Malware Antibytes - Funzte als Trial super, startet nun nicht mehr

almir_de · 09.06.2014, 20:54

Hi Leude !
Da mein PC extrem langsam wurde, als vor allem die Internet-Browser während dem Surfen und der Lüfter ständig lief als würde nonstop irgendwas im Hintergrund laufen, habe ich mir mal die trial von Malware Antibytes (2.0.2.1012) runtergeladen und installiert.Nach einem Scan entdeckte Malware-Antibytes wirklich einige Sachen, also etwa 8 infizierte Objekte und schaltete diese auch aus.Und siehe da, plötzlich war der Lüfter so gut wie gar nicht mehr zu hören, die Leistung war wenn ich nichts machte immer bei 0% und so sollte es auch sein, also alles war wieder in Ordnung und ich sehr zufrieden und entschloss mich auch die Vollversion zu kaufen, nachdem die Trial abgelaufen ist.
Da ich meinen Laptop nie ausschalte sondern immer nur zuklappe, also in Standby Modus versetze, hatte ich deshlab auch noch nie Probleme mit Malware Antibytes.Heute jedoch ging mir der Akku leer und das System fuhr herunter.Nach dem Anschließne des NEtzkabels und erneutem Hochfahren wollte Malware Antibytes nicht mehr starten.Windows bringt nur die Meldung, konnte nicht gestartet werden, Schließen oder nach Problem suchen, was bekannterweise ja meistens nicht weiterhilft.ALso hab ich Malware deinstalliert und den Malware Ordner gelöscht und als Administrator versucht Malware wieder neu zu installieren.
Das geht leider auch nur mit einem Haufen Fehlemeldungen von statten und wenn es dann mal fetig installiert ist, startet es genauso wenig wie vorher auch.DIe Fehlermeldung sind folgende :
Internet Fehler : Expression Error Runtime Error at 79:177, später 69:252
External Exception : E06D7363
Das ganze ploppt etwa 5-6 auf, ich klicke es weg und beende die Installation, aber das Programm startet später nicht.
Jetzt frage ich mich was da auf einmal los ist, denn vorher hat es ja 12 Tage lang problemlos funktioniert.Ist das ein Virus/Trojaner der die Installation und den Start blockiert ??
Mein System :
Dell XPS 17 L702X
Windows 7 Ultimate 74 Bit
8GB RAM
2 x 500 GB HDD

Könnt Ihr mir weiterhelfen ???
DANKE

Mfg
ALMIR

Hier noch ein Log von Hijackthis :
ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:56:32, on 09.06.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Users\almir\AppData\Local\Akamai\netsession_win.exe
C:\Users\almir\AppData\Roaming\InetStat\InetStat.exe
C:\Users\almir\AppData\Local\Akamai\netsession_win.exe
C:\Users\almir\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\almir\Downloads\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=8008b00d00000000000014feb59d5174
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\S.A.D\PDF-XChange 4\PXCIEAddin4.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: (no name) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\S.A.D\PDF-XChange 4\PXCIEAddin4.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\almir\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [InetStat] C:\Users\almir\AppData\Roaming\InetStat\InetStat.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_A12E9FB9D03789297D3B82FC452AAE64] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [Google Update] "C:\Users\almir\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MusicManager] "C:\Users\almir\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
O4 - Global Startup: AkrutoSync.lnk = C:\Program Files\Akruto\AkrutoSync.exe
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CyberLink PowerDVD 13 Media Server Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
O23 - Service: CyberLink PowerDVD 13 Media Server Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12011 bytes

schrauber · 10.06.2014, 06:48

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

almir_de · 10.06.2014, 11:16

Hier, bitteschön :

