meinem Problem beschäftigen könnte, da wir das selbst machen müssen. Ich hoffe, das geht in Ordnung? Spende verstünde sich von selbst... Problem wie folgt: Es trägt sich immer automatisch ein Proxyserver bei mir ein. 127.0.0.1 Port: 8877 Wenn ich auf "Proxyserver konfigurieren" gehe und dort unter "LAN-Einstellungen" schaue, trägt sich immer automatisch das Häkchen bei "Proxyserver für LAN verwenden..." ein. Selbst wenn ich das Häkchen rausnehme, trägt es sich kurze Zeit später wieder von selbst ein. Bei meiner Recherche bin ich zu dem Ergebnis gekommen, dass es sich wohl um einen Trojaner handelt. Ich habe etliche Virenscanner etc. angewendet und es wurde auch immer fleißig etwas gefunden, aber mein Problem hat sich nicht gelöst. Die Logs habe ich leider nicht, weil ich alle Virenscanner und Malware-Programm wieder deinstalliert habe. Es scheint eher ein Problem zu sein, dass aktiv wird, bevor der Rechner hochgefahren ist, aber da hört mein Latein auch schon auf. Ich habe hoffentlich eure Anleitung richtig befolgt: Hier das FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by user (administrator) on PC-VOSS on 24-03-2014 10:46:03
Running from D:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Doctor Web, Ltd.) C:\Program Files (x86)\DrWeb\dwservice.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Doctor Web, Ltd.) C:\Program Files (x86)\DrWeb\spideragent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPL.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Doctor Web, Ltd.) C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Doctor Web, Ltd.) C:\Program Files (x86)\DrWeb\dwnetfilter.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Doctor Web, Ltd.) C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-20] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM\...\Run: [FileOpenBroker] - C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1589104 2013-03-26] (FileOpen Systems Inc.)
HKLM\...\Run: [InstallerLauncher] - "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
HKLM\...\Run: [SpIDerAgent] - C:\Program Files (x86)\DrWeb\spideragent.exe [7540480 2014-03-21] (Doctor Web, Ltd.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-21] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [636520 2012-02-07] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [sysTPL] - C:\Program Files (x86)\sysTPL\sysTPL.exe [1244440 2014-03-20] (Tlapia)
HKLM-x32\...\Run: [EaseUS EPM tray] - C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Agent] - "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse] - "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] - "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1815366113-400607504-2382787183-1000\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759384 2013-07-08] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1815366113-400607504-2382787183-1000\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-15] (Google Inc.)
HKU\S-1-5-21-1815366113-400607504-2382787183-1000\...\MountPoints2: {4556785e-62ff-11e3-9383-f80f415765c1} - G:\SecureDrive.exe
HKU\S-1-5-21-1815366113-400607504-2382787183-1000\...\MountPoints2: {46a26236-406b-11e3-ba37-f80f415765c1} - "J:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1815366113-400607504-2382787183-1000\...\MountPoints2: {84c0b8c1-e92b-11e2-b682-f80f415765c1} - G:\LaunchU3.exe -a
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\user\AppData\Roaming\Windows Net Data\net.exe (No File)
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8877
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEBF65258922CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1378116617937&tguid=66920-6787-1378116617937-C18D5CADCF58B2F000912DA27989B932
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1378116617937&tguid=66920-6787-1378116617937-C18D5CADCF58B2F000912DA27989B932&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1378116617937&tguid=66920-6787-1378116617937-C18D5CADCF58B2F000912DA27989B932&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1378116617937&tguid=66920-6787-1378116617937-C18D5CADCF58B2F000912DA27989B932&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: No Name - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: No Name - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\dz2302to.default
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\dz2302to.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @viewpoint.com/VMP - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-26]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-26]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-26]
CHR Extension: (GMX MailCheck) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2014-02-28]
CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-26]
CHR Extension: (HTML5 Video für YouTube™) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dolajcekhnohkpncmhgledbmndjpblei [2014-02-28]
CHR Extension: (Drucken) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd [2013-09-24]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (YouTube Unblocker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2013-10-18]
CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-26]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-06-26]
==================== Services (Whitelisted) =================
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [476936 2013-08-27] (BitRaider, LLC)
R2 DrWebAVService; C:\Program Files (x86)\DrWeb\dwservice.exe [2977536 2014-03-21] (Doctor Web, Ltd.)
R3 DrWebEngine; C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [1913680 2014-03-21] (Doctor Web, Ltd.)
R3 DrWebNetFilter; C:\Program Files (x86)\DrWeb\dwnetfilter.exe [3184992 2014-03-21] (Doctor Web, Ltd.)
R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [337264 2013-03-19] (FileOpen Systems Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC)
R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [399640 2014-03-20] (Tlapia)
R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [400664 2014-03-20] (Tlapia)
S2 0257671347983765mcinstcleanup; C:\Users\ADMINI~1\AppData\Local\Temp\025767~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [X]
S2 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
==================== Drivers (Whitelisted) ====================
R1 DrWebWfp; C:\Windows\System32\drivers\dw_wfp.sys [72448 2014-03-21] (Doctor Web, Ltd.)
R0 DwProt; C:\Windows\System32\drivers\dwprot.sys [226560 2014-03-21] (Doctor Web, Ltd.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC)
R0 SpiderG3; C:\Windows\System32\drivers\spiderg3.sys [223960 2014-03-21] (Doctor Web, Ltd.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S0 mfewfpk; system32\drivers\mfewfpk.sys [X]
S3 PCDSRVC{1AD96DDB-27B07940-06020200}_0; \??\c:\users\administrator\appdata\local\temp\bjxq9ais9o1y\pcdrdiag\bin\pcdsrvc_x64.pkms [X]
S3 wanatw; system32\DRIVERS\wanatw64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-24 10:36 - 2014-03-24 10:36 - 00000000 _____ () C:\Users\user\defogger_reenable
2014-03-24 08:53 - 2014-03-24 08:53 - 00002026 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-03-21 11:20 - 2014-03-21 11:22 - 00000314 _____ () C:\Windows\Tasks\Dr.Web Daily scan.job
2014-03-21 11:20 - 2014-03-21 11:20 - 00002994 _____ () C:\Windows\System32\Tasks\Dr.Web Daily scan
2014-03-21 11:20 - 2014-03-21 11:20 - 00000977 _____ () C:\Users\Public\Desktop\Dr.Web Scanner.lnk
2014-03-21 11:18 - 2014-03-24 08:29 - 00000000 __SHD () C:\DrWeb Quarantine
2014-03-21 11:16 - 2014-03-21 11:16 - 00226560 _____ (Doctor Web, Ltd.) C:\Windows\system32\Drivers\dwprot.sys
2014-03-21 11:16 - 2014-03-21 11:16 - 00223960 _____ (Doctor Web, Ltd.) C:\Windows\system32\Drivers\spiderg3.sys
2014-03-21 11:16 - 2014-03-21 11:16 - 00072448 _____ (Doctor Web, Ltd.) C:\Windows\system32\Drivers\dw_wfp.sys
2014-03-21 11:15 - 2014-03-21 13:26 - 00000000 ____D () C:\Program Files (x86)\DrWeb
2014-03-21 11:15 - 2014-03-21 11:16 - 00000000 ____D () C:\ProgramData\Doctor Web
2014-03-21 11:15 - 2014-03-21 11:15 - 00000000 ____D () C:\Program Files\Common Files\Doctor Web
2014-03-21 11:10 - 2014-03-21 11:10 - 00255200 _____ () C:\ProgramData\1395396586.bdinstall.bin
2014-03-21 09:44 - 2014-03-21 11:20 - 00000000 ____D () C:\Users\user\Doctor Web
2014-03-21 09:26 - 2014-03-21 09:35 - 207636488 _____ (Doctor Web, Ltd.) C:\Users\user\Desktop\drweb-700-win-space.exe
2014-03-21 09:26 - 2014-03-21 09:34 - 145210256 _____ () C:\Users\user\Desktop\cureit.exe
2014-03-20 14:15 - 2014-03-20 14:15 - 00868808 _____ () C:\ProgramData\1395316499.bdinstall.bin
2014-03-20 14:15 - 2014-03-20 14:15 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-03-20 14:15 - 2014-03-20 14:15 - 00000385 _____ () C:\Users\user\AppData\Roaminguser_gensett.xml
2014-03-20 14:14 - 2014-03-20 14:15 - 00000000 ____D () C:\ProgramData\BDLogging
2014-03-20 14:14 - 2014-03-20 14:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-03-20 14:14 - 2009-07-15 00:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-03-20 14:13 - 2014-03-20 14:16 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-03-20 14:13 - 2007-04-11 10:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2014-03-20 12:55 - 2014-03-21 11:12 - 00000000 ____D () C:\Program Files\Bitdefender
2014-03-20 12:55 - 2014-03-21 11:10 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-03-20 12:55 - 2014-03-20 14:16 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-03-20 12:55 - 2013-11-04 15:47 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2014-03-20 12:55 - 2013-11-04 15:46 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2014-03-20 12:54 - 2014-03-20 12:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\QuickScan
2014-03-20 12:51 - 2014-03-21 11:10 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-03-19 16:22 - 2014-03-19 16:22 - 00000085 _____ () C:\Windows\wininit.ini
2014-03-19 13:47 - 2014-03-20 08:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-19 13:47 - 2014-03-20 08:31 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-03-19 13:47 - 2014-03-19 16:22 - 00000000 ____D () C:\Users\user\Documents\Anti-Malware
2014-03-19 13:47 - 2014-03-19 16:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-19 13:47 - 2014-03-19 13:47 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-19 13:46 - 2014-03-19 13:46 - 00000036 _____ () C:\Users\user\AppData\Local\housecall.guid.cache
2014-03-19 12:30 - 2014-03-19 12:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Malwarebytes
2014-03-19 11:28 - 2014-03-19 11:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-19 10:25 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-19 10:25 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-19 10:25 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-19 10:25 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-19 10:25 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-19 10:25 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-19 10:25 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-19 10:25 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-19 10:25 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-19 10:25 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-19 10:25 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-19 10:25 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-19 10:25 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-19 10:25 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-19 10:25 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-19 10:25 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-19 10:25 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-19 10:25 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-19 10:25 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-19 10:25 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-19 10:25 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-19 10:25 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-19 10:25 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-19 10:25 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-19 10:25 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-19 10:25 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-19 10:25 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-19 10:25 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-19 10:25 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-19 10:25 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-19 10:25 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-19 10:25 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-19 10:25 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-19 10:25 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-19 10:25 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-19 10:25 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-19 10:25 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-19 10:25 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-19 10:25 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-19 10:25 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-19 10:25 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-19 10:25 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-19 10:25 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-19 10:25 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-19 10:22 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-19 10:22 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-19 10:22 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-19 10:22 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-19 09:32 - 2014-03-19 10:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-19 09:32 - 2014-03-19 09:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-19 09:27 - 2014-03-19 09:27 - 00000000 ____D () C:\Windows\ERUNT
2014-03-19 09:02 - 2014-03-19 10:13 - 00000000 ____D () C:\AdwCleaner
2014-03-19 08:58 - 2014-03-24 10:46 - 00000000 ____D () C:\FRST
2014-02-28 15:53 - 2014-03-03 18:03 - 01593832 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\Program Files\iTunes
2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\Program Files\iPod
2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-28 11:15 - 2014-02-28 11:15 - 01071000 _____ (Solid State Networks) C:\Users\user\Downloads\install_flashplayer12x32_mssd_aaa_aih.exe
2014-02-27 10:44 - 2014-02-27 10:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\PDAppFlex
2014-02-27 10:44 - 2014-02-27 10:44 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-24 13:04 - 2014-02-28 10:32 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-24 11:37 - 2014-02-24 11:37 - 00008422 _____ () C:\Users\user\AppData\Local\recently-used.xbel
==================== One Month Modified Files and Folders =======
2014-03-24 10:46 - 2014-03-19 08:58 - 00000000 ____D () C:\FRST
2014-03-24 10:45 - 2013-08-12 13:00 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-03-24 10:36 - 2014-03-24 10:36 - 00000000 _____ () C:\Users\user\defogger_reenable
2014-03-24 10:27 - 2013-06-26 15:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-24 10:13 - 2012-09-18 16:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-24 10:12 - 2013-07-09 07:57 - 00000000 ____D () C:\Users\user\AppData\Roaming\FileZilla
2014-03-24 10:04 - 2013-10-24 12:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\.purple
2014-03-24 10:03 - 2013-01-22 11:10 - 01070634 _____ () C:\Windows\WindowsUpdate.log
2014-03-24 10:03 - 2009-07-14 05:51 - 00125889 _____ () C:\Windows\setupact.log
2014-03-24 09:27 - 2013-06-26 15:21 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-24 08:53 - 2014-03-24 08:53 - 00002026 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-03-24 08:53 - 2013-07-09 07:57 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-03-24 08:39 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-24 08:39 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-24 08:36 - 2013-01-22 20:04 - 00699386 _____ () C:\Windows\system32\perfh007.dat
2014-03-24 08:36 - 2013-01-22 20:04 - 00149526 _____ () C:\Windows\system32\perfc007.dat
2014-03-24 08:36 - 2009-07-14 06:13 - 01620488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-24 08:31 - 2010-11-21 04:47 - 00340164 _____ () C:\Windows\PFRO.log
2014-03-24 08:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-24 08:29 - 2014-03-21 11:18 - 00000000 __SHD () C:\DrWeb Quarantine
2014-03-21 13:26 - 2014-03-21 11:15 - 00000000 ____D () C:\Program Files (x86)\DrWeb
2014-03-21 13:22 - 2013-09-02 12:46 - 00000000 ____D () C:\Program Files (x86)\sysTPL
2014-03-21 12:06 - 2014-02-18 10:56 - 00000000 ____D () C:\Program Files\Java
2014-03-21 12:06 - 2013-07-17 13:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-21 11:22 - 2014-03-21 11:20 - 00000314 _____ () C:\Windows\Tasks\Dr.Web Daily scan.job
2014-03-21 11:20 - 2014-03-21 11:20 - 00002994 _____ () C:\Windows\System32\Tasks\Dr.Web Daily scan
2014-03-21 11:20 - 2014-03-21 11:20 - 00000977 _____ () C:\Users\Public\Desktop\Dr.Web Scanner.lnk
2014-03-21 11:20 - 2014-03-21 09:44 - 00000000 ____D () C:\Users\user\Doctor Web
2014-03-21 11:20 - 2013-09-02 12:48 - 00001648 _____ () C:\Windows\Sandboxie.ini
2014-03-21 11:16 - 2014-03-21 11:16 - 00226560 _____ (Doctor Web, Ltd.) C:\Windows\system32\Drivers\dwprot.sys
2014-03-21 11:16 - 2014-03-21 11:16 - 00223960 _____ (Doctor Web, Ltd.) C:\Windows\system32\Drivers\spiderg3.sys
2014-03-21 11:16 - 2014-03-21 11:16 - 00072448 _____ (Doctor Web, Ltd.) C:\Windows\system32\Drivers\dw_wfp.sys
2014-03-21 11:16 - 2014-03-21 11:15 - 00000000 ____D () C:\ProgramData\Doctor Web
2014-03-21 11:15 - 2014-03-21 11:15 - 00000000 ____D () C:\Program Files\Common Files\Doctor Web
2014-03-21 11:12 - 2014-03-20 12:55 - 00000000 ____D () C:\Program Files\Bitdefender
2014-03-21 11:10 - 2014-03-21 11:10 - 00255200 _____ () C:\ProgramData\1395396586.bdinstall.bin
2014-03-21 11:10 - 2014-03-20 12:55 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-03-21 11:10 - 2014-03-20 12:51 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-03-21 09:35 - 2014-03-21 09:26 - 207636488 _____ (Doctor Web, Ltd.) C:\Users\user\Desktop\drweb-700-win-space.exe
2014-03-21 09:34 - 2014-03-21 09:26 - 145210256 _____ () C:\Users\user\Desktop\cureit.exe
2014-03-20 19:13 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-03-20 19:09 - 2013-09-02 11:11 - 00000000 ____D () C:\Users\user\AppData\Roaming\Windows Net Data
2014-03-20 15:38 - 2013-07-09 15:31 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-03-20 14:16 - 2014-03-20 14:13 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-03-20 14:16 - 2014-03-20 12:55 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-03-20 14:15 - 2014-03-20 14:15 - 00868808 _____ () C:\ProgramData\1395316499.bdinstall.bin
2014-03-20 14:15 - 2014-03-20 14:15 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-03-20 14:15 - 2014-03-20 14:15 - 00000385 _____ () C:\Users\user\AppData\Roaminguser_gensett.xml
2014-03-20 14:15 - 2014-03-20 14:14 - 00000000 ____D () C:\ProgramData\BDLogging
2014-03-20 14:14 - 2014-03-20 14:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-03-20 13:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-20 12:54 - 2014-03-20 12:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\QuickScan
2014-03-20 12:52 - 2013-07-09 08:07 - 00000000 ____D () C:\ProgramData\Avira
2014-03-20 08:31 - 2014-03-19 13:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-20 08:31 - 2014-03-19 13:47 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-03-20 08:31 - 2013-07-09 07:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-20 08:31 - 2013-07-09 07:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-20 08:31 - 2009-07-14 05:45 - 00344312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-19 17:50 - 2013-06-26 15:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-19 16:22 - 2014-03-19 16:22 - 00000085 _____ () C:\Windows\wininit.ini
2014-03-19 16:22 - 2014-03-19 13:47 - 00000000 ____D () C:\Users\user\Documents\Anti-Malware
2014-03-19 16:22 - 2014-03-19 13:47 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-19 16:21 - 2013-08-26 15:40 - 00000000 ____D () C:\Users\user\Desktop\Privat
2014-03-19 13:47 - 2014-03-19 13:47 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-19 13:46 - 2014-03-19 13:46 - 00000036 _____ () C:\Users\user\AppData\Local\housecall.guid.cache
2014-03-19 13:41 - 2013-06-26 15:36 - 00000296 _____ () C:\Windows\Tasks\Synology Data Replicator 3-user-PC1-user.job
2014-03-19 13:41 - 2013-06-26 15:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-19 12:30 - 2014-03-19 12:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Malwarebytes
2014-03-19 11:28 - 2014-03-19 11:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-19 10:20 - 2013-08-14 16:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 10:18 - 2013-07-15 07:32 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-19 10:14 - 2013-07-09 12:43 - 00000000 ____D () C:\Users\Peer
2014-03-19 10:14 - 2013-06-25 10:16 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-19 10:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-03-19 10:13 - 2014-03-19 09:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-19 10:13 - 2014-03-19 09:02 - 00000000 ____D () C:\AdwCleaner
2014-03-19 10:13 - 2014-01-08 11:06 - 00000000 ____D () C:\ProgramData\Viewpoint
2014-03-19 10:13 - 2014-01-08 11:06 - 00000000 ____D () C:\Program Files (x86)\Viewpoint
2014-03-19 10:13 - 2013-09-02 12:46 - 00000000 ____D () C:\Users\user\AppData\Roaming\Tlapia
2014-03-19 10:13 - 2013-06-26 15:20 - 00000000 __RHD () C:\MSOCache
2014-03-19 10:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-03-19 09:32 - 2014-03-19 09:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-19 09:27 - 2014-03-19 09:27 - 00000000 ____D () C:\Windows\ERUNT
2014-03-12 12:27 - 2012-09-18 16:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 12:27 - 2012-09-18 16:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 12:27 - 2012-09-18 16:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 14:11 - 2013-07-23 12:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\SuperMailer
2014-03-03 18:03 - 2014-02-28 15:53 - 01593832 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-01 07:05 - 2014-03-19 10:25 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-19 10:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-19 10:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-19 10:25 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-19 10:25 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-19 10:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-19 10:25 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-19 10:25 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-19 10:25 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-19 10:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-19 10:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-19 10:25 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-19 10:25 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-19 10:25 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-19 10:25 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-19 10:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-19 10:25 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-19 10:25 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-19 10:25 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-19 10:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-19 10:25 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-19 10:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-19 10:25 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-19 10:25 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-19 10:25 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-19 10:25 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-19 10:25 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-19 10:25 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-19 10:25 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-19 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-19 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-19 10:25 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-19 10:25 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-19 10:25 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-19 10:25 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-19 10:25 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-19 10:25 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-19 10:25 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-19 10:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-19 10:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\Program Files\iTunes
2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\Program Files\iPod
2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-28 12:32 - 2013-08-19 07:49 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-28 11:53 - 2013-06-25 10:17 - 00086552 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-28 11:52 - 2014-02-14 13:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-28 11:52 - 2014-02-14 12:22 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-02-28 11:52 - 2013-10-24 12:36 - 00000000 ____D () C:\Users\user\AppData\Local\gtk-2.0
2014-02-28 11:52 - 2013-07-15 10:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\PersBackup5
2014-02-28 11:52 - 2013-07-09 13:57 - 00000000 ____D () C:\Users\user\AppData\Roaming\IrfanView
2014-02-28 11:52 - 2013-06-26 15:21 - 00000000 ____D () C:\Users\user\AppData\Local\Microsoft Help
2014-02-28 11:52 - 2012-09-18 16:49 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-02-28 11:52 - 2012-09-18 16:49 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-28 11:51 - 2013-07-09 13:52 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-28 11:15 - 2014-02-28 11:15 - 01071000 _____ (Solid State Networks) C:\Users\user\Downloads\install_flashplayer12x32_mssd_aaa_aih.exe
2014-02-28 10:35 - 2012-09-18 16:48 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-28 10:32 - 2014-02-24 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-27 10:44 - 2014-02-27 10:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\PDAppFlex
2014-02-27 10:44 - 2014-02-27 10:44 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-24 11:43 - 2013-09-11 09:20 - 00000000 ____D () C:\Users\user\.gimp-2.8
2014-02-24 11:37 - 2014-02-24 11:37 - 00008422 _____ () C:\Users\user\AppData\Local\recently-used.xbel
Files to move or delete:
====================
C:\Users\user\RevMan_5_2_7_update_windows_java6.exe
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\install_reader11_de_mssd_aaa_aih.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-21 18:47
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by user at 2014-03-24 10:46:23
Running from D:\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Doctor Web Anti-Virus (Enabled - Up to date) {A8C161B2-600A-42FD-97E0-4C12952A9FEC}
AS: Doctor Web Anti-Virus (Enabled - Up to date) {13A08056-4630-4D73-AD50-7760EEADD551}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
clear.fi SDK - MVP 2 (x32 Version: 2.0.1505 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.0.1502 - CyberLink Corp.) Hidden
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Accelerated Video Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{D386AA62-CC9D-213D-BCD3-1FF53F7B8BAC}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.70223.0019 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0223.107.1652 - Ihr Firmenname) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.8.1 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-9840CDW (HKLM-x32\...\{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Catalyst Control Center InstallProxy (x32 Version: 2012.0223.107.1652 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0223.107.1652 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0223.107.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0223.107.1652 - Advanced Micro Devices, Inc.) Hidden
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3004 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3004 - Acer Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft)
Dr.Web Security Space 7.0 (HKLM-x32\...\{1D3EC754-CBE5-4495-808B-43C461A4A3A8}) (Version: 7.0.2.02040 - Doctor Web, Ltd.)