schrauber · 10.06.2014, 18:50

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

almir_de · 10.06.2014, 19:45

So aber jetzt :
FRST.txt
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014
Ran by almir (administrator) on DELL-XPS17 on 10-06-2014 12:11:18
Running from C:\Users\almir\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\almir\AppData\Local\Akamai\netsession_win.exe
() C:\Users\almir\AppData\Roaming\InetStat\InetStat.exe
(Akamai Technologies, Inc.) C:\Users\almir\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Users\almir\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AppWork GmbH) C:\Users\almir\AppData\Local\JDownloader v2.0\JDownloader2.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-872936652-3082056053-4258201691-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-872936652-3082056053-4258201691-1000\...\Run: [Akamai NetSession Interface] => C:\Users\almir\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-872936652-3082056053-4258201691-1000\...\Run: [InetStat] => C:\Users\almir\AppData\Roaming\InetStat\InetStat.exe [506336 2014-05-17] ()
HKU\S-1-5-21-872936652-3082056053-4258201691-1000\...\Run: [GoogleChromeAutoLaunch_A12E9FB9D03789297D3B82FC452AAE64] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-14] (Google Inc.)
HKU\S-1-5-21-872936652-3082056053-4258201691-1000\...\Run: [Google Update] => C:\Users\almir\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-07] (Google Inc.)
HKU\S-1-5-21-872936652-3082056053-4258201691-1000\...\Run: [MusicManager] => C:\Users\almir\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)
HKU\S-1-5-21-872936652-3082056053-4258201691-1000\...\MountPoints2: {04bd4b30-ebf5-11e2-ade8-bc77370d7afe} - G:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-872936652-3082056053-4258201691-1000\...\MountPoints2: {04bd4b38-ebf5-11e2-ade8-bc77370d7afe} - G:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-872936652-3082056053-4258201691-1000\...\MountPoints2: {04bd4b48-ebf5-11e2-ade8-bc77370d7afe} - G:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-872936652-3082056053-4258201691-1000\...\MountPoints2: {58f39036-f00c-11e3-9d15-bc77370d7afe} - G:\AutoRun.exe
HKU\S-1-5-21-872936652-3082056053-4258201691-1000\...\MountPoints2: {d4c41cf5-c128-11e3-83d8-bc77370d7afe} - G:\AutoRun.exe
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
AppInit_DLLs:  c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [266448 2013-05-12] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AkrutoSync.lnk
ShortcutTarget: AkrutoSync.lnk -> C:\Program Files\Akruto\AkrutoSync.exe (Akruto)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=8008b00d00000000000014feb59d5174
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=92de0c7b-c235-4edd-b631-091ea4202e8b&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate={installDate}&type=hp1000
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=92de0c7b-c235-4edd-b631-091ea4202e8b&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate={installDate}&type=hp1000
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss_Btisdt7&mntrId=800814FEB59D5174&affID=121564&tsp=4950
SearchScopes: HKCU - {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {876F04C2-A62E-4559-A2F8-8933E588FA40} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=8008b00d00000000000014feb59d5174&r=999
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\S.A.D\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\S.A.D\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} -  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\S.A.D\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 activation.acronis.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\S.A.D\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\S.A.D\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\S.A.D\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\almir\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\almir\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR HomePage: hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=8008b00d00000000000014feb59d5174
CHR StartupUrls: "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=8008b00d00000000000014feb59d5174"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\almir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-16]
CHR Extension: (Google Drive) - C:\Users\almir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-16]
CHR Extension: (YouTube) - C:\Users\almir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-16]
CHR Extension: (Google-Suche) - C:\Users\almir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-16]
CHR Extension: (Google Wallet) - C:\Users\almir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (YouTube Unblocker) - C:\Users\almir\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2013-06-26]
CHR Extension: (Google Mail) - C:\Users\almir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-16]

==================== Services (Whitelisted) =================

R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-07-05] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2013-07-05] (CyberLink)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-16] (DT Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
R1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [769816 2011-07-09] (www.ext2fsd.com)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-05-12] (NVIDIA Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2013-06-16] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-06-16] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-06-16] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-06-16] (Acronis International GmbH)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-07-06] (CyberLink Corp.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-10 12:11 - 2014-06-10 12:11 - 00018389 _____ () C:\Users\almir\Downloads\FRST.txt
2014-06-10 12:10 - 2014-06-10 12:11 - 00000000 ____D () C:\FRST
2014-06-10 12:09 - 2014-06-10 12:10 - 02080768 _____ (Farbar) C:\Users\almir\Downloads\FRST64.exe
2014-06-09 21:56 - 2014-06-09 22:08 - 00012167 _____ () C:\Users\almir\Downloads\hijackthis.log
2014-06-09 21:55 - 2014-06-09 21:55 - 00388608 _____ (Trend Micro Inc.) C:\Users\almir\Downloads\HiJackThis204.exe
2014-06-09 21:51 - 2014-06-09 21:51 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-09 21:51 - 2014-06-09 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-09 21:51 - 2014-06-09 21:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-09 21:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-09 21:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-09 21:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-09 21:18 - 2014-06-09 21:18 - 00259584 _____ (OldTimer Tools) C:\Users\almir\Downloads\OTH.scr
2014-06-07 07:58 - 2014-06-10 12:06 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-872936652-3082056053-4258201691-1000UA.job
2014-06-07 07:58 - 2014-06-09 08:23 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-872936652-3082056053-4258201691-1000Core.job
2014-06-07 07:58 - 2014-06-07 07:58 - 00918672 _____ (Google Inc.) C:\Users\almir\Downloads\musicmanagerinstaller.exe
2014-06-07 07:58 - 2014-06-07 07:58 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-872936652-3082056053-4258201691-1000UA
2014-06-07 07:58 - 2014-06-07 07:58 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-872936652-3082056053-4258201691-1000Core
2014-06-07 07:58 - 2014-06-07 07:58 - 00000000 ____D () C:\Users\almir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2014-06-07 07:31 - 2014-06-07 08:17 - 00000000 ____D () C:\Users\almir\AppData\Roaming\Mp3tag
2014-06-07 07:30 - 2014-06-07 07:30 - 02638704 _____ () C:\Users\almir\Downloads\mp3tagv259asetup.exe
2014-06-07 07:30 - 2014-06-07 07:30 - 00000985 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-06-07 07:30 - 2014-06-07 07:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-06-07 07:30 - 2014-06-07 07:30 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-06-05 22:22 - 2014-06-05 23:48 - 575516030 _____ () C:\Users\almir\Downloads\Ridge.Racer.PAL.PSP-PGS.rar
2014-06-05 22:14 - 2014-06-05 22:14 - 00205862 _____ () C:\Users\almir\Downloads\cube.elf
2014-06-02 18:06 - 2014-06-02 18:06 - 00000000 ____D () C:\Users\almir\Desktop\i18n
2014-06-02 18:06 - 2012-06-28 10:10 - 00001640 _____ () C:\Users\almir\Desktop\big_flag_ger.bmp
2014-06-02 18:06 - 2012-06-28 10:10 - 00000838 _____ () C:\Users\almir\Desktop\flag_ger.bmp
2014-05-29 09:32 - 2014-05-29 09:32 - 00001160 _____ () C:\Users\almir\Desktop\Content Manager 2.lnk
2014-05-29 09:32 - 2014-05-29 09:32 - 00000000 ____D () C:\Users\almir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Becker
2014-05-29 09:32 - 2014-05-29 09:32 - 00000000 ____D () C:\Users\almir\AppData\Roaming\becker
2014-05-29 09:31 - 2014-05-29 09:31 - 00000000 ____D () C:\Program Files (x86)\Becker
2014-05-29 09:00 - 2014-05-29 09:00 - 00000000 ____D () C:\AdwCleaner
2014-05-29 07:51 - 2014-05-29 07:51 - 01327971 _____ () C:\Users\almir\Downloads\adwcleaner_3.211.exe
2014-05-29 07:51 - 2014-05-29 07:51 - 01327971 _____ () C:\Users\almir\Downloads\A480.tmp
2014-05-29 07:43 - 2014-05-29 07:43 - 00000000 ____D () C:\Users\almir\Documents\Simply Super Software
2014-05-29 07:35 - 2014-05-29 07:39 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-05-29 07:35 - 2014-05-29 07:35 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-29 07:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-29 07:28 - 2014-06-09 21:29 - 00050352 _____ () C:\Windows\PFRO.log
2014-05-29 07:28 - 2014-06-09 21:29 - 00003630 _____ () C:\Windows\setupact.log
2014-05-29 07:28 - 2014-05-29 07:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-29 07:26 - 2014-05-29 07:26 - 00000000 ____D () C:\Windows\pss
2014-05-29 07:22 - 2014-05-29 07:22 - 21407864 _____ (Simply Super Software ) C:\Users\almir\Downloads\trjsetup690.exe
2014-05-29 07:20 - 2014-05-29 07:20 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-29 07:20 - 2014-05-29 07:20 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-29 07:20 - 2014-05-29 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-29 07:20 - 2014-05-29 07:20 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-29 07:19 - 2014-05-29 07:19 - 03673664 _____ (Piriform Ltd) C:\Users\almir\Downloads\ccsetup414_slim.exe
2014-05-29 07:15 - 2014-05-29 07:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-29 07:11 - 2014-05-29 07:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\almir\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-22 04:44 - 2014-05-22 04:44 - 02664443 _____ () C:\Users\almir\Downloads\CG_Android_5.0.14.6.apk
2014-05-22 04:43 - 2014-05-22 04:43 - 08754136 _____ (CyberGhost S.R.L. ) C:\Users\almir\Downloads\CG_5.0.13.14.exe
2014-05-19 12:45 - 2014-05-19 12:45 - 23996027 _____ () C:\Users\almir\Downloads\Qu (1).rar
2014-05-19 12:43 - 2014-05-19 12:43 - 24339661 _____ () C:\Users\almir\Downloads\Qu.rar
2014-05-18 21:35 - 2014-05-18 21:35 - 00000000 ____D () C:\Users\almir\Downloads\Navigon