EaseUS Partition Master 9.2.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
EndNote X6 (HKLM-x32\...\{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}) (Version: 16.0.0.6348 - Thomson Reuters)
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FileOpen Client B928 (HKLM\...\FileOpenClient_is1) (Version: B928 - FileOpen Systems, Inc.)
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3510 - Acer Incorporated)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
Nero Control Center 10 (x32 Version: 10.6.13200.0.12 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20500.9.16 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.6.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10600.4.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.10022.15.0 - Nero AG) Hidden
PDF Password Remover v3.1 (HKLM-x32\...\PDF Password Remover v3.1_is1) (Version: - VeryPDF.com Inc)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Personal Backup 5.5 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.56.316.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - )
Review Manager 5.2.6 (HKLM-x32\...\0222-0618-0114-4896) (Version: 5.2.6 - The Nordic Cochrane Centre, Rigshospitalet)
Sandboxie 4.04 (64-bit) (HKLM\...\Sandboxie) (Version: 4.04 - Sandboxie Holdings, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SuperMailer 7.11 (HKLM\...\Newsletter Software SuperMailer (x64)_is1) (Version: 7.11 - Mirko Boeer Softwareentwicklungen)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
sysTPL (HKLM-x32\...\{59E3B807-2D5A-4AAE-A6C7-62F9A1615E84}) (Version: 1.0.0 - Tlapia)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.19617 - TeamViewer)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
TP-LINK Wireless Client Utility (HKLM-x32\...\{1E03C8BE-0848-430F-BECA-7D7709401626}) (Version: 7.0 - TP-LINK)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
21-03-2014 23:00:01 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {084DC814-72AB-45BF-ABF8-1BEA08CFEA16} - System32\Tasks\{11DB70DD-9907-4644-84A4-AB87C2FB3652} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {12519CD9-29A2-4AE2-9AE4-4A74913A0933} - System32\Tasks\{7DD5053C-2414-443B-B178-DED91B1ACC24} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {153C6A60-150E-47A2-8EFA-6FE750582906} - System32\Tasks\{12CB2061-F527-4187-BEC5-09FA85DB5B9A} => Chrome.exe hxxp://ui.skype.com/ui/0/4.2.0.187/de/go/help.faq.installer?LastError=1603
Task: {1FD6A748-B2A0-4563-A86B-11B6AAE2E86C} - System32\Tasks\{9BFA2FDC-A1F6-45B3-B8C2-98A1DF085C26} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {260AB360-E929-4249-B2E2-04AEB4630FA2} - System32\Tasks\{FBAA3862-A672-405B-8E4F-88FD519EFAF3} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {34803226-F4C8-402C-83E7-3190C7D4CE3E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {357A9096-350F-422D-9394-B1A6A5625A70} - System32\Tasks\Backup Voss => C:\Program Files (x86)\AceBIT\AceBackup 3\AceBackup.exe
Task: {3D2F6278-9C85-441E-91F3-2CEBCC4737F6} - System32\Tasks\{F37A84DD-E48C-4EAE-B793-806D522EE909} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {3FF728E8-5B6B-43CE-8B30-9D3E71FBCE4A} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {567C9320-1349-472C-BE87-663C19340F6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)
Task: {582A03C6-9B18-42A3-9266-3D4E348C5B38} - System32\Tasks\{D598A2A6-708B-49AB-ACCA-542375BAD6E8} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {5DAC6992-43CE-4B01-99C9-F6A267B7A287} - System32\Tasks\{E89F9153-83AC-48D7-8595-590BB8882F68} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {62FF86FE-33AC-4637-AD5A-B56282721193} - System32\Tasks\{DB17BA99-2596-46E2-BE92-62FCB7F85ED7} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {652CB9E6-E14E-4D89-9562-553F1E3DD006} - System32\Tasks\{4D4DCA89-C2F5-455B-8403-AE5FC44DC5E2} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {69497C6E-7B66-4160-9C24-F06ABD824156} - System32\Tasks\{CE2BFDEF-10DC-419E-A659-AB56A6ABFF7A} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {6B87273D-193C-4451-890C-0B3EA8B2023E} - System32\Tasks\{69EB7934-A168-4869-8988-5231202BBA59} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {6FD856F5-E77C-4546-9E4C-E49E37277CAA} - System32\Tasks\{3EECE108-0841-46A3-ADCD-4F8632FDD8FB} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {741A846A-BA46-4E9F-98AF-85ED502D3A35} - System32\Tasks\{8292B859-F559-4E5C-A055-63E708863A65} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {7C653056-E3F6-434F-AA6B-DD10CD31A45D} - System32\Tasks\{8AF8B8F8-AA89-4E66-9F29-44ECE112006B} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {89315E01-8CB7-40A7-8D3D-7AD20465C07B} - System32\Tasks\{E33956E6-69F4-40E8-B95C-4CA33C32BAE1} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {8C180B9C-D80F-49A2-B1BA-87A89C015F4B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)
Task: {9760257B-72B4-41D9-8669-C7D5AC263B5A} - System32\Tasks\{ACE3A342-BA13-4E92-B18A-EAD9B79175BE} => Chrome.exe hxxp://ui.skype.com/ui/0/4.2.0.187/de/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2
Task: {9DC3EE91-8AA9-442F-8CEB-4782610C918E} - System32\Tasks\Synology Data Replicator 3-user-PC1-user => C:\Program Files (x86)\Synology Data Replicator 3\Backup.exe
Task: {9FF05709-D6C0-469B-8975-5B26442D49D9} - System32\Tasks\{AC4A36EA-9E43-4711-856C-5698AC9DB8C9} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {A8D8E0DF-0536-4DED-819A-36D7BB124539} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-07] (Acer Incorporated)
Task: {ACDC197C-0C02-4BE0-927E-D7221C57BC79} - System32\Tasks\{531F6726-F145-49C7-BAC8-5C60BA981A75} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {B07767DC-88C1-4755-86A5-A1C5A1B1D22B} - System32\Tasks\{B9EC5CF5-9834-44EC-9A1D-EA3FC8AD33A9} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {BB7CB864-4FC2-4BB8-B5B6-12FD6C69CC0A} - System32\Tasks\Dr.Web Daily scan => C:\Program Files (x86)\DrWeb\dwscanner.exe [2014-03-21] (Doctor Web, Ltd.)
Task: {C43EC51F-97B0-446C-9ABC-E737AEBFE220} - System32\Tasks\{5E3B5E45-E767-4F58-B0BF-43A0042A58F3} => Chrome.exe hxxp://ui.skype.com/ui/0/4.2.0.187/de/go/help.faq.installer?LastError=1603
Task: {D4A9B934-E91D-4EDC-BCA0-5E881D5FA9DC} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {E7637302-77C7-447F-8D5E-4118F4BC1437} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E798CA12-83D8-4E02-A042-0A5944A4CA80} - System32\Tasks\{40AFB9C4-ACA7-4061-B19F-D7CE1B9909AD} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {ED983E02-B4B8-48EC-BCDC-22964CB6E652} - System32\Tasks\{761B746B-37D9-450C-B115-488201E9849E} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {F48D345D-938D-4BE6-BA61-65E0E93A98E9} - System32\Tasks\{BDA07002-8A6A-4046-8BA5-B18B092CE1BC} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {F96B503B-FC45-4AFB-A117-CA44D97B1C41} - System32\Tasks\{AB4B1746-25BC-4750-A0C1-13D312123DD2} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {F97C37BD-B55C-4C86-B77C-28EBB87F8E92} - System32\Tasks\{5FD2C771-4A5C-43C0-822E-AD12E85D279E} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {FF379477-40EA-4228-B4F4-09C4598D6506} - System32\Tasks\{88534142-E0B8-49BF-B52E-097B64AE0AD1} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Backup Voss.job => C:\Program Files (x86)\AceBIT\AceBackup 3\AceBackup.exe
Task: C:\Windows\Tasks\Dr.Web Daily scan.job => C:\Program Files (x86)\DrWeb\dwscanner.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Synology Data Replicator 3-user-PC1-user.job => C:\Program Files (x86)\Synology Data Replicator 3\Backup.exe
==================== Loaded Modules (whitelisted) =============
2013-07-09 14:31 - 2005-04-22 12:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-02-07 03:17 - 2012-02-07 03:17 - 00636520 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2012-02-23 01:59 - 2012-02-23 01:59 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-07 03:18 - 2012-02-07 03:18 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2013-07-09 14:31 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-02-13 05:44 - 2013-02-13 05:44 - 00028160 _____ () C:\Program Files (x86)\Pidgin\libssp-0.dll
2013-02-13 05:44 - 2013-02-13 05:44 - 00671031 _____ () C:\Program Files (x86)\Pidgin\exchndl.dll
2013-10-24 12:20 - 2013-10-24 12:20 - 00904525 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
2013-10-24 12:20 - 2013-10-24 12:20 - 00279059 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
2013-10-24 12:20 - 2013-10-24 12:20 - 00177586 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
2013-10-24 12:20 - 2013-10-24 12:20 - 00553382 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
2013-10-24 12:20 - 2013-10-24 12:20 - 00216992 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
2013-10-24 12:20 - 2013-10-24 12:20 - 00100352 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
2013-02-13 05:43 - 2013-02-13 05:43 - 01274655 _____ () C:\Program Files (x86)\Pidgin\libxml2-2.dll
2013-02-13 05:44 - 2013-02-13 05:44 - 00475580 _____ () C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00020997 _____ () C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00013253 _____ () C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00024924 _____ () C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00015702 _____ () C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00014147 _____ () C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00018882 _____ () C:\Program Files (x86)\Pidgin\plugins\history.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00012865 _____ () C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00019043 _____ () C:\Program Files (x86)\Pidgin\plugins\idle.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00018555 _____ () C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00015074 _____ () C:\Program Files (x86)\Pidgin\plugins\libaim.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00310491 _____ () C:\Program Files (x86)\Pidgin\liboscar.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00092874 _____ () C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00209619 _____ () C:\Program Files (x86)\Pidgin\plugins\libgg.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00016005 _____ () C:\Program Files (x86)\Pidgin\plugins\libicq.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00105620 _____ () C:\Program Files (x86)\Pidgin\plugins\libirc.dll
2013-02-13 05:43 - 2013-02-13 05:43 - 00190464 _____ () C:\Program Files (x86)\Pidgin\libsasl.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00373657 _____ () C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00149933 _____ () C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00106670 _____ () C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00123540 _____ () C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00116583 _____ () C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
2013-02-13 05:43 - 2013-02-13 05:43 - 00152852 _____ () C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00171090 _____ () C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
2013-02-13 05:43 - 2013-02-13 05:43 - 02097721 _____ () C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
2013-02-13 05:43 - 2013-02-13 05:43 - 00818985 _____ () C:\Program Files (x86)\Pidgin\libsilcclient-1-1-3.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00055758 _____ () C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00021337 _____ () C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00415553 _____ () C:\Program Files (x86)\Pidgin\libjabber.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00022832 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00228908 _____ () C:\Program Files (x86)\Pidgin\libymsg.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00019793 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00047391 _____ () C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00021795 _____ () C:\Program Files (x86)\Pidgin\plugins\markerline.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00013456 _____ () C:\Program Files (x86)\Pidgin\plugins\newline.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00029225 _____ () C:\Program Files (x86)\Pidgin\plugins\notify.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00017023 _____ () C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
2012-09-09 14:17 - 2012-09-09 14:17 - 00472576 _____ () C:\Program Files (x86)\Pidgin\plugins\pidgin-otr.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00029256 _____ () C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00015380 _____ () C:\Program Files (x86)\Pidgin\plugins\psychic.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00015429 _____ () C:\Program Files (x86)\Pidgin\plugins\relnot.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00015045 _____ () C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00069575 _____ () C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00027811 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00012004 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00015978 _____ () C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00030353 _____ () C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00032020 _____ () C:\Program Files (x86)\Pidgin\plugins\ticker.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00018399 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00023305 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00029791 _____ () C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00030771 _____ () C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00037191 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00044494 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
2013-02-13 05:43 - 2013-02-13 05:43 - 00102400 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslANONYMOUS.dll
2013-02-13 05:43 - 2013-02-13 05:43 - 00115712 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslCRAMMD5.dll
2013-02-13 05:43 - 2013-02-13 05:43 - 00140288 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslDIGESTMD5.dll
2013-02-13 05:43 - 2013-02-13 05:43 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslLOGIN.dll
2013-02-13 05:43 - 2013-02-13 05:43 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslPLAIN.dll
2013-02-13 05:44 - 2013-02-13 05:44 - 00425984 _____ () C:\Program Files (x86)\Pidgin\sqlite3.dll
2013-10-24 12:20 - 2013-10-24 12:20 - 00090496 _____ () C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2014-03-19 15:35 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-02-11 20:29 - 2014-02-11 20:29 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-03-19 15:35 - 2014-03-15 01:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-19 15:35 - 2014-03-15 01:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-19 15:35 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-19 15:35 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-19 15:35 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-19 15:35 - 2014-03-15 01:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\user\Desktop\cureit.exe:BDU
AlternateDataStreams: C:\Users\user\Desktop\drweb-700-win-space.exe:BDU
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DrWebEngine => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DrWebEngine => ""="Service"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/24/2014 10:44:47 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: filezilla.exe, Version: 3.7.4.1, Zeitstempel: 0x52fa7a11
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00038e19
ID des fehlerhaften Prozesses: 0xdfc
Startzeit der fehlerhaften Anwendung: 0xfilezilla.exe0
Pfad der fehlerhaften Anwendung: filezilla.exe1
Pfad des fehlerhaften Moduls: filezilla.exe2
Berichtskennung: filezilla.exe3
Error: (03/24/2014 08:32:31 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/21/2014 06:54:18 PM) (Source: SPP) (User: )
Description: Fehler beim Löschen der Schattenkopie "\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\" auf Volume "\\?\Volume{87c6ee29-de60-11e2-b588-f80f415765c1}\".
VSS-Fehler: Das angegebene Objekt wurde nicht gefunden. (0x80042308)
Benutzeraktion
Wiederholen Sie den Löschvorgang, oder öffnen Sie das Ereignisprotokoll, um zugehörige VSS-Einträge anzuzeigen.