2014-05-18 21:25 - 2014-05-18 21:25 - 00001339 _____ () C:\Users\Public\Desktop\NAVIGON Fresh.lnk
2014-05-18 21:25 - 2014-05-18 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON
2014-05-18 21:21 - 2014-05-18 21:21 - 00000479 _____ () C:\Users\almir\Downloads\version.xml
2014-05-17 13:40 - 2014-05-17 13:40 - 01488533 _____ () C:\Users\almir\Downloads\13bubopr.rar
2014-05-17 13:22 - 2014-05-17 13:22 - 01186346 _____ () C:\Users\almir\Downloads\SuperSU-0.93-Busybox-1.20.2.zip
2014-05-17 13:20 - 2014-05-17 13:20 - 00511224 _____ (SPC LLC) C:\Users\almir\Downloads\XZipInst.exe
2014-05-17 13:01 - 2014-05-17 13:01 - 00000000 ____D () C:\Users\almir\.android
2014-05-17 12:55 - 2014-05-17 12:55 - 00982298 _____ () C:\Users\almir\Downloads\EFS_Professional_2.1.30_Release.zip
2014-05-17 06:36 - 2014-05-17 06:36 - 00832051 _____ () C:\Users\almir\Downloads\Luniz - I've Got Five On It(short).ogg
2014-05-17 06:34 - 2014-05-17 06:34 - 00000096 _____ () C:\Users\almir\Downloads\playlist.m3u
2014-05-17 06:20 - 2014-05-17 06:20 - 34217448 _____ (DVDVideoSoft Ltd. ) C:\Users\almir\Downloads\FreeAudioConverter-5.0.40.514 (1).exe
2014-05-17 06:19 - 2014-05-29 08:42 - 00003532 _____ () C:\Windows\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
2014-05-17 06:18 - 2014-05-17 06:18 - 00001275 _____ () C:\Users\Public\Desktop\Free MP3 Cutter and Editor.lnk
2014-05-17 06:18 - 2014-05-17 06:18 - 00000000 ____D () C:\Users\almir\AppData\Roaming\InetStat
2014-05-17 06:18 - 2014-05-17 06:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuseTips
2014-05-17 06:18 - 2014-05-17 06:18 - 00000000 ____D () C:\Program Files (x86)\MuseTips
2014-05-17 06:17 - 2014-05-29 09:15 - 00000000 ____D () C:\Users\almir\AppData\Roaming\VOPackage
2014-05-17 06:17 - 2014-05-17 06:17 - 00000000 ____D () C:\Users\almir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-05-17 06:16 - 2014-05-17 06:16 - 00000000 _____ () C:\end
2014-05-17 06:15 - 2014-05-17 06:15 - 01065490 _____ (musetips.com ) C:\Users\almir\Desktop\MP3CutterSetup.exe
2014-05-17 06:12 - 2014-05-17 06:12 - 00001440 _____ () C:\Users\Public\Desktop\Free Audio Converter.lnk
2014-05-17 06:11 - 2014-05-17 06:11 - 34217448 _____ (DVDVideoSoft Ltd. ) C:\Users\almir\Downloads\FreeAudioConverter-5.0.40.514.exe
2014-05-16 21:59 - 2014-05-16 21:59 - 01031912 _____ () C:\Users\almir\Downloads\UPDATE-SuperSU-v1.65.zip
2014-05-16 21:37 - 2014-05-16 21:37 - 00072533 _____ () C:\Users\almir\Downloads\ar.apk
2014-05-16 21:15 - 2014-05-16 21:15 - 07486469 _____ () C:\Users\almir\Downloads\CWM-Recovery-gt-i9295_v1-2.tar.md5 (1).zip
2014-05-16 20:34 - 2013-08-09 22:36 - 07495745 _____ () C:\Users\almir\Downloads\CWM-Recovery-gt-i9295_v1-2.tar.md5
2014-05-16 20:28 - 2014-05-16 20:28 - 01206230 _____ () C:\Users\almir\Downloads\UPDATE-SuperSU-v1.94.zip
2014-05-16 20:21 - 2014-05-16 20:21 - 07486469 _____ () C:\Users\almir\Downloads\CWM-Recovery-gt-i9295_v1-2.tar.md5.zip
2014-05-16 20:20 - 2014-05-16 20:20 - 00319398 _____ () C:\Users\almir\Downloads\TriangleAway-v3.26.apk
2014-05-15 04:52 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 04:52 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 04:52 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 04:52 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 04:52 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 04:52 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 12:11 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 12:11 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 12:11 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 12:11 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 12:11 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 12:11 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 12:11 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 12:11 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 12:11 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 12:11 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 12:11 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 12:11 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 12:11 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 12:11 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 12:11 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 12:11 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 12:11 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 12:11 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 12:11 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 12:11 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 12:11 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 12:11 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 12:11 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 12:11 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 12:11 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 12:11 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 12:11 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 12:11 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 12:11 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 12:11 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 12:11 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 12:11 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 12:11 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 12:11 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 12:11 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 12:11 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 12:11 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 12:11 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 12:11 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 12:11 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 12:11 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 12:11 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 12:11 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 12:11 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 12:11 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-12 21:10 - 2014-05-12 21:10 - 02378203 _____ () C:\Users\almir\Downloads\cartoonstyle.zip

==================== One Month Modified Files and Folders =======

2014-06-10 12:11 - 2014-06-10 12:11 - 00018389 _____ () C:\Users\almir\Downloads\FRST.txt
2014-06-10 12:11 - 2014-06-10 12:10 - 00000000 ____D () C:\FRST
2014-06-10 12:11 - 2013-06-16 18:19 - 00000000 ____D () C:\Users\almir\AppData\Local\Temp
2014-06-10 12:11 - 2013-06-16 18:13 - 01325478 _____ () C:\Windows\WindowsUpdate.log
2014-06-10 12:10 - 2014-06-10 12:09 - 02080768 _____ (Farbar) C:\Users\almir\Downloads\FRST64.exe
2014-06-10 12:08 - 2013-06-16 19:55 - 00000000 ____D () C:\Users\almir\AppData\Local\JDownloader v2.0
2014-06-10 12:06 - 2014-06-07 07:58 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-872936652-3082056053-4258201691-1000UA.job
2014-06-10 12:06 - 2013-11-14 16:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 12:06 - 2013-06-16 19:53 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-10 05:07 - 2013-06-16 19:53 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-09 22:08 - 2014-06-09 21:56 - 00012167 _____ () C:\Users\almir\Downloads\hijackthis.log
2014-06-09 21:55 - 2014-06-09 21:55 - 00388608 _____ (Trend Micro Inc.) C:\Users\almir\Downloads\HiJackThis204.exe
2014-06-09 21:51 - 2014-06-09 21:51 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-09 21:51 - 2014-06-09 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-09 21:51 - 2014-06-09 21:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-09 21:36 - 2009-07-14 06:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-09 21:36 - 2009-07-14 06:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-09 21:34 - 2013-05-22 12:25 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-06-09 21:34 - 2013-05-22 12:25 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-06-09 21:34 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-09 21:29 - 2014-05-29 07:28 - 00050352 _____ () C:\Windows\PFRO.log
2014-06-09 21:29 - 2014-05-29 07:28 - 00003630 _____ () C:\Windows\setupact.log
2014-06-09 21:29 - 2013-06-16 19:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-09 21:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-09 21:18 - 2014-06-09 21:18 - 00259584 _____ (OldTimer Tools) C:\Users\almir\Downloads\OTH.scr
2014-06-09 08:23 - 2014-06-07 07:58 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-872936652-3082056053-4258201691-1000Core.job
2014-06-07 08:17 - 2014-06-07 07:31 - 00000000 ____D () C:\Users\almir\AppData\Roaming\Mp3tag
2014-06-07 07:58 - 2014-06-07 07:58 - 00918672 _____ (Google Inc.) C:\Users\almir\Downloads\musicmanagerinstaller.exe
2014-06-07 07:58 - 2014-06-07 07:58 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-872936652-3082056053-4258201691-1000UA
2014-06-07 07:58 - 2014-06-07 07:58 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-872936652-3082056053-4258201691-1000Core
2014-06-07 07:58 - 2014-06-07 07:58 - 00000000 ____D () C:\Users\almir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2014-06-07 07:58 - 2013-06-16 19:53 - 00000000 ____D () C:\Users\almir\AppData\Local\Google
2014-06-07 07:30 - 2014-06-07 07:30 - 02638704 _____ () C:\Users\almir\Downloads\mp3tagv259asetup.exe
2014-06-07 07:30 - 2014-06-07 07:30 - 00000985 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-06-07 07:30 - 2014-06-07 07:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-06-07 07:30 - 2014-06-07 07:30 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-06-05 23:48 - 2014-06-05 22:22 - 575516030 _____ () C:\Users\almir\Downloads\Ridge.Racer.PAL.PSP-PGS.rar
2014-06-05 22:14 - 2014-06-05 22:14 - 00205862 _____ () C:\Users\almir\Downloads\cube.elf
2014-06-02 21:26 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-02 18:06 - 2014-06-02 18:06 - 00000000 ____D () C:\Users\almir\Desktop\i18n
2014-06-01 18:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-05-31 07:04 - 2010-11-21 09:16 - 00000000 ____D () C:\Windows\RemotePackages
2014-05-29 09:32 - 2014-05-29 09:32 - 00001160 _____ () C:\Users\almir\Desktop\Content Manager 2.lnk
2014-05-29 09:32 - 2014-05-29 09:32 - 00000000 ____D () C:\Users\almir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Becker
2014-05-29 09:32 - 2014-05-29 09:32 - 00000000 ____D () C:\Users\almir\AppData\Roaming\becker
2014-05-29 09:31 - 2014-05-29 09:31 - 00000000 ____D () C:\Program Files (x86)\Becker
2014-05-29 09:15 - 2014-05-17 06:17 - 00000000 ____D () C:\Users\almir\AppData\Roaming\VOPackage
2014-05-29 09:00 - 2014-05-29 09:00 - 00000000 ____D () C:\AdwCleaner
2014-05-29 08:42 - 2014-05-17 06:19 - 00003532 _____ () C:\Windows\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
2014-05-29 07:51 - 2014-05-29 07:51 - 01327971 _____ () C:\Users\almir\Downloads\adwcleaner_3.211.exe
2014-05-29 07:51 - 2014-05-29 07:51 - 01327971 _____ () C:\Users\almir\Downloads\A480.tmp
2014-05-29 07:43 - 2014-05-29 07:43 - 00000000 ____D () C:\Users\almir\Documents\Simply Super Software
2014-05-29 07:40 - 2013-08-16 18:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-29 07:39 - 2014-05-29 07:35 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-05-29 07:38 - 2013-06-16 20:44 - 00000000 ____D () C:\ProgramData\Temp
2014-05-29 07:35 - 2014-05-29 07:35 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-29 07:28 - 2014-05-29 07:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-29 07:26 - 2014-05-29 07:26 - 00000000 ____D () C:\Windows\pss
2014-05-29 07:26 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-29 07:23 - 2013-06-30 00:20 - 00000000 ____D () C:\Users\almir\AppData\Roaming\Skype
2014-05-29 07:23 - 2013-06-21 22:50 - 00000000 ____D () C:\Users\almir\AppData\Roaming\uTorrent
2014-05-29 07:23 - 2013-06-16 20:15 - 00000000 ____D () C:\Users\almir\AppData\Roaming\DAEMON Tools Lite
2014-05-29 07:22 - 2014-05-29 07:22 - 21407864 _____ (Simply Super Software ) C:\Users\almir\Downloads\trjsetup690.exe
2014-05-29 07:22 - 2013-06-17 04:08 - 00000000 ____D () C:\Windows\Panther