Error: (03/21/2014 01:11:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/21/2014 11:58:49 AM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.16521 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: d88
Startzeit: 01cf44f429d6a0aa
Endzeit: 62
Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe
Berichts-ID: c301976a-b0e7-11e3-a364-f80f415765c1
Error: (03/21/2014 11:22:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/21/2014 11:13:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/21/2014 11:08:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/21/2014 09:45:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/21/2014 08:35:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (03/24/2014 08:31:57 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mfewfpk
Error: (03/24/2014 08:31:50 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee OOBE Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/24/2014 08:31:46 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126
Error: (03/21/2014 01:10:43 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mfewfpk
Error: (03/21/2014 01:10:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee OOBE Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/21/2014 01:10:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126
Error: (03/21/2014 11:22:12 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mfewfpk
Error: (03/21/2014 11:22:04 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee OOBE Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/21/2014 11:22:04 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126
Error: (03/21/2014 11:12:21 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mfewfpk
Microsoft Office Sessions:
=========================
Error: (03/24/2014 10:44:47 AM) (Source: Application Error)(User: )
Description: filezilla.exe3.7.4.152fa7a11ntdll.dll6.1.7601.18247521ea8e7c000000500038e19dfc01cf473626600069C:\Program Files (x86)\FileZilla FTP Client\filezilla.exeC:\Windows\SysWOW64\ntdll.dllef72209c-b338-11e3-881c-f80f415765c1
Error: (03/24/2014 08:32:31 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/21/2014 06:54:18 PM) (Source: SPP)(User: )
Description: \\?\Volume{87c6ee29-de60-11e2-b588-f80f415765c1}\\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\Das angegebene Objekt wurde nicht gefunden. (0x80042308)
Error: (03/21/2014 01:11:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/21/2014 11:58:49 AM) (Source: Application Hang)(User: )
Description: iexplore.exe11.0.9600.16521d8801cf44f429d6a0aa62C:\Program Files\Internet Explorer\iexplore.exec301976a-b0e7-11e3-a364-f80f415765c1
Error: (03/21/2014 11:22:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/21/2014 11:13:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/21/2014 11:08:24 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/21/2014 09:45:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/21/2014 08:35:09 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 11731.65 MB
Available physical RAM: 9773.46 MB
Total Pagefile: 23461.48 MB
Available Pagefile: 20315.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:146.73 GB) (Free:64.32 GB) NTFS
Drive d: (Volume) (Fixed) (Total:764.17 GB) (Free:747.97 GB) NTFS
Drive z: (Shared) (Network) (Total:913.94 GB) (Free:566.56 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8BEBDBAB)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Not Active) - (Size=21 GB) - (Type=27)
Partition 3: (Active) - (Size=100 MB) - (Type=42)
Partition 4: (Not Active) - (Size=147 GB) - (Type=42)
==================== End Of Log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:36 on 24/03/2014 (user)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-24 11:12:39
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006a ST1000DM rev.CC44 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\user\AppData\Local\Temp\fxtdapob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031f7000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594 fffff800031f7042 4 bytes [00, 00, 00, 00]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\DrWeb\spideragent.exe[2812] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075568769 5 bytes [33, C0, C2, 04, 00]
.text C:\Program Files (x86)\Pidgin\pidgin.exe[3424] C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll!purple_init_plugin + 10 000000006ebd1ce2 4 bytes [40, 90, AC, 68]
.text C:\Program Files (x86)\Pidgin\pidgin.exe[3424] C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll!purple_init_plugin + 160 000000006ebd1d78 4 bytes [40, 90, AC, 68]
.text C:\Program Files (x86)\DrWeb\SpiderAgent_Adm.exe[6676] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075568769 5 bytes [33, C0, C2, 04, 00]
.text C:\Program Files (x86)\DrWeb\spideragent.exe[5028] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075568769 5 bytes [33, C0, C2, 04, 00]
---- EOF - GMER 2.1 ----
Fehlt noch etwas? Vielen Dank für die Hilfe und viele Grüße, Peer |
|
24.03.2014, 12:02
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Trojaner Proxy-Server 127.0.0.1 Port: 8877 hi,
__________________Scan mit Combofix
__________________ |
|
24.03.2014, 12:38
| #3 |
| | Windows 7: Trojaner Proxy-Server 127.0.0.1 Port: 8877 Hi,
__________________und los gehts: Code:
ATTFilter ComboFix 14-03-24.01 - user 24.03.2014 12:17:28.1.4 - x64
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1395316499.bdinstall.bin
c:\programdata\1395396586.bdinstall.bin
c:\windows\wininit.ini
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vpnagent
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-02-24 bis 2014-03-24 ))))))))))))))))))))))))))))))
.
.
2014-03-21 10:18 . 2014-03-24 07:29 -------- d-sh--w- C:\DrWeb Quarantine
2014-03-21 10:15 . 2014-03-24 11:12 -------- d-----w- c:\programdata\Doctor Web
2014-03-21 10:15 . 2014-03-24 11:12 -------- d-----w- c:\program files (x86)\DrWeb
2014-03-21 08:44 . 2014-03-21 10:20 -------- d-----w- c:\users\user\Doctor Web
2014-03-20 13:14 . 2009-07-14 23:21 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-03-20 13:14 . 2014-03-20 13:15 -------- d-----w- c:\programdata\BDLogging
2014-03-20 13:13 . 2014-03-20 13:16 74512 ----a-w- c:\windows\SysWow64\bdsandboxuiskin32.dll
2014-03-20 13:13 . 2007-04-11 09:11 511328 ----a-w- c:\windows\capicom.dll
2014-03-20 11:55 . 2014-03-21 10:10 -------- d-----w- c:\programdata\Bitdefender
2014-03-20 11:55 . 2014-03-20 13:16 74512 ----a-w- c:\windows\system32\bdsandboxuiskin32.dll
2014-03-20 11:55 . 2013-11-04 14:47 84848 ----a-w- c:\windows\system32\BDSandBoxUISkin.dll
2014-03-20 11:55 . 2013-11-04 14:46 34384 ----a-w- c:\windows\system32\BDSandBoxUH.dll
2014-03-20 11:55 . 2014-03-21 10:12 -------- d-----w- c:\program files\Bitdefender
2014-03-20 11:54 . 2014-03-20 11:54 -------- d-----w- c:\users\user\AppData\Roaming\QuickScan
2014-03-20 11:51 . 2014-03-21 10:10 -------- d-----w- c:\program files\Common Files\Bitdefender
2014-03-20 11:51 . 2014-03-20 11:51 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2014-03-19 12:47 . 2014-03-20 07:31 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2014-03-19 12:47 . 2014-03-19 15:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-03-19 12:47 . 2014-03-20 07:31 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-03-19 11:30 . 2014-03-19 11:30 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2014-03-19 10:28 . 2014-03-19 10:28 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2014-03-19 09:22 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-19 09:22 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-19 09:22 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-19 09:22 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-19 08:32 . 2014-03-19 08:32 -------- d-----w- c:\programdata\Malwarebytes
2014-03-19 08:32 . 2014-03-19 09:13 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-03-19 08:27 . 2014-03-19 08:27 -------- d-----w- c:\windows\ERUNT
2014-03-19 08:02 . 2014-03-19 09:13 -------- d-----w- C:\AdwCleaner
2014-03-19 07:58 . 2014-03-24 09:46 -------- d-----w- C:\FRST
2014-02-28 14:52 . 2014-02-28 14:52 -------- d-----w- c:\windows\Migration
2014-02-28 11:37 . 2014-02-28 11:37 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-28 11:37 . 2014-02-28 11:37 -------- d-----w- c:\program files\iTunes
2014-02-28 11:37 . 2014-02-28 11:37 -------- d-----w- c:\program files (x86)\iTunes
2014-02-28 11:37 . 2014-02-28 11:37 -------- d-----w- c:\program files\iPod
2014-02-28 11:32 . 2014-02-28 11:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-02-28 11:32 . 2014-02-28 11:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-02-28 11:32 . 2014-02-28 11:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-02-28 11:32 . 2014-02-28 11:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-02-28 11:32 . 2014-02-28 11:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-02-27 09:44 . 2014-02-27 09:44 -------- d-----w- c:\users\user\AppData\Roaming\PDAppFlex
2014-02-27 09:44 . 2014-02-27 09:44 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2014-02-24 12:04 . 2014-02-28 09:32 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-19 09:18 . 2013-07-15 06:32 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-12 11:27 . 2012-09-18 15:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 11:27 . 2012-09-18 15:49 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-18 09:56 . 2014-02-18 09:56 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-02-18 09:56 . 2014-02-18 09:56 312744 ----a-w- c:\windows\system32\javaws.exe
2014-02-18 09:56 . 2014-02-18 09:56 189352 ----a-w- c:\windows\system32\javaw.exe
2014-02-18 09:56 . 2014-02-18 09:56 189352 ----a-w- c:\windows\system32\java.exe
2014-01-17 15:24 . 2014-01-17 15:24 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2014-01-17 15:24 . 2014-01-17 15:24 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2014-01-08 11:15 . 2014-01-08 11:23 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe
2013-12-24 23:09 . 2014-02-12 14:18 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-12 14:18 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-07-08 759384]
"GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-03-15 859976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-06-21 341360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-23 630912]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2012-02-07 636520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"sysTPL"="c:\program files (x86)\sysTPL\sysTPL.exe" [2014-03-20 1244440]
"EaseUS EPM tray"="c:\program files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe" [2013-03-29 2081792]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-10-10 707984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys]
@="Driver"
.
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
R2 0257671347983765mcinstcleanup;McAfee Application Installer Cleanup (0257671347983765);c:\users\ADMINI~1\AppData\Local\Temp\025767~1.EXE;c:\users\ADMINI~1\AppData\Local\Temp\025767~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 BRDriver64;BRDriver64;c:\programdata\bitraider\BRDriver64.sys;c:\programdata\bitraider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 PCDSRVC{1AD96DDB-27B07940-06020200}_0;PCDSRVC{1AD96DDB-27B07940-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\administrator\appdata\local\temp\bjxq9ais9o1y\pcdrdiag\bin\pcdsrvc_x64.pkms;c:\users\administrator\appdata\local\temp\bjxq9ais9o1y\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 FileOpenManager;FileOpen Manager;c:\program files\FileOpen\Services\FileOpenManager64.exe;c:\program files\FileOpen\Services\FileOpenManager64.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 sysTPLMonitor.exe;sysTPLMonitor;c:\program files (x86)\sysTPL\sysTPLMonitor.exe;c:\program files (x86)\sysTPL\sysTPLMonitor.exe [x]
S2 sysTPLService.exe;sysTPLService;c:\program files (x86)\sysTPL\sysTPLService.exe;c:\program files (x86)\sysTPL\sysTPLService.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-19 14:34 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-18 11:27]
.
2014-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26 14:21]
.
2014-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26 14:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-20 13374568]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\ootag.exe" [2010-02-23 13856]
"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker64.exe" [2013-03-26 1589104]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:8877
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\dz2302to.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse-Agent - c:\program files\Bitdefender\Bitdefender\pmbxag.exe
Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse - c:\program files\Bitdefender\Bitdefender\pwdmanui.exe
Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse-Anwendungs-Agent - c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-InstallerLauncher - c:\program files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe
AddRemove-Adobe Flash Player Plugin - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1AD96DDB-27B07940-06020200}_0]
"ImagePath"="\??\c:\users\administrator\appdata\local\temp\bjxq9ais9o1y\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-03-24 12:36:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-03-24 11:36
.
Vor Suchlauf: 11 Verzeichnis(se), 69.975.511.040 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 70.388.936.704 Bytes frei
.
- - End Of File - - 32581ADB6DFD7391A8534F2E6A771348
A36C5E4F47E84449FF07ED3517B43A31
|
|
25.03.2014, 09:59
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Trojaner Proxy-Server 127.0.0.1 Port: 8877 Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.03.2014, 14:06
| #5 |
| | Windows 7: Trojaner Proxy-Server 127.0.0.1 Port: 8877 Hi, hier das Malwarebytes Anti-Malware Log Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 25.03.2014 Scan Time: 11:04:09 Logfile: Administrator: Yes Version: 2.00.0.1000 Malware Database: v2014.03.25.02 Rootkit Database: v2014.03.18.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: user Scan Type: Threat Scan Result: Completed Objects Scanned: 299096 Time Elapsed: 9 min, 24 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Hier das AdwCleaner Log: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 19/03/2014 um 09:04:35
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : user - PC-VOSS
# Gestartet von : D:\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\Program Files (x86)\Viewpoint
Ordner Gelöscht : C:\Windows\SysWOW64\AI_RecycleBin
Ordner Gelöscht : C:\users\user\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\users\user\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\users\user\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\users\user\AppData\Roaming\Tlapia
Ordner Gelöscht : C:\users\user\AppData\Roaming\Windows Net Data
Datei Gelöscht : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
Datei Gelöscht : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\dz2302to.default\user.js
Datei Gelöscht : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage
Datei Gelöscht : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage-journal
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\Software\MetaStream
Schlüssel Gelöscht : HKLM\Software\Viewpoint
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\dz2302to.default\prefs.js ]
-\\ Google Chrome v33.0.1750.154
[ Datei : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
[ Datei : C:\Users\Peer\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
Gelöscht : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [8493 octets] - [19/03/2014 09:02:50]
AdwCleaner[S0].txt - [5676 octets] - [19/03/2014 09:04:35]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5736 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 25/03/2014 um 11:24:06
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : user - PC-VOSS
# Gestartet von : D:\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\Program Files (x86)\Viewpoint
Ordner Gelöscht : C:\users\user\AppData\Roaming\Tlapia
Ordner Gelöscht : C:\users\user\AppData\Roaming\Windows Net Data
Datei Gelöscht : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
Datei Gelöscht : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\dz2302to.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\MetaStream
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\dz2302to.default\prefs.js ]
-\\ Google Chrome v33.0.1750.154
[ Datei : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\Peer\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [14142 octets] - [19/03/2014 09:02:50]
AdwCleaner[S0].txt - [9678 octets] - [19/03/2014 09:04:35]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9738 octets] ##########
Und hier das Log von Junkware Removal Tool: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by user on 25.03.2014 at 11:33:14,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\dz2302to.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.03.2014 at 11:41:12,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ich bin schon echt gespannt. Vielen Dank vorab für die schnelle Hilfe!!! und hier noch das frische FRST.txt.Log: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by user (administrator) on PC-VOSS on 25-03-2014 14:05:47 Running from D:\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (AMD) C:\Windows\system32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPL.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Microsoft Corporation) C:\Windows\system32\prevhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPLService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-20] (Realtek Semiconductor) HKLM\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft) HKLM\...\Run: [FileOpenBroker] - C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1589104 2013-03-26] (FileOpen Systems Inc.) HKLM\...\Run: [InstallerLauncher] - "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe" HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-21] (Egis Technology Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-23] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [636520 2012-02-07] () HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [sysTPL] - C:\Program Files (x86)\sysTPL\sysTPL.exe [1244440 2014-03-20] (Tlapia) HKLM-x32\...\Run: [EaseUS EPM tray] - C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-1815366113-400607504-2382787183-1000\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759384 2013-07-08] (Sandboxie Holdings, LLC) HKU\S-1-5-21-1815366113-400607504-2382787183-1000\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-15] (Google Inc.) ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8877 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEBF65258922CCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll No File BHO: No Name - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File BHO-x32: No Name - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\dz2302to.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll No File FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore Chrome: ======= CHR HomePage: hxxp://www.google.com CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-26] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-26] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-26] CHR Extension: (GMX MailCheck) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2014-02-28] CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-26] CHR Extension: (HTML5 Video für YouTube™) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dolajcekhnohkpncmhgledbmndjpblei [2014-02-28] CHR Extension: (Drucken) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd [2013-09-24] CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03] CHR Extension: (YouTube Unblocker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2013-10-18] CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-26] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-06-26] ==================== Services (Whitelisted) ================= S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [476936 2013-08-27] (BitRaider, LLC) R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [337264 2013-03-19] (FileOpen Systems Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC) R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [399640 2014-03-20] (Tlapia) R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [400664 2014-03-20] (Tlapia) S2 0257671347983765mcinstcleanup; C:\Users\ADMINI~1\AppData\Local\Temp\025767~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X] S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [X] S2 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X] ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-25] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.) S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X] S0 mfewfpk; system32\drivers\mfewfpk.sys [X] S3 PCDSRVC{1AD96DDB-27B07940-06020200}_0; \??