2014-05-29 07:20 - 2014-05-29 07:20 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-29 07:20 - 2014-05-29 07:20 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-29 07:20 - 2014-05-29 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-29 07:20 - 2014-05-29 07:20 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-29 07:19 - 2014-05-29 07:19 - 03673664 _____ (Piriform Ltd) C:\Users\almir\Downloads\ccsetup414_slim.exe
2014-05-29 07:15 - 2014-05-29 07:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-29 07:14 - 2014-05-29 07:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\almir\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-28 05:24 - 2013-06-22 23:50 - 00000000 ____D () C:\Users\almir\AppData\Roaming\vlc
2014-05-24 10:57 - 2013-06-16 19:53 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-24 05:34 - 2013-06-16 20:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-22 04:44 - 2014-05-22 04:44 - 02664443 _____ () C:\Users\almir\Downloads\CG_Android_5.0.14.6.apk
2014-05-22 04:43 - 2014-05-22 04:43 - 08754136 _____ (CyberGhost S.R.L. ) C:\Users\almir\Downloads\CG_5.0.13.14.exe
2014-05-19 12:45 - 2014-05-19 12:45 - 23996027 _____ () C:\Users\almir\Downloads\Qu (1).rar
2014-05-19 12:43 - 2014-05-19 12:43 - 24339661 _____ () C:\Users\almir\Downloads\Qu.rar
2014-05-18 21:47 - 2013-06-30 12:29 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-05-18 21:35 - 2014-05-18 21:35 - 00000000 ____D () C:\Users\almir\Downloads\Navigon
2014-05-18 21:35 - 2014-02-16 09:10 - 00000000 ____D () C:\Users\almir\Downloads\settings februar
2014-05-18 21:25 - 2014-05-18 21:25 - 00001339 _____ () C:\Users\Public\Desktop\NAVIGON Fresh.lnk
2014-05-18 21:25 - 2014-05-18 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON
2014-05-18 21:21 - 2014-05-18 21:21 - 00000479 _____ () C:\Users\almir\Downloads\version.xml
2014-05-17 13:40 - 2014-05-17 13:40 - 01488533 _____ () C:\Users\almir\Downloads\13bubopr.rar
2014-05-17 13:22 - 2014-05-17 13:22 - 01186346 _____ () C:\Users\almir\Downloads\SuperSU-0.93-Busybox-1.20.2.zip
2014-05-17 13:20 - 2014-05-17 13:20 - 00511224 _____ (SPC LLC) C:\Users\almir\Downloads\XZipInst.exe
2014-05-17 13:01 - 2014-05-17 13:01 - 00000000 ____D () C:\Users\almir\.android
2014-05-17 13:01 - 2013-06-16 18:19 - 00000000 ____D () C:\Users\almir
2014-05-17 12:55 - 2014-05-17 12:55 - 00982298 _____ () C:\Users\almir\Downloads\EFS_Professional_2.1.30_Release.zip
2014-05-17 06:36 - 2014-05-17 06:36 - 00832051 _____ () C:\Users\almir\Downloads\Luniz - I've Got Five On It(short).ogg
2014-05-17 06:34 - 2014-05-17 06:34 - 00000096 _____ () C:\Users\almir\Downloads\playlist.m3u
2014-05-17 06:20 - 2014-05-17 06:20 - 34217448 _____ (DVDVideoSoft Ltd. ) C:\Users\almir\Downloads\FreeAudioConverter-5.0.40.514 (1).exe
2014-05-17 06:18 - 2014-05-17 06:18 - 00001275 _____ () C:\Users\Public\Desktop\Free MP3 Cutter and Editor.lnk
2014-05-17 06:18 - 2014-05-17 06:18 - 00000000 ____D () C:\Users\almir\AppData\Roaming\InetStat
2014-05-17 06:18 - 2014-05-17 06:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuseTips
2014-05-17 06:18 - 2014-05-17 06:18 - 00000000 ____D () C:\Program Files (x86)\MuseTips
2014-05-17 06:17 - 2014-05-17 06:17 - 00000000 ____D () C:\Users\almir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-05-17 06:16 - 2014-05-17 06:16 - 00000000 _____ () C:\end
2014-05-17 06:15 - 2014-05-17 06:15 - 01065490 _____ (musetips.com ) C:\Users\almir\Desktop\MP3CutterSetup.exe
2014-05-17 06:12 - 2014-05-17 06:12 - 00001440 _____ () C:\Users\Public\Desktop\Free Audio Converter.lnk
2014-05-17 06:12 - 2013-07-21 08:07 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-05-17 06:12 - 2013-07-07 09:20 - 00001245 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-05-17 06:12 - 2013-06-22 19:30 - 00000000 ____D () C:\Users\almir\AppData\Roaming\DVDVideoSoft
2014-05-17 06:12 - 2013-06-22 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-17 06:11 - 2014-05-17 06:11 - 34217448 _____ (DVDVideoSoft Ltd. ) C:\Users\almir\Downloads\FreeAudioConverter-5.0.40.514.exe
2014-05-16 21:59 - 2014-05-16 21:59 - 01031912 _____ () C:\Users\almir\Downloads\UPDATE-SuperSU-v1.65.zip
2014-05-16 21:37 - 2014-05-16 21:37 - 00072533 _____ () C:\Users\almir\Downloads\ar.apk
2014-05-16 21:15 - 2014-05-16 21:15 - 07486469 _____ () C:\Users\almir\Downloads\CWM-Recovery-gt-i9295_v1-2.tar.md5 (1).zip
2014-05-16 20:28 - 2014-05-16 20:28 - 01206230 _____ () C:\Users\almir\Downloads\UPDATE-SuperSU-v1.94.zip
2014-05-16 20:21 - 2014-05-16 20:21 - 07486469 _____ () C:\Users\almir\Downloads\CWM-Recovery-gt-i9295_v1-2.tar.md5.zip
2014-05-16 20:20 - 2014-05-16 20:20 - 00319398 _____ () C:\Users\almir\Downloads\TriangleAway-v3.26.apk
2014-05-16 18:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 19:31 - 2013-06-16 18:20 - 00000000 ___RD () C:\Users\almir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 19:31 - 2013-06-16 18:20 - 00000000 ___RD () C:\Users\almir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 19:29 - 2013-06-16 20:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-15 12:02 - 2014-05-07 18:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 12:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-15 04:49 - 2013-06-16 19:32 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 03:26 - 2013-11-14 16:00 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 03:26 - 2013-07-14 07:26 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 03:26 - 2013-07-14 07:26 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-12 21:10 - 2014-05-12 21:10 - 02378203 _____ () C:\Users\almir\Downloads\cartoonstyle.zip
2014-05-12 07:26 - 2014-06-09 21:51 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-09 21:51 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-09 21:51 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\almir\AppData\Local\Temp\proxy_vole467340798029422217.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-05-29 13:30