\c:\users\administrator\appdata\local\temp\bjxq9ais9o1y\pcdrdiag\bin\pcdsrvc_x64.pkms [X] S3 wanatw; system32\DRIVERS\wanatw64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-25 10:49 - 2014-03-25 11:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-25 10:48 - 2014-03-25 10:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-25 10:48 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-25 10:48 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-25 10:48 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-24 12:37 - 2014-03-24 12:37 - 00023377 _____ () C:\ComboFix.txt 2014-03-24 12:16 - 2014-03-24 12:37 - 00000000 ____D () C:\Qoobox 2014-03-24 12:16 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-03-24 12:16 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-03-24 12:16 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-03-24 12:16 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-03-24 12:16 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-03-24 12:16 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-03-24 12:16 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-03-24 12:16 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-03-24 12:15 - 2014-03-24 12:34 - 00000000 ____D () C:\Windows\erdnt 2014-03-24 10:36 - 2014-03-24 10:36 - 00000000 _____ () C:\Users\user\defogger_reenable 2014-03-24 08:53 - 2014-03-24 08:53 - 00002026 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk 2014-03-21 11:18 - 2014-03-24 08:29 - 00000000 __SHD () C:\DrWeb Quarantine 2014-03-21 11:15 - 2014-03-24 12:12 - 00000000 ____D () C:\ProgramData\Doctor Web 2014-03-21 11:15 - 2014-03-24 12:12 - 00000000 ____D () C:\Program Files (x86)\DrWeb 2014-03-21 09:44 - 2014-03-21 11:20 - 00000000 ____D () C:\Users\user\Doctor Web 2014-03-20 14:15 - 2014-03-20 14:15 - 00000385 _____ () C:\Windows\system32\user_gensett.xml 2014-03-20 14:15 - 2014-03-20 14:15 - 00000385 _____ () C:\Users\user\AppData\Roaminguser_gensett.xml 2014-03-20 14:14 - 2014-03-20 14:15 - 00000000 ____D () C:\ProgramData\BDLogging 2014-03-20 14:14 - 2014-03-20 14:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf 2014-03-20 14:14 - 2009-07-15 00:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll 2014-03-20 14:13 - 2014-03-20 14:16 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll 2014-03-20 14:13 - 2007-04-11 10:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll 2014-03-20 12:55 - 2014-03-21 11:12 - 00000000 ____D () C:\Program Files\Bitdefender 2014-03-20 12:55 - 2014-03-21 11:10 - 00000000 ____D () C:\ProgramData\Bitdefender 2014-03-20 12:55 - 2014-03-20 14:16 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll 2014-03-20 12:55 - 2013-11-04 15:47 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll 2014-03-20 12:55 - 2013-11-04 15:46 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll 2014-03-20 12:54 - 2014-03-20 12:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\QuickScan 2014-03-20 12:51 - 2014-03-21 11:10 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender 2014-03-19 13:47 - 2014-03-20 08:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-03-19 13:47 - 2014-03-20 08:31 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2014-03-19 13:47 - 2014-03-19 16:22 - 00000000 ____D () C:\Users\user\Documents\Anti-Malware 2014-03-19 13:47 - 2014-03-19 16:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-03-19 13:47 - 2014-03-19 13:47 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-03-19 13:46 - 2014-03-19 13:46 - 00000036 _____ () C:\Users\user\AppData\Local\housecall.guid.cache 2014-03-19 12:30 - 2014-03-19 12:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Malwarebytes 2014-03-19 11:28 - 2014-03-19 11:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-19 10:25 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-19 10:25 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-19 10:25 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-19 10:25 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-19 10:25 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-19 10:25 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-19 10:25 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-19 10:25 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-19 10:25 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-19 10:25 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-19 10:25 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-19 10:25 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-19 10:25 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-19 10:25 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-19 10:25 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-19 10:25 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-19 10:25 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-19 10:25 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-19 10:25 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-19 10:25 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-19 10:25 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-19 10:25 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-19 10:25 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-19 10:25 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-19 10:25 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-19 10:25 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-19 10:25 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-19 10:25 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-19 10:25 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-19 10:25 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-19 10:25 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-19 10:25 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-19 10:25 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-19 10:25 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-19 10:25 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-19 10:25 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-19 10:25 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-19 10:25 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-19 10:25 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-19 10:25 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-19 10:25 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-19 10:25 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-19 10:25 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-19 10:25 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-19 10:22 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-19 10:22 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-19 10:22 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-19 10:22 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-19 09:32 - 2014-03-25 10:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-19 09:32 - 2014-03-19 10:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-03-19 09:27 - 2014-03-19 09:27 - 00000000 ____D () C:\Windows\ERUNT 2014-03-19 09:02 - 2014-03-25 11:24 - 00000000 ____D () C:\AdwCleaner 2014-03-19 08:58 - 2014-03-25 14:05 - 00000000 ____D () C:\FRST 2014-02-28 15:53 - 2014-03-03 18:03 - 01593832 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\Program Files\iTunes 2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\Program Files\iPod 2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-02-28 11:15 - 2014-02-28 11:15 - 01071000 _____ (Solid State Networks) C:\Users\user\Downloads\install_flashplayer12x32_mssd_aaa_aih.exe 2014-02-27 10:44 - 2014-02-27 10:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\PDAppFlex 2014-02-27 10:44 - 2014-02-27 10:44 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe 2014-02-24 13:04 - 2014-02-28 10:32 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-02-24 11:37 - 2014-02-24 11:37 - 00008422 _____ () C:\Users\user\AppData\Local\recently-used.xbel ==================== One Month Modified Files and Folders ======= 2014-03-25 14:05 - 2014-03-19 08:58 - 00000000 ____D () C:\FRST 2014-03-25 14:03 - 2013-09-02 12:46 - 00000000 ____D () C:\Program Files (x86)\sysTPL 2014-03-25 14:03 - 2013-08-12 13:00 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype 2014-03-25 13:51 - 2013-10-24 12:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\.purple 2014-03-25 13:51 - 2013-06-26 15:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-25 13:51 - 2012-09-18 16:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-25 13:51 - 2009-07-14 05:51 - 00126785 _____ () C:\Windows\setupact.log 2014-03-25 11:32 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-25 11:32 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-25 11:29 - 2013-01-22 20:04 - 00699386 _____ () C:\Windows\system32\perfh007.dat 2014-03-25 11:29 - 2013-01-22 20:04 - 00149526 _____ () C:\Windows\system32\perfc007.dat 2014-03-25 11:29 - 2009-07-14 06:13 - 01620488 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-25 11:28 - 2013-01-22 11:10 - 01121850 _____ () C:\Windows\WindowsUpdate.log 2014-03-25 11:26 - 2014-03-25 10:49 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-25 11:25 - 2013-06-26 15:21 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-25 11:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-25 11:24 - 2014-03-19 09:02 - 00000000 ____D () C:\AdwCleaner 2014-03-25 11:24 - 2013-06-25 10:16 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-25 10:49 - 2013-09-02 12:48 - 00001696 _____ () C:\Windows\Sandboxie.ini 2014-03-25 10:48 - 2014-03-25 10:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-25 10:48 - 2014-03-19 09:32 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-24 15:22 - 2013-07-09 07:57 - 00000000 ____D () C:\Users\user\AppData\Roaming\FileZilla 2014-03-24 12:37 - 2014-03-24 12:37 - 00023377 _____ () C:\ComboFix.txt 2014-03-24 12:37 - 2014-03-24 12:16 - 00000000 ____D () C:\Qoobox 2014-03-24 12:37 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-03-24 12:34 - 2014-03-24 12:15 - 00000000 ____D () C:\Windows\erdnt 2014-03-24 12:27 - 2010-11-21 04:47 - 00344238 _____ () C:\Windows\PFRO.log 2014-03-24 12:27 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-03-24 12:26 - 2009-07-14 03:34 - 79167488 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-03-24 12:26 - 2009-07-14 03:34 - 20447232 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-03-24 12:26 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-03-24 12:26 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-03-24 12:26 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-03-24 12:12 - 2014-03-21 11:15 - 00000000 ____D () C:\ProgramData\Doctor Web 2014-03-24 12:12 - 2014-03-21 11:15 - 00000000 ____D () C:\Program Files (x86)\DrWeb 2014-03-24 10:36 - 2014-03-24 10:36 - 00000000 _____ () C:\Users\user\defogger_reenable 2014-03-24 08:53 - 2014-03-24 08:53 - 00002026 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk 2014-03-24 08:53 - 2013-07-09 07:57 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-03-24 08:29 - 2014-03-21 11:18 - 00000000 __SHD () C:\DrWeb Quarantine 2014-03-21 12:06 - 2014-02-18 10:56 - 00000000 ____D () C:\Program Files\Java 2014-03-21 12:06 - 2013-07-17 13:21 - 00000000 ____D () C:\Program Files (x86)\Java 2014-03-21 11:20 - 2014-03-21 09:44 - 00000000 ____D () C:\Users\user\Doctor Web 2014-03-21 11:12 - 2014-03-20 12:55 - 00000000 ____D () C:\Program Files\Bitdefender 2014-03-21 11:10 - 2014-03-20 12:55 - 00000000 ____D () C:\ProgramData\Bitdefender 2014-03-21 11:10 - 2014-03-20 12:51 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender 2014-03-20 19:13 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template 2014-03-20 15:38 - 2013-07-09 15:31 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe 2014-03-20 14:16 - 2014-03-20 14:13 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll 2014-03-20 14:16 - 2014-03-20 12:55 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll 2014-03-20 14:15 - 2014-03-20 14:15 - 00000385 _____ () C:\Windows\system32\user_gensett.xml 2014-03-20 14:15 - 2014-03-20 14:15 - 00000385 _____ () C:\Users\user\AppData\Roaminguser_gensett.xml 2014-03-20 14:15 - 2014-03-20 14:14 - 00000000 ____D () C:\ProgramData\BDLogging 2014-03-20 14:14 - 2014-03-20 14:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf 2014-03-20 13:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-03-20 12:54 - 2014-03-20 12:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\QuickScan 2014-03-20 12:52 - 2013-07-09 08:07 - 00000000 ____D () C:\ProgramData\Avira 2014-03-20 08:31 - 2014-03-19 13:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-03-20 08:31 - 2014-03-19 13:47 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2014-03-20 08:31 - 2013-07-09 07:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-20 08:31 - 2013-07-09 07:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-20 08:31 - 2009-07-14 05:45 - 00344312 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-19 17:50 - 2013-06-26 15:21 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-19 16:22 - 2014-03-19 13:47 - 00000000 ____D () C:\Users\user\Documents\Anti-Malware 2014-03-19 16:22 - 2014-03-19 13:47 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-03-19 16:21 - 2013-08-26 15:40 - 00000000 ____D () C:\Users\user\Desktop\Privat 2014-03-19 13:47 - 2014-03-19 13:47 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-03-19 13:46 - 2014-03-19 13:46 - 00000036 _____ () C:\Users\user\AppData\Local\housecall.guid.cache 2014-03-19 13:41 - 2013-06-26 15:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-19 12:30 - 2014-03-19 12:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Malwarebytes 2014-03-19 11:28 - 2014-03-19 11:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-19 10:20 - 2013-08-14 16:59 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-19 10:18 - 2013-07-15 07:32 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-19 10:14 - 2013-07-09 12:43 - 00000000 ____D () C:\Users\Peer 2014-03-19 10:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\L2Schemas 2014-03-19 10:13 - 2014-03-19 09:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-03-19 10:13 - 2013-06-26 15:20 - 00000000 ___RD () C:\MSOCache 2014-03-19 10:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-03-19 09:27 - 2014-03-19 09:27 - 00000000 ____D () C:\Windows\ERUNT 2014-03-12 12:27 - 2012-09-18 16:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-12 12:27 - 2012-09-18 16:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-12 12:27 - 2012-09-18 16:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-10 14:11 - 2013-07-23 12:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\SuperMailer 2014-03-05 09:26 - 2014-03-25 10:48 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-05 09:26 - 2014-03-25 10:48 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-05 09:26 - 2014-03-25 10:48 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-03 18:03 - 2014-02-28 15:53 - 01593832 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-03-01 07:05 - 2014-03-19 10:25 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 06:17 - 2014-03-19 10:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-01 06:16 - 2014-03-19 10:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-01 05:58 - 2014-03-19 10:25 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 05:52 - 2014-03-19 10:25 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-01 05:51 - 2014-03-19 10:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-01 05:42 - 2014-03-19 10:25 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-01 05:40 - 2014-03-19 10:25 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-01 05:37 - 2014-03-19 10:25 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-01 05:33 - 2014-03-19 10:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-01 05:33 - 2014-03-19 10:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-01 05:32 - 2014-03-19 10:25 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-01 05:30 - 2014-03-19 10:25 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-01 05:23 - 2014-03-19 10:25 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-01 05:17 - 2014-03-19 10:25 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 05:11 - 2014-03-19 10:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-01 05:02 - 2014-03-19 10:25 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-01 04:54 - 2014-03-19 10:25 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 04:52 - 2014-03-19 10:25 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-01 04:51 - 2014-03-19 10:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-01 04:47 - 2014-03-19 10:25 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-01 04:43 - 2014-03-19 10:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-01 04:43 - 2014-03-19 10:25 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-01 04:42 - 2014-03-19 10:25 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 04:40 - 2014-03-19 10:25 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-01 04:38 - 2014-03-19 10:25 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-01 04:37 - 2014-03-19 10:25 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-01 04:35 - 2014-03-19 10:25 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-01 04:18 - 2014-03-19 10:25 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 04:16 - 2014-03-19 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-01 04:14 - 2014-03-19 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-01 04:10 - 2014-03-19 10:25 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 04:03 - 2014-03-19 10:25 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-01 04:00 - 2014-03-19 10:25 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-01 03:57 - 2014-03-19 10:25 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-01 03:38 - 2014-03-19 10:25 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 03:32 - 2014-03-19 10:25 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-01 03:27 - 2014-03-19 10:25 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-01 03:25 - 2014-03-19 10:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-01 03:25 - 2014-03-19 10:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\Program Files\iTunes 2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\Program Files\iPod 2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-02-28 12:32 - 2013-08-19 07:49 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-02-28 11:53 - 2013-06-25 10:17 - 00086552 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-28 11:52 - 2014-02-14 13:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-28 11:52 - 2014-02-14 12:22 - 00000000 ____D () C:\Windows\SysWOW64\Adobe 2014-02-28 11:52 - 2013-10-24 12:36 - 00000000 ____D () C:\Users\user\AppData\Local\gtk-2.0 2014-02-28 11:52 - 2013-07-15 10:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\PersBackup5 2014-02-28 11:52 - 2013-07-09 13:57 - 00000000 ____D () C:\Users\user\AppData\Roaming\IrfanView 2014-02-28 11:52 - 2013-06-26 15:21 - 00000000 ____D () C:\Users\user\AppData\Local\Microsoft Help 2014-02-28 11:52 - 2012-09-18 16:49 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-02-28 11:52 - 2012-09-18 16:49 - 00000000 ____D () C:\Windows\system32\Macromed 2014-02-28 11:51 - 2013-07-09 13:52 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-02-28 11:15 - 2014-02-28 11:15 - 01071000 _____ (Solid State Networks) C:\Users\user\Downloads\install_flashplayer12x32_mssd_aaa_aih.exe 2014-02-28 10:35 - 2012-09-18 16:48 - 00000000 ____D () C:\ProgramData\Adobe 2014-02-28 10:32 - 2014-02-24 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-02-27 10:44 - 2014-02-27 10:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\PDAppFlex 2014-02-27 10:44 - 2014-02-27 10:44 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe 2014-02-24 11:43 - 2013-09-11 09:20 - 00000000 ____D () C:\Users\user\.gimp-2.8 2014-02-24 11:37 - 2014-02-24 11:37 - 00008422 _____ () C:\Users\user\AppData\Local\recently-used.xbel Files to move or delete: ==================== C:\Users\user\RevMan_5_2_7_update_windows_java6.exe Some content of TEMP: ==================== C:\Users\user\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-21 18:47 ==================== End Of Log ============================ --- --- --- |
|
26.03.2014, 11:10
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: Trojaner Proxy-Server 127.0.0.1 Port: 8877 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8877
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Windows 7: Trojaner Proxy-Server 127.0.0.1 Port: 8877 |
|
26.03.2014, 13:43
| #7 |
| | Windows 7: Trojaner Proxy-Server 127.0.0.1 Port: 8877 Hi, also hier erstmal das Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by user at 2014-03-26 11:34:10 Run:2
Running from D:\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8877
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
==== End of Fixlog ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e844b86aca2a0e4fa9612d50205f4230
# engine=17627
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-26 12:26:40
# local_time=2014-03-26 01:26:40 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=4607 16777215 0 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 92450 147466650 0 0
# scanned=170258
# found=0
# cleaned=0
# scan_time=6438
Code:
ATTFilter Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 51
Adobe Flash Player 12.0.0.77
Adobe Reader 10.1.9 Adobe Reader out of Date!
Mozilla Firefox (27.0.1)
Mozilla Thunderbird (24.4.0)
Google Chrome 33.0.1750.146
Google Chrome 33.0.1750.154
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by user (administrator) on PC-VOSS on 26-03-2014 13:40:48
Running from D:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPL.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-20] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM\...\Run: [FileOpenBroker] - C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1589104 2013-03-26] (FileOpen Systems Inc.)