==================== End Of Log ============================

--- --- ---

Addition.txtFRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-06-2014
Ran by almir at 2014-06-10 12:11:52
Running from C:\Users\almir\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29677 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced Archive Password Recovery (HKLM-x32\...\{01011662-76A8-41E8-B1A8-4F8821570AC5}) (Version: 4.54.48.1338 - Elcomsoft Co. Ltd.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AkrutoSync 3.1.56 (HKLM\...\{024E90DA-8432-40E9-8B31-3C68D1999A36}) (Version: 3.1.56 - Akruto, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bouquet Editor Suite v1.21 Uninstall (HKLM-x32\...\Bouquet Editor Suite_is1) (Version: 1.2.1.0 - )
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
Configo (HKLM-x32\...\{9DDF445F-D818-4280-B182-41FAC10DB715}) (Version: 2.1.7.0 - Philips)
Content Manager 2 (HKLM-x32\...\Content Manager 2) (Version: 3.18.0.342250 - NNG Llc.)
CyberLink PowerDVD 13 (HKLM-x32\...\InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}) (Version: 13.0.3105.58 - CyberLink Corp.)
CyberLink PowerDVD 13 (x32 Version: 13.0.3105.58 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Download Navigator (HKLM-x32\...\{04A86A16-2082-46EE-8AD2-9A6FDC96DD27}) (Version: 3.3.0 - SEIKO EPSON CORPORATION)
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM-x32\...\dreamboxEDIT) (Version:  - )
Druckerdeinstallation für EPSON WF-2540 Series (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.13587 - Landesfinanzdirektion Thüringen)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Ext2Fsd 0.51 (HKLM\...\Ext2Fsd_is1) (Version: 0.51 - Matt Wu)
F1 2012 Version V1.0 (HKLM-x32\...\{BBC8F2F4-C823-4EE8-B176-74DCDEF8F68A}_is1) (Version: V1.0 - ZKY)
F1 2013 (HKLM-x32\...\F1 2013_is1) (Version: F1 2013 - )
F1 2013 Update 6 (HKLM-x32\...\RjEyMDEz_is1) (Version: 1 - )
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
Free Audio Converter version 5.0.40.514 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.40.514 - DVDVideoSoft Ltd.)
Free M4a to MP3 Converter 7.2 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free MP3 Cutter and Editor 2.6 (HKLM-x32\...\Free MP3 Cutter and Editor_is1) (Version:  - musetips.com)
Free Video to iPhone Converter version 5.0.27.717 (HKLM-x32\...\Free Video to iPhone Converter_is1) (Version: 5.0.27.717 - DVDVideoSoft Ltd.)
Free WebM Video Converter version 5.0.26.628 (HKLM-x32\...\Free WebM Video Converter_is1) (Version: 5.0.26.628 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
High-Definition Video Playback 10 (x32 Version: 7.0.11000.25.1 - Nero AG) Hidden
InetStat (HKCU\...\InetStat) (Version: 0.5b - InetStat)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LameXP v4.07 (HKLM-x32\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version: 4.07 Final-1 [Build #1286] - LoRd_MuldeR <mulder2@gmx.de>)
MAGIX Screenshare (HKLM-x32\...\{DAD6325D-55CF-4D30-9DB9-2ADFE02D0777}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\{494420A9-5F25-457B-9BBF-228E6A73B94B}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Video deluxe 17 Premium Download-Version (HKLM-x32\...\MAGIX_MSI_Videodeluxe17_premium) (Version: 10.0.1.14 - MAGIX AG)
MAGIX Video deluxe 17 Premium Download-Version (x32 Version: 10.0.1.14 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaInfo 0.7.64 (HKLM\...\MediaInfo) (Version: 0.7.64 - MediaArea.net)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
Mp3tag v2.59a (HKLM-x32\...\Mp3tag) (Version: v2.59a - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Nero 10 ClipartPack (HKLM-x32\...\{96ED4B78-300E-4033-AE6C-C115CEB4DF07}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 1 (HKLM-x32\...\{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 2 (HKLM-x32\...\{E712C273-7564-4C8E-AA59-0FA19BC35117}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 3 (HKLM-x32\...\{92146419-AE44-4C8B-A48B-0ABB1B5EC026}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.0.10300.0.0 - Nero AG) Hidden
Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.0.10300.1.0 - Nero AG)
Nero 10 Movie ThemePack 2 (HKLM-x32\...\{70F19404-B96C-4EBB-AD2B-3574F8736197}) (Version: 10.0.10300.1.0 - Nero AG)
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10300.1.0 - Nero AG) Hidden
Nero 10 Sample ImagePack (HKLM-x32\...\{ACD15FDF-FC42-4175-B477-576F92FF2256}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Sample Videos (HKLM-x32\...\{92A10E9D-EA00-4A46-8F22-EEA660992D61}) (Version: 10.0.10300.2.0 - Nero AG)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11100.14.101 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.10700.7.100 - Nero AG)
Nero BurningROM 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.10600.9.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.0.11500.1.0 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.13100.0.1 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10500.7.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10400.4.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Dolby Files 10 (x32 Version: 2.0.11000.0.10 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.10500.7.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10400.5.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.11000.6.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.11200 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10600.1.100 - Nero AG)
Nero Recode 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10500.5.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10500.1.100 - Nero AG)
Nero SoundTrax 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.10500.4.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0012 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.10700.4.100 - Nero AG)
Nero Vision 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10500.1.100 - Nero AG)
Nero WaveEditor 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
NVIDIA 3D Vision Treiber 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.18 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.18 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA Optimus 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2018 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 320.18 (Version: 320.18 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden
PDF-XChange 4 Pro (HKLM\...\{E38531EE-318C-4EFB-A36B-1A57BFBDAB3C}_is1) (Version: 4.165.42.2 - Tracker Software Products Ltd)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Skype Toolbars (HKLM-x32\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.)
Skype™ 5.0 (HKLM-x32\...\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}) (Version: 5.0.156 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{A3B308B9-BE96-4334-816F-3D82B19A7DE2}) (Version: 4.1.7 - SEIKO EPSON CORPORATION)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
Tipard MKV Video Converter 6.1.26 (HKLM-x32\...\{A68317E2-08D1-40d1-A705-01A2B166A286}_is1) (Version:  - )
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
True Image 2013 (HKLM-x32\...\{4AA75223-6CBF-46F4-8EE4-7BF0591089F7}Visible) (Version: 16.0.6514 - Acronis)
True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden
True Image 2013 Plus Pack (HKLM-x32\...\{1547FF3D-F82F-46AE-819B-78C7BB3D53EC}) (Version: 16.0.6514 - Acronis)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Vodafone Mobile Connect Lite (HKLM-x32\...\{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}) (Version: 9.4.3.17550 - Vodafone)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
YTD Video Downloader 4.3 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.3 - GreenTree Applications SRL)