HKLM\...\Run: [InstallerLauncher] - "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-21] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [636520 2012-02-07] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [sysTPL] - C:\Program Files (x86)\sysTPL\sysTPL.exe [1244440 2014-03-20] (Tlapia)
HKLM-x32\...\Run: [EaseUS EPM tray] - C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1815366113-400607504-2382787183-1000\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759384 2013-07-08] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1815366113-400607504-2382787183-1000\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-15] (Google Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEBF65258922CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: No Name - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: No Name - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\dz2302to.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-26]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-26]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-26]
CHR Extension: (GMX MailCheck) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2014-02-28]
CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-26]
CHR Extension: (HTML5 Video für YouTube™) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dolajcekhnohkpncmhgledbmndjpblei [2014-02-28]
CHR Extension: (Drucken) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd [2013-09-24]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (YouTube Unblocker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2013-10-18]
CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-26]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-06-26]
==================== Services (Whitelisted) =================
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [476936 2013-08-27] (BitRaider, LLC)
R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [337264 2013-03-19] (FileOpen Systems Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC)
R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [399640 2014-03-20] (Tlapia)
R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [400664 2014-03-20] (Tlapia)
S2 0257671347983765mcinstcleanup; C:\Users\ADMINI~1\AppData\Local\Temp\025767~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [X]
S2 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S0 mfewfpk; system32\drivers\mfewfpk.sys [X]
S3 PCDSRVC{1AD96DDB-27B07940-06020200}_0; \??\c:\users\administrator\appdata\local\temp\bjxq9ais9o1y\pcdrdiag\bin\pcdsrvc_x64.pkms [X]
S3 wanatw; system32\DRIVERS\wanatw64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-25 10:49 - 2014-03-26 09:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-24 12:37 - 2014-03-24 12:37 - 00023377 _____ () C:\ComboFix.txt
2014-03-24 12:16 - 2014-03-24 12:37 - 00000000 ____D () C:\Qoobox
2014-03-24 12:16 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-24 12:16 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-24 12:16 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-24 12:16 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-24 12:16 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-24 12:16 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-24 12:16 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-24 12:16 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-24 12:15 - 2014-03-24 12:34 - 00000000 ____D () C:\Windows\erdnt
2014-03-24 10:36 - 2014-03-24 10:36 - 00000000 _____ () C:\Users\user\defogger_reenable
2014-03-24 08:53 - 2014-03-24 08:53 - 00002026 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-03-21 11:18 - 2014-03-24 08:29 - 00000000 __SHD () C:\DrWeb Quarantine
2014-03-21 11:15 - 2014-03-24 12:12 - 00000000 ____D () C:\ProgramData\Doctor Web
2014-03-21 11:15 - 2014-03-24 12:12 - 00000000 ____D () C:\Program Files (x86)\DrWeb
2014-03-21 09:44 - 2014-03-21 11:20 - 00000000 ____D () C:\Users\user\Doctor Web
2014-03-20 14:15 - 2014-03-20 14:15 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-03-20 14:15 - 2014-03-20 14:15 - 00000385 _____ () C:\Users\user\AppData\Roaminguser_gensett.xml
2014-03-20 14:14 - 2014-03-20 14:15 - 00000000 ____D () C:\ProgramData\BDLogging
2014-03-20 14:14 - 2014-03-20 14:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-03-20 14:14 - 2009-07-15 00:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-03-20 14:13 - 2014-03-20 14:16 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-03-20 14:13 - 2007-04-11 10:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2014-03-20 12:55 - 2014-03-21 11:12 - 00000000 ____D () C:\Program Files\Bitdefender
2014-03-20 12:55 - 2014-03-21 11:10 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-03-20 12:55 - 2014-03-20 14:16 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-03-20 12:55 - 2013-11-04 15:47 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2014-03-20 12:55 - 2013-11-04 15:46 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2014-03-20 12:54 - 2014-03-20 12:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\QuickScan
2014-03-20 12:51 - 2014-03-21 11:10 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-03-19 13:47 - 2014-03-20 08:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-19 13:47 - 2014-03-20 08:31 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-03-19 13:47 - 2014-03-19 16:22 - 00000000 ____D () C:\Users\user\Documents\Anti-Malware
2014-03-19 13:47 - 2014-03-19 16:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-19 13:47 - 2014-03-19 13:47 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-19 13:46 - 2014-03-19 13:46 - 00000036 _____ () C:\Users\user\AppData\Local\housecall.guid.cache
2014-03-19 12:30 - 2014-03-19 12:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Malwarebytes
2014-03-19 11:28 - 2014-03-19 11:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-19 10:25 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-19 10:25 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-19 10:25 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-19 10:25 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-19 10:25 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-19 10:25 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-19 10:25 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-19 10:25 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-19 10:25 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-19 10:25 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-19 10:25 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-19 10:25 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-19 10:25 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-19 10:25 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-19 10:25 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-19 10:25 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-19 10:25 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-19 10:25 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-19 10:25 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-19 10:25 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-19 10:25 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-19 10:25 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-19 10:25 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-19 10:25 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-19 10:25 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-19 10:25 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-19 10:25 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-19 10:25 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-19 10:25 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-19 10:25 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-19 10:25 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-19 10:25 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-19 10:25 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-19 10:25 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-19 10:25 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-19 10:25 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-19 10:25 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-19 10:25 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-19 10:25 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-19 10:25 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-19 10:25 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-19 10:25 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-19 10:25 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-19 10:25 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-19 10:22 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-19 10:22 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-19 10:22 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-19 10:22 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-19 09:32 - 2014-03-25 10:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-19 09:32 - 2014-03-19 10:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-19 09:27 - 2014-03-19 09:27 - 00000000 ____D () C:\Windows\ERUNT
2014-03-19 09:02 - 2014-03-25 11:24 - 00000000 ____D () C:\AdwCleaner
2014-03-19 08:58 - 2014-03-26 13:40 - 00000000 ____D () C:\FRST
2014-02-28 15:53 - 2014-03-03 18:03 - 01593832 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\Program Files\iTunes
2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\Program Files\iPod
2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-28 11:15 - 2014-02-28 11:15 - 01071000 _____ (Solid State Networks) C:\Users\user\Downloads\install_flashplayer12x32_mssd_aaa_aih.exe
2014-02-27 10:44 - 2014-02-27 10:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\PDAppFlex
2014-02-27 10:44 - 2014-02-27 10:44 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-24 13:04 - 2014-02-28 10:32 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-24 11:37 - 2014-02-24 11:37 - 00008422 _____ () C:\Users\user\AppData\Local\recently-used.xbel
==================== One Month Modified Files and Folders =======
2014-03-26 13:40 - 2014-03-19 08:58 - 00000000 ____D () C:\FRST
2014-03-26 13:40 - 2013-10-24 12:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\.purple
2014-03-26 13:37 - 2013-06-26 15:21 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-26 13:37 - 2013-01-22 11:10 - 01140082 _____ () C:\Windows\WindowsUpdate.log
2014-03-26 13:37 - 2010-11-21 04:47 - 00345072 _____ () C:\Windows\PFRO.log
2014-03-26 13:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-26 13:37 - 2009-07-14 05:51 - 00127345 _____ () C:\Windows\setupact.log
2014-03-26 13:35 - 2013-08-12 13:00 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-03-26 13:27 - 2013-06-26 15:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-26 13:15 - 2012-09-18 16:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-26 11:36 - 2013-01-22 20:04 - 00699386 _____ () C:\Windows\system32\perfh007.dat
2014-03-26 11:36 - 2013-01-22 20:04 - 00149526 _____ () C:\Windows\system32\perfc007.dat
2014-03-26 11:36 - 2009-07-14 06:13 - 01620488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-26 09:38 - 2013-09-02 12:46 - 00000000 ____D () C:\Program Files (x86)\sysTPL
2014-03-26 09:17 - 2014-03-25 10:49 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-26 08:39 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-26 08:39 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-25 11:24 - 2014-03-19 09:02 - 00000000 ____D () C:\AdwCleaner
2014-03-25 11:24 - 2013-06-25 10:16 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-25 10:49 - 2013-09-02 12:48 - 00001696 _____ () C:\Windows\Sandboxie.ini
2014-03-25 10:48 - 2014-03-19 09:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-24 15:22 - 2013-07-09 07:57 - 00000000 ____D () C:\Users\user\AppData\Roaming\FileZilla
2014-03-24 12:37 - 2014-03-24 12:37 - 00023377 _____ () C:\ComboFix.txt
2014-03-24 12:37 - 2014-03-24 12:16 - 00000000 ____D () C:\Qoobox
2014-03-24 12:37 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-24 12:34 - 2014-03-24 12:15 - 00000000 ____D () C:\Windows\erdnt
2014-03-24 12:27 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-24 12:26 - 2009-07-14 03:34 - 79167488 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-03-24 12:26 - 2009-07-14 03:34 - 20447232 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-03-24 12:26 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-03-24 12:26 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-03-24 12:26 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-03-24 12:12 - 2014-03-21 11:15 - 00000000 ____D () C:\ProgramData\Doctor Web
2014-03-24 12:12 - 2014-03-21 11:15 - 00000000 ____D () C:\Program Files (x86)\DrWeb
2014-03-24 10:36 - 2014-03-24 10:36 - 00000000 _____ () C:\Users\user\defogger_reenable
2014-03-24 08:53 - 2014-03-24 08:53 - 00002026 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-03-24 08:53 - 2013-07-09 07:57 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-03-24 08:29 - 2014-03-21 11:18 - 00000000 __SHD () C:\DrWeb Quarantine
2014-03-21 12:06 - 2014-02-18 10:56 - 00000000 ____D () C:\Program Files\Java
2014-03-21 12:06 - 2013-07-17 13:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-21 11:20 - 2014-03-21 09:44 - 00000000 ____D () C:\Users\user\Doctor Web
2014-03-21 11:12 - 2014-03-20 12:55 - 00000000 ____D () C:\Program Files\Bitdefender
2014-03-21 11:10 - 2014-03-20 12:55 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-03-21 11:10 - 2014-03-20 12:51 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-03-20 19:13 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-03-20 15:38 - 2013-07-09 15:31 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-03-20 14:16 - 2014-03-20 14:13 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-03-20 14:16 - 2014-03-20 12:55 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-03-20 14:15 - 2014-03-20 14:15 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-03-20 14:15 - 2014-03-20 14:15 - 00000385 _____ () C:\Users\user\AppData\Roaminguser_gensett.xml
2014-03-20 14:15 - 2014-03-20 14:14 - 00000000 ____D () C:\ProgramData\BDLogging
2014-03-20 14:14 - 2014-03-20 14:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-03-20 13:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-20 12:54 - 2014-03-20 12:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\QuickScan
2014-03-20 12:52 - 2013-07-09 08:07 - 00000000 ____D () C:\ProgramData\Avira
2014-03-20 08:31 - 2014-03-19 13:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-20 08:31 - 2014-03-19 13:47 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-03-20 08:31 - 2013-07-09 07:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-20 08:31 - 2013-07-09 07:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-20 08:31 - 2009-07-14 05:45 - 00344312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-19 17:50 - 2013-06-26 15:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-19 16:22 - 2014-03-19 13:47 - 00000000 ____D () C:\Users\user\Documents\Anti-Malware
2014-03-19 16:22 - 2014-03-19 13:47 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-19 16:21 - 2013-08-26 15:40 - 00000000 ____D () C:\Users\user\Desktop\Privat
2014-03-19 13:47 - 2014-03-19 13:47 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-19 13:46 - 2014-03-19 13:46 - 00000036 _____ () C:\Users\user\AppData\Local\housecall.guid.cache
2014-03-19 13:41 - 2013-06-26 15:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-19 12:30 - 2014-03-19 12:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Malwarebytes
2014-03-19 11:28 - 2014-03-19 11:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-19 10:20 - 2013-08-14 16:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 10:18 - 2013-07-15 07:32 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-19 10:14 - 2013-07-09 12:43 - 00000000 ____D () C:\Users\Peer
2014-03-19 10:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-03-19 10:13 - 2014-03-19 09:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-19 10:13 - 2013-06-26 15:20 - 00000000 __RHD () C:\MSOCache
2014-03-19 10:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-03-19 09:27 - 2014-03-19 09:27 - 00000000 ____D () C:\Windows\ERUNT
2014-03-12 12:27 - 2012-09-18 16:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 12:27 - 2012-09-18 16:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 12:27 - 2012-09-18 16:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 14:11 - 2013-07-23 12:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\SuperMailer
2014-03-03 18:03 - 2014-02-28 15:53 - 01593832 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-01 07:05 - 2014-03-19 10:25 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-19 10:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-19 10:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-19 10:25 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-19 10:25 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-19 10:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-19 10:25 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-19 10:25 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-19 10:25 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-19 10:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-19 10:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-19 10:25 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-19 10:25 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-19 10:25 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-19 10:25 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-19 10:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-19 10:25 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-19 10:25 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-19 10:25 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-19 10:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-19 10:25 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-19 10:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-19 10:25 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-19 10:25 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-19 10:25 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-19 10:25 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-19 10:25 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-19 10:25 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-19 10:25 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-19 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-19 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-19 10:25 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-19 10:25 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-19 10:25 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-19 10:25 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-19 10:25 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-19 10:25 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-19 10:25 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-19 10:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-19 10:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\Program Files\iTunes
2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\Program Files\iPod
2014-02-28 12:37 - 2014-02-28 12:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-28 12:32 - 2013-08-19 07:49 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-28 11:53 - 2013-06-25 10:17 - 00086552 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-28 11:52 - 2014-02-14 13:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-28 11:52 - 2014-02-14 12:22 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-02-28 11:52 - 2013-10-24 12:36 - 00000000 ____D () C:\Users\user\AppData\Local\gtk-2.0
2014-02-28 11:52 - 2013-07-15 10:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\PersBackup5
2014-02-28 11:52 - 2013-07-09 13:57 - 00000000 ____D () C:\Users\user\AppData\Roaming\IrfanView
2014-02-28 11:52 - 2013-06-26 15:21 - 00000000 ____D () C:\Users\user\AppData\Local\Microsoft Help
2014-02-28 11:52 - 2012-09-18 16:49 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-02-28 11:52 - 2012-09-18 16:49 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-28 11:51 - 2013-07-09 13:52 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-28 11:15 - 2014-02-28 11:15 - 01071000 _____ (Solid State Networks) C:\Users\user\Downloads\install_flashplayer12x32_mssd_aaa_aih.exe
2014-02-28 10:35 - 2012-09-18 16:48 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-28 10:32 - 2014-02-24 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-27 10:44 - 2014-02-27 10:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\PDAppFlex
2014-02-27 10:44 - 2014-02-27 10:44 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-24 11:43 - 2013-09-11 09:20 - 00000000 ____D () C:\Users\user\.gimp-2.8
2014-02-24 11:37 - 2014-02-24 11:37 - 00008422 _____ () C:\Users\user\AppData\Local\recently-used.xbel
Files to move or delete:
====================
C:\Users\user\RevMan_5_2_7_update_windows_java6.exe
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-21 18:47
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- und leider hat sich der Proxyserver für LAN wieder eingetragen....  |
|
27.03.2014, 12:05
| #8 | |
| /// the machine /// TB-Ausbilder | Windows 7: Trojaner Proxy-Server 127.0.0.1 Port: 8877Zitat:
 Nach Erstellen des frischen FRST Logs? Im Log ist er nämlich nicht mehr. Bitte öffne FRST, setz nen Haken bei Addition und scanne, poste bitte beide Logfiles.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.03.2014, 12:12
| #9 |
| | Windows 7: Trojaner Proxy-Server 127.0.0.1 Port: 8877 hier das FRST-Log FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by user (administrator) on PC-VOSS on 27-03-2014 12:11:27
Running from D:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPL.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-20] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM\...\Run: [FileOpenBroker] - C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1589104 2013-03-26] (FileOpen Systems Inc.)
HKLM\...\Run: [InstallerLauncher] - "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [636520 2012-02-07] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [sysTPL] - C:\Program Files (x86)\sysTPL\sysTPL.exe [1244440 2014-03-20] (Tlapia)
HKLM-x32\...\Run: [EaseUS EPM tray] - C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1815366113-400607504-2382787183-1000\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759384 2013-07-08] (Sandboxie Holdings, LLC)
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8877
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEBF65258922CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: No Name - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: No Name - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-27]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-27]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-27]
CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-27]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-27]
CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-27]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-03-27]
==================== Services (Whitelisted) =================
R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [337264 2013-03-19] (FileOpen Systems Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC)
R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [399640 2014-03-20] (Tlapia)
R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [400664 2014-03-20] (Tlapia)
S2 0257671347983765mcinstcleanup; C:\Users\ADMINI~1\AppData\Local\Temp\025767~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [X]
S2 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S0 mfewfpk; system32\drivers\mfewfpk.sys [X]
S3 PCDSRVC{1AD96DDB-27B07940-06020200}_0; \??\c:\users\administrator\appdata\local\temp\bjxq9ais9o1y\pcdrdiag\bin\pcdsrvc_x64.pkms [X]
S3 wanatw; system32\DRIVERS\wanatw64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-27 11:34 - 2014-03-27 11:37 - 00000000 ____D () C:\Users\user\AppData\Roaming\Nico Mak Computing
2014-03-27 11:34 - 2014-03-27 11:34 - 04892480 _____ (WinZip International LLC ) C:\Users\user\Downloads\wzmp_8.exe
2014-03-27 10:51 - 2014-03-27 10:51 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-27 10:50 - 2014-03-27 11:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-27 10:50 - 2014-03-27 10:55 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-27 10:50 - 2014-03-27 10:50 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 10:50 - 2014-03-27 10:50 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-27 10:48 - 2014-03-27 10:48 - 00847848 _____ (Google Inc.) C:\Users\user\Downloads\ChromeSetup.exe
2014-03-26 14:31 - 2014-03-26 14:31 - 00003084 _____ () C:\Windows\System32\Tasks\{2F9C3887-4E14-4450-B224-3A6C91577824}
2014-03-26 14:31 - 2014-03-26 14:31 - 00000000 ____D () C:\Program Files (x86)\AppsPro
2014-03-25 10:49 - 2014-03-26 09:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-24 12:37 - 2014-03-24 12:37 - 00023377 _____ () C:\ComboFix.txt
2014-03-24 12:16 - 2014-03-24 12:37 - 00000000 ____D () C:\Qoobox
2014-03-24 12:16 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-24 12:16 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-24 12:16 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-24 12:16 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-24 12:16 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-24 12:16 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-24 12:16 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-24 12:16 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-24 12:15 - 2014-03-24 12:34 - 00000000 ____D () C:\Windows\erdnt
2014-03-24 10:36 - 2014-03-24 10:36 - 00000000 _____ () C:\Users\user\defogger_reenable
2014-03-21 11:18 - 2014-03-24 08:29 - 00000000 __SHD () C:\DrWeb Quarantine
2014-03-21 11:15 - 2014-03-24 12:12 - 00000000 ____D () C:\ProgramData\Doctor Web
2014-03-21 11:15 - 2014-03-24 12:12 - 00000000 ____D () C:\Program Files (x86)\DrWeb
2014-03-21 09:44 - 2014-03-21 11:20 - 00000000 ____D () C:\Users\user\Doctor Web
2014-03-20 14:15 - 2014-03-20 14:15 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-03-20 14:15 - 2014-03-20 14:15 - 00000385 _____ () C:\Users\user\AppData\Roaminguser_gensett.xml
2014-03-20 14:14 - 2014-03-20 14:15 - 00000000 ____D () C:\ProgramData\BDLogging
2014-03-20 14:14 - 2014-03-20 14:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-03-20 14:14 - 2009-07-15 00:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-03-20 14:13 - 2014-03-20 14:16 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-03-20 14:13 - 2007-04-11 10:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2014-03-20 12:55 - 2014-03-21 11:12 - 00000000 ____D () C:\Program Files\Bitdefender
2014-03-20 12:55 - 2014-03-21 11:10 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-03-20 12:55 - 2014-03-20 14:16 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-03-20 12:55 - 2013-11-04 15:47 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2014-03-20 12:55 - 2013-11-04 15:46 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2014-03-20 12:54 - 2014-03-20 12:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\QuickScan
2014-03-20 12:51 - 2014-03-21 11:10 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-03-19 13:47 - 2014-03-20 08:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-19 13:47 - 2014-03-20 08:31 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-03-19 13:47 - 2014-03-19 16:22 - 00000000 ____D () C:\Users\user\Documents\Anti-Malware
2014-03-19 13:47 - 2014-03-19 16:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-19 13:47 - 2014-03-19 13:47 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-19 13:46 - 2014-03-19 13:46 - 00000036 _____ () C:\Users\user\AppData\Local\housecall.guid.cache
2014-03-19 12:30 - 2014-03-19 12:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Malwarebytes
2014-03-19 11:28 - 2014-03-19 11:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-19 10:25 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-19 10:25 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-19 10:25 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-19 10:25 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-19 10:25 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-19 10:25 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-19 10:25 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-19 10:25 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-19 10:25 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-19 10:25 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-19 10:25 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-19 10:25 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-19 10:25 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-19 10:25 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-19 10:25 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-19 10:25 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-19 10:25 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-19 10:25 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-19 10:25 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-19 10:25 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-19 10:25 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-19 10:25 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-19 10:25 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-19 10:25 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-19 10:25 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-19 10:25 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-19 10:25 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-19 10:25 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-19 10:25 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-19 10:25 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-19 10:25 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-19 10:25 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-19 10:25 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-19 10:25 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-19 10:25 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-19 10:25 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-19 10:25 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-19 10:25 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-19 10:25 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-19 10:25 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-19 10:25 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-19 10:25 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-19 10:25 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-19 10:25 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-19 10:22 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-19 10:22 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-19 10:22 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-19 10:22 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-19 09:32 - 2014-03-25 10:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-19 09:32 - 2014-03-19 10:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-19 09:27 - 2014-03-19 09:27 - 00000000 ____D () C:\Windows\ERUNT
2014-03-19 09:02 - 2014-03-25 11:24 - 00000000 ____D () C:\AdwCleaner
2014-03-19 08:58 - 2014-03-27 12:11 - 00000000 ____D () C:\FRST
2014-02-28 15:53 - 2014-03-03 18:03 - 01593832 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-28 12:37 - 2014-03-27 10:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-28 11:15 - 2014-02-28 11:15 - 01071000 _____ (Solid State Networks) C:\Users\user\Downloads\install_flashplayer12x32_mssd_aaa_aih.exe
2014-02-27 10:44 - 2014-02-27 10:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\PDAppFlex
2014-02-27 10:44 - 2014-02-27 10:44 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
==================== One Month Modified Files and Folders =======
2014-03-27 12:11 - 2014-03-19 08:58 - 00000000 ____D () C:\FRST
2014-03-27 12:01 - 2013-08-12 13:00 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-03-27 11:55 - 2014-03-27 10:50 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-27 11:37 - 2014-03-27 11:34 - 00000000 ____D () C:\Users\user\AppData\Roaming\Nico Mak Computing
2014-03-27 11:34 - 2014-03-27 11:34 - 04892480 _____ (WinZip International LLC ) C:\Users\user\Downloads\wzmp_8.exe
2014-03-27 11:33 - 2013-10-24 12:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\.purple
2014-03-27 11:13 - 2012-09-18 16:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-27 11:00 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-27 11:00 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-27 10:59 - 2013-01-22 20:04 - 00699386 _____ () C:\Windows\system32\perfh007.dat
2014-03-27 10:59 - 2013-01-22 20:04 - 00149526 _____ () C:\Windows\system32\perfc007.dat
2014-03-27 10:59 - 2009-07-14 06:13 - 01620488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-27 10:57 - 2013-09-02 12:46 - 00000000 ____D () C:\Program Files (x86)\sysTPL
2014-03-27 10:56 - 2013-01-22 11:10 - 01212904 _____ () C:\Windows\WindowsUpdate.log
2014-03-27 10:55 - 2014-03-27 10:50 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-27 10:55 - 2013-06-26 15:19 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2014-03-27 10:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-27 10:53 - 2009-07-14 05:51 - 00128129 _____ () C:\Windows\setupact.log
2014-03-27 10:52 - 2010-11-21 04:47 - 00346664 _____ () C:\Windows\PFRO.log
2014-03-27 10:51 - 2014-03-27 10:51 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-27 10:51 - 2013-06-26 15:21 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-27 10:50 - 2014-03-27 10:50 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 10:50 - 2014-03-27 10:50 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-27 10:48 - 2014-03-27 10:48 - 00847848 _____ (Google Inc.) C:\Users\user\Downloads\ChromeSetup.exe
2014-03-27 10:46 - 2013-06-26 15:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-27 10:37 - 2014-02-28 12:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-27 10:11 - 2013-01-22 11:28 - 00000032 _____ () C:\ProgramData\PS.log
2014-03-27 10:11 - 2012-09-18 16:24 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-27 10:11 - 2012-09-18 16:24 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-03-27 10:10 - 2012-09-18 16:24 - 00000000 ____D () C:\Program Files\Acer
2014-03-27 10:06 - 2013-09-02 09:46 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-03-26 14:31 - 2014-03-26 14:31 - 00003084 _____ () C:\Windows\System32\Tasks\{2F9C3887-4E14-4450-B224-3A6C91577824}
2014-03-26 14:31 - 2014-03-26 14:31 - 00000000 ____D () C:\Program Files (x86)\AppsPro
2014-03-26 09:17 - 2014-03-25 10:49 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-25 11:24 - 2014-03-19 09:02 - 00000000 ____D () C:\AdwCleaner
2014-03-25 11:24 - 2013-06-25 10:16 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-25 10:49 - 2013-09-02 12:48 - 00001696 _____ () C:\Windows\Sandboxie.ini
2014-03-25 10:48 - 2014-03-19 09:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-24 15:22 - 2013-07-09 07:57 - 00000000 ____D () C:\Users\user\AppData\Roaming\FileZilla
2014-03-24 12:37 - 2014-03-24 12:37 - 00023377 _____ () C:\ComboFix.txt
2014-03-24 12:37 - 2014-03-24 12:16 - 00000000 ____D () C:\Qoobox
2014-03-24 12:37 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-24 12:34 - 2014-03-24 12:15 - 00000000 ____D () C:\Windows\erdnt
2014-03-24 12:27 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-24 12:26 - 2009-07-14 03:34 - 79167488 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-03-24 12:26 - 2009-07-14 03:34 - 20447232 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-03-24 12:26 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-03-24 12:26 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-03-24 12:26 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-03-24 12:12 - 2014-03-21 11:15 - 00000000 ____D () C:\ProgramData\Doctor Web
2014-03-24 12:12 - 2014-03-21 11:15 - 00000000 ____D () C:\Program Files (x86)\DrWeb
2014-03-24 10:36 - 2014-03-24 10:36 - 00000000 _____ () C:\Users\user\defogger_reenable
2014-03-24 08:53 - 2013-07-09 07:57 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-03-24 08:29 - 2014-03-21 11:18 - 00000000 __SHD () C:\DrWeb Quarantine
2014-03-21 11:20 - 2014-03-21 09:44 - 00000000 ____D () C:\Users\user\Doctor Web
2014-03-21 11:12 - 2014-03-20 12:55 - 00000000 ____D () C:\Program Files\Bitdefender
2014-03-21 11:10 - 2014-03-20 12:55 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-03-21 11:10 - 2014-03-20 12:51 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-03-20 19:13 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-03-20 15:38 - 2013-07-09 15:31 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-03-20 14:16 - 2014-03-20 14:13 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-03-20 14:16 - 2014-03-20 12:55 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2014-03-20 14:15 - 2014-03-20 14:15 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-03-20 14:15 - 2014-03-20 14:15 - 00000385 _____ () C:\Users\user\AppData\Roaminguser_gensett.xml
2014-03-20 14:15 - 2014-03-20 14:14 - 00000000 ____D () C:\ProgramData\BDLogging
2014-03-20 14:14 - 2014-03-20 14:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-03-20 13:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-20 12:54 - 2014-03-20 12:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\QuickScan
2014-03-20 12:52 - 2013-07-09 08:07 - 00000000 ____D () C:\ProgramData\Avira
2014-03-20 08:31 - 2014-03-19 13:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-20 08:31 - 2014-03-19 13:47 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-03-20 08:31 - 2013-07-09 07:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-20 08:31 - 2013-07-09 07:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-20 08:31 - 2009-07-14 05:45 - 00344312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-19 17:50 - 2013-06-26 15:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-19 16:22 - 2014-03-19 13:47 - 00000000 ____D () C:\Users\user\Documents\Anti-Malware
2014-03-19 16:22 - 2014-03-19 13:47 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-19 16:21 - 2013-08-26 15:40 - 00000000 ____D () C:\Users\user\Desktop\Privat
2014-03-19 13:47 - 2014-03-19 13:47 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-19 13:46 - 2014-03-19 13:46 - 00000036 _____ () C:\Users\user\AppData\Local\housecall.guid.cache
2014-03-19 12:30 - 2014-03-19 12:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Malwarebytes
2014-03-19 11:28 - 2014-03-19 11:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-19 10:20 - 2013-08-14 16:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 10:18 - 2013-07-15 07:32 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-19 10:14 - 2013-07-09 12:43 - 00000000 ____D () C:\Users\Peer
2014-03-19 10:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-03-19 10:13 - 2014-03-19 09:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-19 10:13 - 2013-06-26 15:20 - 00000000 __RHD () C:\MSOCache
2014-03-19 10:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-03-19 09:27 - 2014-03-19 09:27 - 00000000 ____D () C:\Windows\ERUNT
2014-03-12 12:27 - 2012-09-18 16:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 12:27 - 2012-09-18 16:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 12:27 - 2012-09-18 16:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 14:11 - 2013-07-23 12:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\SuperMailer
2014-03-03 18:03 - 2014-02-28 15:53 - 01593832 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-01 07:05 - 2014-03-19 10:25 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-19 10:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-19 10:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-19 10:25 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-19 10:25 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-19 10:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-19 10:25 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-19 10:25 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-19 10:25 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-19 10:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-19 10:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-19 10:25 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-19 10:25 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-19 10:25 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-19 10:25 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-19 10:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-19 10:25 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-19 10:25 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-19 10:25 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-19 10:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-19 10:25 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-19 10:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-19 10:25 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-19 10:25 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-19 10:25 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-19 10:25 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-19 10:25 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-19 10:25 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-19 10:25 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-19 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-19 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-19 10:25 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-19 10:25 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-19 10:25 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-19 10:25 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-19 10:25 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-19 10:25 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-19 10:25 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-19 10:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-19 10:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 12:32 - 2013-08-19 07:49 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-28 11:53 - 2013-06-25 10:17 - 00086552 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-28 11:52 - 2014-02-14 12:22 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-02-28 11:52 - 2013-10-24 12:36 - 00000000 ____D () C:\Users\user\AppData\Local\gtk-2.0
2014-02-28 11:52 - 2013-07-15 10:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\PersBackup5
2014-02-28 11:52 - 2013-07-09 13:57 - 00000000 ____D () C:\Users\user\AppData\Roaming\IrfanView
2014-02-28 11:52 - 2013-06-26 15:21 - 00000000 ____D () C:\Users\user\AppData\Local\Microsoft Help
2014-02-28 11:52 - 2012-09-18 16:49 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-02-28 11:52 - 2012-09-18 16:49 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-28 11:51 - 2013-07-09 13:52 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-28 11:15 - 2014-02-28 11:15 - 01071000 _____ (Solid State Networks) C:\Users\user\Downloads\install_flashplayer12x32_mssd_aaa_aih.exe
2014-02-28 10:35 - 2012-09-18 16:48 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-28 10:32 - 2014-02-24 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-27 10:44 - 2014-02-27 10:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\PDAppFlex
2014-02-27 10:44 - 2014-02-27 10:44 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
Files to move or delete:
====================
C:\Users\user\RevMan_5_2_7_update_windows_java6.exe
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\BRSVC_92976_hlp.exe
C:\Users\user\AppData\Local\Temp\clearfiSetup.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-21 18:47
==================== End Of Log ============================
und hier das addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by user at 2014-03-27 12:11:45
Running from D:\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Accelerated Video Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{D386AA62-CC9D-213D-BCD3-1FF53F7B8BAC}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.70223.0019 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0223.107.1652 - Ihr Firmenname) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Brother MFL-Pro Suite MFC-9840CDW (HKLM-x32\...\{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Catalyst Control Center InstallProxy (x32 Version: 2012.0223.107.1652 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0223.107.1652 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0223.107.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0223.0106.1652 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0223.107.1652 - Advanced Micro Devices, Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft)
EaseUS Partition Master 9.2.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
EndNote X6 (HKLM-x32\...\{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}) (Version: 16.0.0.6348 - Thomson Reuters)
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FileOpen Client B928 (HKLM\...\FileOpenClient_is1) (Version: B928 - FileOpen Systems, Inc.)
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3510 - Acer Incorporated)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero Control Center 10 (x32 Version: 10.6.13200.0.12 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20500.9.16 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.6.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10600.4.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.10022.15.0 - Nero AG) Hidden
PDF Password Remover v3.1 (HKLM-x32\...\PDF Password Remover v3.1_is1) (Version: - VeryPDF.com Inc)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Personal Backup 5.5 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.56.316.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - )
Review Manager 5.2.6 (HKLM-x32\...\0222-0618-0114-4896) (Version: 5.2.6 - The Nordic Cochrane Centre, Rigshospitalet)
Sandboxie 4.04 (64-bit) (HKLM\...\Sandboxie) (Version: 4.04 - Sandboxie Holdings, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SuperMailer 7.11 (HKLM\...\Newsletter Software SuperMailer (x64)_is1) (Version: 7.11 - Mirko Boeer Softwareentwicklungen)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
sysTPL (HKLM-x32\...\{59E3B807-2D5A-4AAE-A6C7-62F9A1615E84}) (Version: 1.0.0 - Tlapia)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.19617 - TeamViewer)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
TP-LINK Wireless Client Utility (HKLM-x32\...\{1E03C8BE-0848-430F-BECA-7D7709401626}) (Version: 7.0 - TP-LINK)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XY Chart Labeler 7.1 (HKLM-x32\...\XY Chart Labeler 7.1) (Version: - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
25-03-2014 07:33:44 Windows Update
27-03-2014 09:06:26 Removed Cisco AnyConnect Secure Mobility Client
27-03-2014 09:07:39 Removed Bonjour
27-03-2014 09:10:34 Konfiguriert clear.fi SDK - MVP
27-03-2014 09:11:34 Removed Java 7 Update 51
27-03-2014 09:11:59 Removed Java 7 Update 51 (64-bit)
27-03-2014 09:12:38 Entfernt MyWinLocker Suite
27-03-2014 09:17:04 Removed iTunes
27-03-2014 09:37:45 Removed PlayReady PC Runtime x86
27-03-2014 09:37:58 Removed PlayReady PC Runtime amd64
==================== Hosts content: ==========================
2009-07-14 03:34 - 2014-03-24 12:27 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {084DC814-72AB-45BF-ABF8-1BEA08CFEA16} - System32\Tasks\{11DB70DD-9907-4644-84A4-AB87C2FB3652} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {12519CD9-29A2-4AE2-9AE4-4A74913A0933} - System32\Tasks\{7DD5053C-2414-443B-B178-DED91B1ACC24} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {153C6A60-150E-47A2-8EFA-6FE750582906} - System32\Tasks\{12CB2061-F527-4187-BEC5-09FA85DB5B9A} => Chrome.exe hxxp://ui.skype.com/ui/0/4.2.0.187/de/go/help.faq.installer?LastError=1603
Task: {189D357B-A266-4182-9F5A-41FAFA2A32D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-27] (Google Inc.)
Task: {1FD6A748-B2A0-4563-A86B-11B6AAE2E86C} - System32\Tasks\{9BFA2FDC-A1F6-45B3-B8C2-98A1DF085C26} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {260AB360-E929-4249-B2E2-04AEB4630FA2} - System32\Tasks\{FBAA3862-A672-405B-8E4F-88FD519EFAF3} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {34803226-F4C8-402C-83E7-3190C7D4CE3E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {3D2F6278-9C85-441E-91F3-2CEBCC4737F6} - System32\Tasks\{F37A84DD-E48C-4EAE-B793-806D522EE909} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {582A03C6-9B18-42A3-9266-3D4E348C5B38} - System32\Tasks\{D598A2A6-708B-49AB-ACCA-542375BAD6E8} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {5DAC6992-43CE-4B01-99C9-F6A267B7A287} - System32\Tasks\{E89F9153-83AC-48D7-8595-590BB8882F68} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {62FF86FE-33AC-4637-AD5A-B56282721193} - System32\Tasks\{DB17BA99-2596-46E2-BE92-62FCB7F85ED7} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {652CB9E6-E14E-4D89-9562-553F1E3DD006} - System32\Tasks\{4D4DCA89-C2F5-455B-8403-AE5FC44DC5E2} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {69497C6E-7B66-4160-9C24-F06ABD824156} - System32\Tasks\{CE2BFDEF-10DC-419E-A659-AB56A6ABFF7A} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {6B87273D-193C-4451-890C-0B3EA8B2023E} - System32\Tasks\{69EB7934-A168-4869-8988-5231202BBA59} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {6FD856F5-E77C-4546-9E4C-E49E37277CAA} - System32\Tasks\{3EECE108-0841-46A3-ADCD-4F8632FDD8FB} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {741A846A-BA46-4E9F-98AF-85ED502D3A35} - System32\Tasks\{8292B859-F559-4E5C-A055-63E708863A65} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {7C653056-E3F6-434F-AA6B-DD10CD31A45D} - System32\Tasks\{8AF8B8F8-AA89-4E66-9F29-44ECE112006B} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {7EBCCC57-89E5-45A1-8C6D-A2259B234B1A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-27] (Google Inc.)
Task: {89315E01-8CB7-40A7-8D3D-7AD20465C07B} - System32\Tasks\{E33956E6-69F4-40E8-B95C-4CA33C32BAE1} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {9760257B-72B4-41D9-8669-C7D5AC263B5A} - System32\Tasks\{ACE3A342-BA13-4E92-B18A-EAD9B79175BE} => Chrome.exe hxxp://ui.skype.com/ui/0/4.2.0.187/de/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2
Task: {9FF05709-D6C0-469B-8975-5B26442D49D9} - System32\Tasks\{AC4A36EA-9E43-4711-856C-5698AC9DB8C9} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {A8D8E0DF-0536-4DED-819A-36D7BB124539} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-07] (Acer Incorporated)
Task: {ACDC197C-0C02-4BE0-927E-D7221C57BC79} - System32\Tasks\{531F6726-F145-49C7-BAC8-5C60BA981A75} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {B07767DC-88C1-4755-86A5-A1C5A1B1D22B} - System32\Tasks\{B9EC5CF5-9834-44EC-9A1D-EA3FC8AD33A9} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {C43EC51F-97B0-446C-9ABC-E737AEBFE220} - System32\Tasks\{5E3B5E45-E767-4F58-B0BF-43A0042A58F3} => Chrome.exe hxxp://ui.skype.com/ui/0/4.2.0.187/de/go/help.faq.installer?LastError=1603
Task: {E7637302-77C7-447F-8D5E-4118F4BC1437} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E798CA12-83D8-4E02-A042-0A5944A4CA80} - System32\Tasks\{40AFB9C4-ACA7-4061-B19F-D7CE1B9909AD} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {ED983E02-B4B8-48EC-BCDC-22964CB6E652} - System32\Tasks\{761B746B-37D9-450C-B115-488201E9849E} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {F48D345D-938D-4BE6-BA61-65E0E93A98E9} - System32\Tasks\{BDA07002-8A6A-4046-8BA5-B18B092CE1BC} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {F96B503B-FC45-4AFB-A117-CA44D97B1C41} - System32\Tasks\{AB4B1746-25BC-4750-A0C1-13D312123DD2} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {F97C37BD-B55C-4C86-B77C-28EBB87F8E92} - System32\Tasks\{5FD2C771-4A5C-43C0-822E-AD12E85D279E} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: {FF379477-40EA-4228-B4F4-09C4598D6506} - System32\Tasks\{88534142-E0B8-49BF-B52E-097B64AE0AD1} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-01-14] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-07-09 14:31 - 2005-04-22 12:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2012-02-07 03:17 - 2012-02-07 03:17 - 00636520 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2012-02-23 01:59 - 2012-02-23 01:59 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-07 03:18 - 2012-02-07 03:18 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2013-07-09 14:31 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-03-19 11:28 - 2014-03-19 11:28 - 03018864 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-03-19 11:28 - 2014-03-19 11:28 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-03-19 11:28 - 2014-03-19 11:28 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-03-27 10:51 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-02-11 20:29 - 2014-02-11 20:29 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-03-27 10:51 - 2014-03-15 01:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-27 10:51 - 2014-03-15 01:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2013-02-13 05:44 - 2013-02-13 05:44 - 00028160 _____ () C:\Program Files (x86)\Pidgin\libssp-0.dll
2013-02-13 05:44 - 2013-02-13 05:44 - 00671031 _____ () C:\Program Files (x86)\Pidgin\exchndl.dll
2013-10-24 12:20 - 2013-10-24 12:20 - 00904525 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
2013-10-24 12:20 - 2013-10-24 12:20 - 00279059 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
2013-10-24 12:20 - 2013-10-24 12:20 - 00177586 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
2013-10-24 12:20 - 2013-10-24 12:20 - 00553382 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
2013-10-24 12:20 - 2013-10-24 12:20 - 00216992 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
2013-10-24 12:20 - 2013-10-24 12:20 - 00100352 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
2013-02-13 05:43 - 2013-02-13 05:43 - 01274655 _____ () C:\Program Files (x86)\Pidgin\libxml2-2.dll
2013-02-13 05:44 - 2013-02-13 05:44 - 00475580 _____ () C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00020997 _____ () C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00013253 _____ () C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00024924 _____ () C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00015702 _____ () C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00014147 _____ () C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00018882 _____ () C:\Program Files (x86)\Pidgin\plugins\history.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00012865 _____ () C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00019043 _____ () C:\Program Files (x86)\Pidgin\plugins\idle.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00018555 _____ () C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00015074 _____ () C:\Program Files (x86)\Pidgin\plugins\libaim.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00310491 _____ () C:\Program Files (x86)\Pidgin\liboscar.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00092874 _____ () C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00209619 _____ () C:\Program Files (x86)\Pidgin\plugins\libgg.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00016005 _____ () C:\Program Files (x86)\Pidgin\plugins\libicq.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00105620 _____ () C:\Program Files (x86)\Pidgin\plugins\libirc.dll
2013-02-13 05:43 - 2013-02-13 05:43 - 00190464 _____ () C:\Program Files (x86)\Pidgin\libsasl.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00373657 _____ () C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00149933 _____ () C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00106670 _____ () C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00123540 _____ () C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00116583 _____ () C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
2013-02-13 05:43 - 2013-02-13 05:43 - 00152852 _____ () C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00171090 _____ () C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
2013-02-13 05:43 - 2013-02-13 05:43 - 02097721 _____ () C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
2013-02-13 05:43 - 2013-02-13 05:43 - 00818985 _____ () C:\Program Files (x86)\Pidgin\libsilcclient-1-1-3.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00055758 _____ () C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00021337 _____ () C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00415553 _____ () C:\Program Files (x86)\Pidgin\libjabber.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00022832 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00228908 _____ () C:\Program Files (x86)\Pidgin\libymsg.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00019793 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00047391 _____ () C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00021795 _____ () C:\Program Files (x86)\Pidgin\plugins\markerline.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00013456 _____ () C:\Program Files (x86)\Pidgin\plugins\newline.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00029225 _____ () C:\Program Files (x86)\Pidgin\plugins\notify.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00017023 _____ () C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
2012-09-09 14:17 - 2012-09-09 14:17 - 00472576 _____ () C:\Program Files (x86)\Pidgin\plugins\pidgin-otr.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00029256 _____ () C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00015380 _____ () C:\Program Files (x86)\Pidgin\plugins\psychic.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00015429 _____ () C:\Program Files (x86)\Pidgin\plugins\relnot.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00015045 _____ () C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00069575 _____ () C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00027811 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00012004 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00015978 _____ () C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00030353 _____ () C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00032020 _____ () C:\Program Files (x86)\Pidgin\plugins\ticker.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00018399 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00023305 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00029791 _____ () C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00030771 _____ () C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00037191 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
2013-02-13 05:45 - 2013-02-13 05:45 - 00044494 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
2013-02-13 05:43 - 2013-02-13 05:43 - 00102400 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslANONYMOUS.dll
2013-02-13 05:43 - 2013-02-13 05:43 - 00115712 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslCRAMMD5.dll
2013-02-13 05:43 - 2013-02-13 05:43 - 00140288 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslDIGESTMD5.dll
2013-02-13 05:43 - 2013-02-13 05:43 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslLOGIN.dll
2013-02-13 05:43 - 2013-02-13 05:43 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslPLAIN.dll
2013-02-13 05:44 - 2013-02-13 05:44 - 00425984 _____ () C:\Program Files (x86)\Pidgin\sqlite3.dll
2013-10-24 12:20 - 2013-10-24 12:20 - 00090496 _____ () C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2014-03-27 10:51 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-27 10:51 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-27 10:51 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-03-27 10:51 - 2014-03-15 01:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/27/2014 10:54:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/27/2014 10:50:02 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (03/27/2014 10:48:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/27/2014 10:40:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/27/2014 10:17:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/27/2014 10:07:26 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/27/2014 09:06:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 990544
Error: (03/27/2014 09:06:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 990544
Error: (03/27/2014 09:06:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/27/2014 09:06:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 989468
System errors:
=============
Error: (03/27/2014 10:53:23 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mfewfpk
Error: (03/27/2014 10:53:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee OOBE Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/27/2014 10:53:05 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126
Error: (03/27/2014 10:47:00 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mfewfpk
Error: (03/27/2014 10:46:51 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee OOBE Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/27/2014 10:46:51 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126
Error: (03/27/2014 10:39:20 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mfewfpk
Error: (03/27/2014 10:39:13 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee OOBE Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/27/2014 10:39:12 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126
Error: (03/27/2014 10:16:12 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mfewfpk
Microsoft Office Sessions:
=========================
Error: (03/27/2014 10:54:51 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/27/2014 10:50:02 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Downloads\esetsmartinstaller_enu.exe
Error: (03/27/2014 10:48:27 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/27/2014 10:40:49 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/27/2014 10:17:36 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/27/2014 10:07:26 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/27/2014 09:06:23 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 990544
Error: (03/27/2014 09:06:23 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 990544
Error: (03/27/2014 09:06:23 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/27/2014 09:06:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 989468
CodeIntegrity Errors:
===================================
Date: 2014-03-24 12:22:10.565
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-24 12:22:10.504
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 23%
Total physical RAM: 11731.65 MB
Available physical RAM: 8951.23 MB
Total Pagefile: 23461.48 MB
Available Pagefile: 20102.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:146.73 GB) (Free:66 GB) NTFS
Drive d: (Volume) (Fixed) (Total:764.17 GB) (Free:747.95 GB) NTFS
Drive f: (STATISTIK) (Removable) (Total:1.86 GB) (Free:0.59 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8BEBDBAB)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Not Active) - (Size=21 GB) - (Type=27)
Partition 3: (Active) - (Size=100 MB) - (Type=42)
Partition 4: (Not Active) - (Size=147 GB) - (Type=42)
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 67B829C8)
Partition 1: (Active) - (Size=2 GB) - (Type=06)
==================== End Of Log ============================
ich mach den immer manuell aus, bevor ich den browser weiter verwende, da ich ja nicht weiß, wo der mich hin umleitete. odeR? sehe ich das falsch? Danke für deine Hilfe... |
|
28.03.2014, 08:57
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: Trojaner Proxy-Server 127.0.0.1 Port: 8877 hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.03.2014, 14:59
| #11 |
| | Windows 7: Trojaner Proxy-Server 127.0.0.1 Port: 8877 hier das logfile von mbar: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.03.28.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
user :: PC-VOSS [administrator]
28.03.2014 11:38:42
mbar-log-2014-03-28 (11-38-42).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 290189
Time elapsed: 8 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 11:52:37.0373 0x15b4 TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43
11:52:40.0977 0x15b4 ============================================================
11:52:40.0977 0x15b4 Current date / time: 2014/03/28 11:52:40.0977
11:52:40.0977 0x15b4 SystemInfo:
11:52:40.0977 0x15b4
11:52:40.0977 0x15b4 OS Version: 6.1.7601 ServicePack: 1.0
11:52:40.0977 0x15b4 Product type: Workstation
11:52:40.0977 0x15b4 ComputerName: PC-VOSS
11:52:40.0977 0x15b4 UserName: user
11:52:40.0977 0x15b4 Windows directory: C:\Windows
11:52:40.0977 0x15b4 System windows directory: C:\Windows
11:52:40.0977 0x15b4 Running under WOW64
11:52:40.0977 0x15b4 Processor architecture: Intel x64
11:52:40.0977 0x15b4 Number of processors: 4
11:52:40.0977 0x15b4 Page size: 0x1000
11:52:40.0977 0x15b4 Boot type: Normal boot
11:52:40.0977 0x15b4 ============================================================
11:52:41.0100 0x15b4 KLMD registered as C:\Windows\system32\drivers\54258892.sys
11:52:41.0232 0x15b4 System UUID: {164C9715-5577-710D-59E4-721D139507D0}
11:52:41.0596 0x15b4 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:52:41.0608 0x15b4 Drive \Device\Harddisk1\DR1 - Size: 0x76D00000 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:52:41.0617 0x15b4 ============================================================
11:52:41.0617 0x15b4 \Device\Harddisk0\DR0:
11:52:41.0617 0x15b4 MBR partitions:
11:52:41.0617 0x15b4 \Device\Harddisk1\DR1:
11:52:41.0618 0x15b4 MBR partitions:
11:52:41.0618 0x15b4 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x84, BlocksNum 0x3B677C
11:52:41.0618 0x15b4 ============================================================
11:52:41.0618 0x15b4 Initialize success
11:52:41.0618 0x15b4 ============================================================
11:53:04.0733 0x031c ============================================================
11:53:04.0733 0x031c Scan started
11:53:04.0733 0x031c Mode: Manual; SigCheck; TDLFS;
11:53:04.0733 0x031c ============================================================
11:53:04.0733 0x031c KSN ping started
11:53:07.0486 0x031c KSN ping finished: true
11:53:07.0546 0x031c ================ Scan system memory ========================
11:53:07.0546 0x031c System memory - ok
11:53:07.0548 0x031c ================ Scan services =============================
11:53:07.0570 0x031c 0257671347983765mcinstcleanup - ok
11:53:07.0574 0x031c 1394ohci - ok
11:53:07.0582 0x031c ACPI - ok
11:53:07.0585 0x031c AcpiPmi - ok
11:53:07.0593 0x031c AdobeARMservice - ok
11:53:07.0595 0x031c AdobeFlashPlayerUpdateSvc - ok
11:53:07.0603 0x031c adp94xx - ok
11:53:07.0607 0x031c adpahci - ok
11:53:07.0613 0x031c adpu320 - ok
11:53:07.0619 0x031c AeLookupSvc - ok
11:53:07.0633 0x031c AFD - ok
11:53:07.0637 0x031c agp440 - ok
11:53:07.0641 0x031c ALG - ok
11:53:07.0648 0x031c aliide - ok
11:53:07.0652 0x031c AMD External Events Utility - ok
11:53:07.0656 0x031c amdhub30 - ok
11:53:07.0661 0x031c amdide - ok
11:53:07.0667 0x031c AmdK8 - ok
11:53:07.0672 0x031c amdkmdag - ok
11:53:07.0679 0x031c amdkmdap - ok
11:53:07.0684 0x031c AmdPPM - ok
11:53:07.0688 0x031c amdsata - ok
11:53:07.0692 0x031c amdsbs - ok
11:53:07.0699 0x031c amdxata - ok
11:53:07.0703 0x031c amdxhc - ok
11:53:07.0707 0x031c amd_sata - ok
11:53:07.0712 0x031c amd_xata - ok
11:53:07.0728 0x031c AntiVirWebService - ok
11:53:07.0741 0x031c AppID - ok
11:53:07.0747 0x031c AppIDSvc - ok
11:53:07.0751 0x031c Appinfo - ok
11:53:07.0757 0x031c Apple Mobile Device - ok
11:53:07.0776 0x031c arc - ok
11:53:07.0782 0x031c arcsas - ok
11:53:07.0791 0x031c aspnet_state - ok
11:53:07.0795 0x031c AsyncMac - ok
11:53:07.0801 0x031c atapi - ok
11:53:07.0812 0x031c athur - ok
11:53:07.0819 0x031c AtiHDAudioService - ok
11:53:07.0823 0x031c AudioEndpointBuilder - ok
11:53:07.0827 0x031c AudioSrv - ok
11:53:07.0850 0x031c AxInstSV - ok
11:53:07.0854 0x031c b06bdrv - ok
11:53:07.0859 0x031c b57nd60a - ok
11:53:07.0864 0x031c BDESVC - ok
11:53:07.0868 0x031c Beep - ok
11:53:07.0882 0x031c BFE - ok
11:53:07.0888 0x031c BITS - ok
11:53:07.0891 0x031c blbdrive - ok
11:53:07.0895 0x031c bowser - ok
11:53:07.0899 0x031c BrFiltLo - ok
11:53:07.0903 0x031c BrFiltUp - ok
11:53:07.0912 0x031c BridgeMP - ok
11:53:07.0918 0x031c Browser - ok
11:53:07.0921 0x031c Brserid - ok
11:53:07.0925 0x031c BrSerWdm - ok
11:53:07.0932 0x031c BrUsbMdm - ok
11:53:07.0936 0x031c BrUsbSer - ok
11:53:07.0939 0x031c BTHMODEM - ok
11:53:07.0946 0x031c bthserv - ok
11:53:07.0951 0x031c catchme - ok
11:53:07.0955 0x031c cdfs - ok
11:53:07.0959 0x031c cdrom - ok
11:53:07.0965 0x031c CertPropSvc - ok
11:53:07.0969 0x031c circlass - ok
11:53:07.0974 0x031c cleanhlp - ok
11:53:07.0978 0x031c CLFS - ok
11:53:07.0982 0x031c clr_optimization_v2.0.50727_32 - ok
11:53:07.0986 0x031c clr_optimization_v2.0.50727_64 - ok
11:53:08.0002 0x031c clr_optimization_v4.0.30319_32 - ok
11:53:08.0008 0x031c clr_optimization_v4.0.30319_64 - ok
11:53:08.0012 0x031c CmBatt - ok
11:53:08.0016 0x031c cmdide - ok
11:53:08.0020 0x031c CNG - ok
11:53:08.0024 0x031c Compbatt - ok
11:53:08.0030 0x031c CompositeBus - ok
11:53:08.0037 0x031c COMSysApp - ok
11:53:08.0041 0x031c crcdisk - ok
11:53:08.0051 0x031c CryptSvc - ok
11:53:08.0057 0x031c DcomLaunch - ok
11:53:08.0064 0x031c defragsvc - ok
11:53:08.0068 0x031c DfsC - ok
11:53:08.0072 0x031c Dhcp - ok
11:53:08.0076 0x031c discache - ok
11:53:08.0083 0x031c Disk - ok
11:53:08.0106 0x031c Dnscache - ok
11:53:08.0112 0x031c dot3svc - ok
11:53:08.0119 0x031c DPS - ok
11:53:08.0123 0x031c drmkaud - ok
11:53:08.0127 0x031c DXGKrnl - ok
11:53:08.0131 0x031c E1G60 - ok
11:53:08.0134 0x031c EapHost - ok
11:53:08.0138 0x031c ebdrv - ok
11:53:08.0142 0x031c EFS - ok
11:53:08.0147 0x031c ehRecvr - ok
11:53:08.0152 0x031c ehSched - ok
11:53:08.0155 0x031c elxstor - ok
11:53:08.0160 0x031c epmntdrv - ok
11:53:08.0167 0x031c ErrDev - ok
11:53:08.0191 0x031c EuGdiDrv - ok
11:53:08.0199 0x031c EventSystem - ok
11:53:08.0203 0x031c exfat - ok
11:53:08.0207 0x031c fastfat - ok
11:53:08.0211 0x031c Fax - ok
11:53:08.0214 0x031c fdc - ok
11:53:08.0218 0x031c fdPHost - ok
11:53:08.0222 0x031c FDResPub - ok
11:53:08.0225 0x031c FileInfo - ok
11:53:08.0232 0x031c FileOpenManager - ok
11:53:08.0237 0x031c Filetrace - ok
11:53:08.0241 0x031c flpydisk - ok
11:53:08.0245 0x031c FltMgr - ok
11:53:08.0249 0x031c FontCache - ok
11:53:08.0253 0x031c FontCache3.0.0.0 - ok
11:53:08.0257 0x031c FsDepends - ok
11:53:08.0261 0x031c Fs_Rec - ok
11:53:08.0267 0x031c fvevol - ok
11:53:08.0271 0x031c gagp30kx - ok
11:53:08.0275 0x031c GamesAppService - ok
11:53:08.0282 0x031c gpsvc - ok
11:53:08.0290 0x031c gupdate - ok
11:53:08.0296 0x031c gupdatem - ok
11:53:08.0301 0x031c hcw85cir - ok
11:53:08.0305 0x031c HdAudAddService - ok
11:53:08.0309 0x031c HDAudBus - ok
11:53:08.0315 0x031c HidBatt - ok
11:53:08.0319 0x031c HidBth - ok
11:53:08.0324 0x031c HidIr - ok
11:53:08.0328 0x031c hidserv - ok
11:53:08.0331 0x031c HidUsb - ok
11:53:08.0335 0x031c hkmsvc - ok
11:53:08.0339 0x031c HomeGroupListener - ok
11:53:08.0344 0x031c HomeGroupProvider - ok
11:53:08.0350 0x031c HpSAMD - ok
11:53:08.0353 0x031c HTTP - ok
11:53:08.0357 0x031c hwpolicy - ok
11:53:08.0361 0x031c i8042prt - ok
11:53:08.0365 0x031c iaStorV - ok
11:53:08.0368 0x031c idsvc - ok
11:53:08.0372 0x031c IEEtwCollectorService - ok
11:53:08.0376 0x031c iirsp - ok
11:53:08.0381 0x031c IKEEXT - ok
11:53:08.0393 0x031c IntcAzAudAddService - ok
11:53:08.0397 0x031c intelide - ok
11:53:08.0401 0x031c intelppm - ok
11:53:08.0405 0x031c IPBusEnum - ok
11:53:08.0409 0x031c IpFilterDriver - ok
11:53:08.0415 0x031c iphlpsvc - ok
11:53:08.0419 0x031c IPMIDRV - ok
11:53:08.0423 0x031c IPNAT - ok
11:53:08.0428 0x031c IRENUM - ok
11:53:08.0432 0x031c isapnp - ok
11:53:08.0435 0x031c iScsiPrt - ok
11:53:08.0439 0x031c kbdclass - ok
11:53:08.0443 0x031c kbdhid - ok
11:53:08.0450 0x031c KeyIso - ok
11:53:08.0453 0x031c KSecDD - ok
11:53:08.0457 0x031c KSecPkg - ok
11:53:08.0461 0x031c ksthunk - ok
11:53:08.0465 0x031c KtmRm - ok
11:53:08.0469 0x031c LanmanServer - ok
11:53:08.0473 0x031c LanmanWorkstation - ok
11:53:08.0480 0x031c Live Updater Service - ok
11:53:08.0485 0x031c lltdio - ok
11:53:08.0489 0x031c lltdsvc - ok
11:53:08.0493 0x031c lmhosts - ok
11:53:08.0498 0x031c LSI_FC - ok
11:53:08.0502 0x031c LSI_SAS - ok
11:53:08.0506 0x031c LSI_SAS2 - ok
11:53:08.0511 0x031c LSI_SCSI - ok
11:53:08.0516 0x031c luafv - ok
11:53:08.0520 0x031c McAWFwk - ok
11:53:08.0524 0x031c McOobeSv - ok
11:53:08.0528 0x031c Mcx2Svc - ok
11:53:08.0532 0x031c megasas - ok
11:53:08.0536 0x031c MegaSR - ok
11:53:08.0540 0x031c mfewfpk - ok
11:53:08.0545 0x031c MMCSS - ok
11:53:08.0551 0x031c Modem - ok
11:53:08.0555 0x031c monitor - ok
11:53:08.0559 0x031c mouclass - ok
11:53:08.0562 0x031c mouhid - ok
11:53:08.0566 0x031c mountmgr - ok
11:53:08.0570 0x031c MozillaMaintenance - ok
11:53:08.0574 0x031c mpio - ok
11:53:08.0580 0x031c mpsdrv - ok
11:53:08.0585 0x031c MpsSvc - ok
11:53:08.0589 0x031c MRxDAV - ok
11:53:08.0593 0x031c mrxsmb - ok
11:53:08.0596 0x031c mrxsmb10 - ok
11:53:08.0600 0x031c mrxsmb20 - ok
11:53:08.0604 0x031c msahci - ok
11:53:08.0607 0x031c msdsm - ok
11:53:08.0612 0x031c MSDTC - ok
11:53:08.0620 0x031c Msfs - ok
11:53:08.0624 0x031c mshidkmdf - ok
11:53:08.0628 0x031c msisadrv - ok
11:53:08.0633 0x031c MSiSCSI - ok
11:53:08.0636 0x031c msiserver - ok
11:53:08.0640 0x031c MSKSSRV - ok
11:53:08.0645 0x031c MSPCLOCK - ok
11:53:08.0650 0x031c MSPQM - ok
11:53:08.0654 0x031c MsRPC - ok
11:53:08.0660 0x031c mssmbios - ok
11:53:08.0664 0x031c MSTEE - ok
11:53:08.0667 0x031c MTConfig - ok
11:53:08.0671 0x031c Mup - ok
11:53:08.0675 0x031c napagent - ok
11:53:08.0683 0x031c NativeWifiP - ok
11:53:08.0687 0x031c NAUpdate - ok
11:53:08.0691 0x031c NDIS - ok
11:53:08.0695 0x031c NdisCap - ok
11:53:08.0698 0x031c NdisTapi - ok
11:53:08.0702 0x031c Ndisuio - ok
11:53:08.0706 0x031c NdisWan - ok
11:53:08.0711 0x031c NDProxy - ok
11:53:08.0717 0x031c NetBIOS - ok
11:53:08.0720 0x031c NetBT - ok
11:53:08.0724 0x031c Netlogon - ok
11:53:08.0729 0x031c Netman - ok
11:53:08.0734 0x031c NetMsmqActivator - ok
11:53:08.0738 0x031c NetPipeActivator - ok
11:53:08.0742 0x031c netprofm - ok
11:53:08.0748 0x031c NetTcpActivator - ok
11:53:08.0752 0x031c NetTcpPortSharing - ok
11:53:08.0756 0x031c nfrd960 - ok
11:53:08.0760 0x031c NlaSvc - ok
11:53:08.0764 0x031c Npfs - ok
11:53:08.0768 0x031c nsi - ok
11:53:08.0772 0x031c nsiproxy - ok
11:53:08.0783 0x031c Ntfs - ok
11:53:08.0787 0x031c Null - ok
11:53:08.0790 0x031c nvraid - ok
11:53:08.0794 0x031c nvstor - ok
11:53:08.0798 0x031c nv_agp - ok
11:53:08.0802 0x031c ohci1394 - ok
11:53:08.0805 0x031c ose - ok
11:53:08.0811 0x031c osppsvc - ok
11:53:08.0819 0x031c p2pimsvc - ok
11:53:08.0822 0x031c p2psvc - ok
11:53:08.0827 0x031c Parport - ok
11:53:08.0830 0x031c partmgr - ok
11:53:08.0835 0x031c PcaSvc - ok
11:53:08.0839 0x031c PCDSRVC{1AD96DDB-27B07940-06020200}_0 - ok
11:53:08.0844 0x031c pci - ok
11:53:08.0850 0x031c pciide - ok
11:53:08.0854 0x031c pcmcia - ok
11:53:08.0858 0x031c pcw - ok
11:53:08.0861 0x031c PEAUTH - ok
11:53:08.0867 0x031c PerfHost - ok
11:53:08.0876 0x031c pla - ok
11:53:08.0882 0x031c PlugPlay - ok
11:53:08.0886 0x031c PNRPAutoReg - ok
11:53:08.0889 0x031c PNRPsvc - ok
11:53:08.0893 0x031c PolicyAgent - ok
11:53:08.0899 0x031c Power - ok
11:53:08.0903 0x031c PptpMiniport - ok
11:53:08.0906 0x031c Processor - ok
11:53:08.0911 0x031c ProfSvc - ok
11:53:08.0917 0x031c ProtectedStorage - ok
11:53:08.0920 0x031c Psched - ok
11:53:08.0924 0x031c ql2300 - ok
11:53:08.0928 0x031c ql40xx - ok
11:53:08.0931 0x031c QWAVE - ok
11:53:08.0935 0x031c QWAVEdrv - ok
11:53:08.0940 0x031c RasAcd - ok
11:53:08.0945 0x031c RasAgileVpn - ok
11:53:08.0950 0x031c RasAuto - ok
11:53:08.0955 0x031c Rasl2tp - ok
11:53:08.0959 0x031c RasMan - ok
11:53:08.0962 0x031c RasPppoe - ok
11:53:08.0966 0x031c RasSstp - ok
11:53:08.0970 0x031c rdbss - ok
11:53:08.0973 0x031c rdpbus - ok
11:53:08.0979 0x031c RDPCDD - ok
11:53:08.0986 0x031c RDPENCDD - ok
11:53:08.0992 0x031c RDPREFMP - ok
11:53:08.0996 0x031c RDPWD - ok
11:53:09.0000 0x031c rdyboost - ok
11:53:09.0004 0x031c RemoteAccess - ok
11:53:09.0007 0x031c RemoteRegistry - ok
11:53:09.0012 0x031c RpcEptMapper - ok
11:53:09.0018 0x031c RpcLocator - ok
11:53:09.0022 0x031c RpcSs - ok
11:53:09.0026 0x031c rspndr - ok
11:53:09.0030 0x031c RTL8167 - ok
11:53:09.0035 0x031c SamSs - ok
11:53:09.0039 0x031c SbieDrv - ok
11:53:09.0043 0x031c SbieSvc - ok
11:53:09.0048 0x031c sbp2port - ok
11:53:09.0053 0x031c SCardSvr - ok
11:53:09.0057 0x031c scfilter - ok
11:53:09.0061 0x031c Schedule - ok
11:53:09.0065 0x031c SCPolicySvc - ok
11:53:09.0069 0x031c SDRSVC - ok
11:53:09.0072 0x031c secdrv - ok
11:53:09.0078 0x031c seclogon - ok
11:53:09.0083 0x031c SENS - ok
11:53:09.0087 0x031c SensrSvc - ok
11:53:09.0090 0x031c Serenum - ok
11:53:09.0094 0x031c Serial - ok
11:53:09.0098 0x031c sermouse - ok
11:53:09.0106 0x031c SessionEnv - ok
11:53:09.0111 0x031c sffdisk - ok
11:53:09.0117 0x031c sffp_mmc - ok
11:53:09.0120 0x031c sffp_sd - ok
11:53:09.0124 0x031c sfloppy - ok
11:53:09.0128 0x031c SharedAccess - ok
11:53:09.0131 0x031c ShellHWDetection - ok
11:53:09.0135 0x031c SiSRaid2 - ok
11:53:09.0142 0x031c SiSRaid4 - ok
11:53:09.0149 0x031c SkypeUpdate - ok
11:53:09.0152 0x031c Smb - ok
11:53:09.0160 0x031c SNMPTRAP - ok
11:53:09.0164 0x031c spldr - ok
11:53:09.0167 0x031c Spooler - ok
11:53:09.0171 0x031c sppsvc - ok
11:53:09.0174 0x031c sppuinotify - ok
11:53:09.0179 0x031c srv - ok
11:53:09.0184 0x031c srv2 - ok
11:53:09.0188 0x031c srvnet - ok
11:53:09.0192 0x031c SSDPSRV - ok
11:53:09.0196 0x031c SstpSvc - ok
11:53:09.0199 0x031c stexstor - ok
11:53:09.0204 0x031c StillCam - ok
11:53:09.0208 0x031c stisvc - ok
11:53:09.0212 0x031c swenum - ok
11:53:09.0217 0x031c swprv - ok
11:53:09.0221 0x031c SysMain - ok
11:53:09.0225 0x031c sysTPLMonitor.exe - ok
11:53:09.0230 0x031c sysTPLService.exe - ok
11:53:09.0233 0x031c TabletInputService - ok
11:53:09.0237 0x031c TapiSrv - ok
11:53:09.0243 0x031c TBS - ok
11:53:09.0249 0x031c Tcpip - ok
11:53:09.0253 0x031c TCPIP6 - ok
11:53:09.0258 0x031c tcpipreg - ok
11:53:09.0264 0x031c TDPIPE - ok
11:53:09.0267 0x031c TDTCP - ok
11:53:09.0271 0x031c tdx - ok
11:53:09.0275 0x031c TeamViewer8 - ok
11:53:09.0281 0x031c TermDD - ok
11:53:09.0285 0x031c TermService - ok
11:53:09.0289 0x031c Themes - ok
11:53:09.0293 0x031c THREADORDER - ok
11:53:09.0297 0x031c TrkWks - ok
11:53:09.0300 0x031c TrustedInstaller - ok
11:53:09.0305 0x031c tssecsrv - ok
11:53:09.0310 0x031c TsUsbFlt - ok
11:53:09.0316 0x031c TsUsbGD - ok
11:53:09.0320 0x031c tunnel - ok
11:53:09.0324 0x031c uagp35 - ok
11:53:09.0328 0x031c udfs - ok
11:53:09.0335 0x031c UI0Detect - ok
11:53:09.0339 0x031c uliagpkx - ok
11:53:09.0344 0x031c umbus - ok
11:53:09.0352 0x031c UmPass - ok
11:53:09.0356 0x031c upnphost - ok
11:53:09.0360 0x031c USBAAPL64 - ok
11:53:09.0364 0x031c usbccgp - ok
11:53:09.0368 0x031c usbcir - ok
11:53:09.0372 0x031c usbehci - ok
11:53:09.0376 0x031c usbfilter - ok
11:53:09.0383 0x031c usbhub - ok
11:53:09.0386 0x031c usbohci - ok
11:53:09.0390 0x031c usbprint - ok
11:53:09.0394 0x031c USBSTOR - ok
11:53:09.0397 0x031c usbuhci - ok
11:53:09.0401 0x031c UxSms - ok
11:53:09.0404 0x031c VaultSvc - ok
11:53:09.0408 0x031c vdrvroot - ok
11:53:09.0414 0x031c vds - ok
11:53:09.0418 0x031c vga - ok
11:53:09.0422 0x031c VgaSave - ok
11:53:09.0426 0x031c vhdmp - ok
11:53:09.0430 0x031c viaide - ok
11:53:09.0433 0x031c volmgr - ok
11:53:09.0437 0x031c volmgrx - ok
11:53:09.0441 0x031c volsnap - ok
11:53:09.0450 0x031c vpnva - ok
11:53:09.0454 0x031c vsmraid - ok
11:53:09.0458 0x031c VSS - ok
11:53:09.0462 0x031c vwifibus - ok
11:53:09.0466 0x031c vwififlt - ok
11:53:09.0469 0x031c W32Time - ok
11:53:09.0475 0x031c WacomPen - ok
11:53:09.0481 0x031c WANARP - ok
11:53:09.0485 0x031c Wanarpv6 - ok
11:53:09.0489 0x031c wanatw - ok
11:53:09.0491 0x031c wbengine - ok
11:53:09.0496 0x031c WbioSrvc - ok
11:53:09.0499 0x031c wcncsvc - ok
11:53:09.0503 0x031c WcsPlugInService - ok
11:53:09.0507 0x031c Wd - ok
11:53:09.0512 0x031c Wdf01000 - ok
11:53:09.0517 0x031c WdiServiceHost - ok
11:53:09.0521 0x031c WdiSystemHost - ok
11:53:09.0524 0x031c WebClient - ok
11:53:09.0528 0x031c Wecsvc - ok
11:53:09.0532 0x031c wercplsupport - ok
11:53:09.0535 0x031c WerSvc - ok
11:53:09.0539 0x031c WfpLwf - ok
11:53:09.0544 0x031c WIMMount - ok
11:53:09.0549 0x031c WinDefend - ok
11:53:09.0558 0x031c WinHttpAutoProxySvc - ok
11:53:09.0562 0x031c Winmgmt - ok
11:53:09.0565 0x031c WinRM - ok
11:53:09.0572 0x031c WinUsb - ok
11:53:09.0577 0x031c Wlansvc - ok
11:53:09.0583 0x031c wlcrasvc - ok
11:53:09.0587 0x031c wlidsvc - ok
11:53:09.0591 0x031c WmiAcpi - ok
11:53:09.0597 0x031c wmiApSrv - ok
11:53:09.0600 0x031c WMPNetworkSvc - ok
11:53:09.0604 0x031c WPCSvc - ok
11:53:09.0608 0x031c WPDBusEnum - ok
11:53:09.0612 0x031c ws2ifsl - ok
11:53:09.0617 0x031c wscsvc - ok
11:53:09.0621 0x031c WSearch - ok
11:53:09.0627 0x031c wuauserv - ok
11:53:09.0630 0x031c WudfPf - ok
11:53:09.0634 0x031c WUDFRd - ok
11:53:09.0637 0x031c wudfsvc - ok
11:53:09.0641 0x031c WwanSvc - ok
11:53:09.0651 0x031c ================ Scan global ===============================
11:53:09.0653 0x031c [ Global ] - ok
11:53:09.0655 0x031c ================ Scan MBR ==================================
11:53:09.0658 0x031c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:53:09.0816 0x031c \Device\Harddisk0\DR0 - ok
11:53:09.0822 0x031c [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR1
11:53:09.0891 0x031c \Device\Harddisk1\DR1 - ok
11:53:09.0892 0x031c ================ Scan VBR ==================================
11:53:09.0895 0x031c [ 8836ADEDC50F5E7AE961668C67704BAE ] \Device\Harddisk1\DR1\Partition1
11:53:09.0896 0x031c \Device\Harddisk1\DR1\Partition1 - ok
11:53:09.0921 0x031c Win FW state via NFP2: enabled
11:53:12.0639 0x031c ============================================================
11:53:12.0639 0x031c Scan finished
11:53:12.0639 0x031c ============================================================
11:53:12.0658 0x16e8 Detected object count: 0
11:53:12.0658 0x16e8 Actual detected object count: 0
Hallo Schrauber, beim Durchschauen eurer Threads ist mir aufgefallen, dass auch jemand ein Problem damit hatte, dass Youtube nicht mehr in der unterschiedlichen Browsern lädt. Ich habe Internet Explorere, Firefox und Chrome jeweils die aktuelle Version und wenn ich einen clip auf Youtube anschauen will, lädt dieser exakt 2 Sekunden und dann stürzt der gesamte Browser ab. Deinstallieren und Neuinstallieren hat jeweils nichts gebracht. Kann das evtl. ein Hinweis sein? Falls wir uns nicht mehr hören, wünsche ich dir ein schönes Wochenende. Danke für deine Hilfe! |
|
29.03.2014, 09:47
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7: Trojaner Proxy-Server 127.0.0.1 Port: 8877 Bitte mal das Programm sysTPL deinstallieren, Proxy entfernen, reboot. Bleibt er weg?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.03.2014, 13:45
| #13 |
| | Windows 7: Trojaner Proxy-Server 127.0.0.1 Port: 8877 Hallo Schrauber, ich hoffe, du hattest ein schönes Wochenende. Hat jetzt tatsächlich erstmal geklappt mit der Deinstallation von diesem sysTPL. Was war oder ist das denn? Und bei welchem Scan ist dir das aufgefallen? Ist ja echt krass. Weiß man, was dieses "Programm" eigentlich wirklich macht? Muss ich mir Sorgen machen, wegen irgendwelcher Passwörter oder ähnlichem? Was ist denn als Spende bei euch angebracht? Herzlichen Dank und viele Grüße! |
|
01.04.2014, 11:32
| #14 | |
| /// the machine /// TB-Ausbilder | Windows 7: Trojaner Proxy-Server 127.0.0.1 Port: 8877 Was das genau ist ist noch nicht so ganz raus. Unklare Angaben bei Google. Passwörter ändern ist bei sowas nie verkehrt. Zitat:
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.04.2014, 14:38
| #15 |
| | Windows 7: Trojaner Proxy-Server 127.0.0.1 Port: 8877 Hallo Sschrauber, ich hab das jetzt einige Zeit beobachtet und der Proxy schaltet sich nicht mehr ein. Soweit so gut. Allerdings kann ich keine youtube Videos mehr anschauen. Ich habe mittlerweile in stundenlanger Arbeit versucht, Browser zu deinstallieren und neu zu installieren, sowie die adobe flash player, adobe shockwave und java zu updaten zu deinstallieren und neu zu installieren. Das hat alles rein gar nichts gebracht. Meine Browser (firefox und chrome) stürzen einfach ab. Hat das eher was mit meinem System zu tun oder kann das immer noch eine Art Trojaner sein? Viele Grüße! |
|
| Themen zu Windows 7: Trojaner Proxy-Server 127.0.0.1 Port: 8877 |
| 4d36e972-e325-11ce-bfc1-08002be10318, avira, bonjour, desktop, error, excel, failed, flash player, ftp, google, home, homepage, iexplore.exe, mozilla, msiexec.exe, ntdll.dll, port, problem, proxy-server, realtek, registry, scan, security, services.exe, siteadvisor, svchost.exe, synology, system, teredo, trojaner, trojaner 127.0.0.1:8877, wildtangent games, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