==================== Restore Points  =========================

31-05-2014 04:03:41 Windows Update
03-06-2014 10:04:37 Windows Update
06-06-2014 01:00:10 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-06-16 20:37 - 00000860 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activation.acronis.com

==================== Scheduled Tasks (whitelisted) =============

Task: {0CE95AB4-52D5-41A2-9233-20BE752FAD73} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {0EEF3E85-BDA8-4623-A886-A85E4B42A45A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-16] (Google Inc.)
Task: {1F418234-D826-4984-9F3B-6C3D6B74A4E1} - System32\Tasks\{A3A66F1D-FEFD-4694-9D7C-DEB8B0196B7C} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2010-12-03] (Skype Technologies S.A.)
Task: {3A64781E-D22D-4C75-BC74-1A31CFB23826} - System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => C:\Users\almir\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\MinibarChrome.exe
Task: {3FAD02F9-1F14-488C-B20B-AD06CCC95FB2} - System32\Tasks\{3DC59A93-A0F6-476D-97CD-4C161EF5A16A} => Chrome.exe hxxp://ui.skype.com/ui/0/6.7.0.102/en/abandoninstall?page=tsMain
Task: {56BEB86E-9FA2-49B3-83E8-4789DA465B79} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {570B7019-F7AE-448E-90C9-9844522DDFFF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-16] (Google Inc.)
Task: {C99B5ABA-63D2-436F-9290-C4D9D331D4C9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-872936652-3082056053-4258201691-1000UA => C:\Users\almir\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-07] (Google Inc.)
Task: {DCB3D340-8573-4567-94AF-FF52950A66CF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-872936652-3082056053-4258201691-1000Core => C:\Users\almir\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-07] (Google Inc.)
Task: {F4B1D708-00EB-4DEE-BD51-502B08E75857} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-872936652-3082056053-4258201691-1000Core.job => C:\Users\almir\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-872936652-3082056053-4258201691-1000UA.job => C:\Users\almir\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-16 19:35 - 2013-05-12 22:34 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-03-27 22:39 - 2013-03-27 22:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll
2013-06-16 13:08 - 2011-03-07 05:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-05-17 06:18 - 2014-05-17 06:18 - 00506336 _____ () C:\Users\almir\AppData\Roaming\InetStat\InetStat.exe
2014-06-10 12:08 - 2014-06-10 12:08 - 00040448 ____N () C:\Users\almir\AppData\Local\Temp\proxy_vole467340798029422217.dll
2014-06-10 12:08 - 2014-06-10 12:08 - 00566439 _____ () C:\Users\almir\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2014-06-10 12:08 - 2014-06-10 12:08 - 04078962 _____ () C:\Users\almir\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-10 23:06 - 2013-12-10 23:06 - 10683392 _____ () C:\Users\almir\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-12-10 23:06 - 2013-12-10 23:06 - 07741952 _____ () C:\Users\almir\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-12-10 23:06 - 2013-12-10 23:06 - 02248192 _____ () C:\Users\almir\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2013-12-10 23:06 - 2013-12-10 23:06 - 01681408 _____ () C:\Users\almir\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2014-05-15 23:20 - 2014-05-15 23:20 - 00117248 _____ () C:\Users\almir\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-05-15 23:20 - 2014-05-15 23:20 - 00231936 _____ () C:\Users\almir\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-05-15 23:21 - 2014-05-15 23:21 - 00253440 _____ () C:\Users\almir\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-05-15 23:24 - 2014-05-15 23:24 - 00344064 _____ () C:\Users\almir\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-12-10 23:06 - 2013-12-10 23:06 - 00026624 _____ () C:\Users\almir\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2013-01-10 13:43 - 2013-01-10 13:43 - 00014360 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
2013-03-27 22:09 - 2013-03-27 22:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-05-24 10:57 - 2014-05-14 01:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-24 10:57 - 2014-05-14 01:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-24 10:57 - 2014-05-14 01:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-24 10:57 - 2014-05-14 01:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-24 10:57 - 2014-05-14 01:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-05-24 10:57 - 2014-05-14 01:40 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:84317D9CD3E70059
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips Configo.lnk => C:\Windows\pss\Philips Configo.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CloneCDTray => "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
MSCONFIG\startupreg: EPLTarget => 
MSCONFIG\startupreg: Ext2 Volume Manager => C:\Program Files\Ext2Fsd\Ext2Mgr.exe -quiet
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: PowerDVD13Agent => "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
MSCONFIG\startupreg: TrayServer => C:\Program Files (x86)\MAGIX\Video_deluxe_17_Premium_Download-Version\TrayServer.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2014 00:06:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3315489

Error: (06/10/2014 00:06:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3315489

Error: (06/10/2014 00:06:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/10/2014 00:06:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3314491

Error: (06/10/2014 00:06:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3314491

Error: (06/10/2014 00:06:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/10/2014 00:06:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3313492

Error: (06/10/2014 00:06:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3313492

Error: (06/10/2014 00:06:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/10/2014 00:06:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3312494


System errors:
=============
Error: (06/10/2014 11:10:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 13 Media Server Service" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.

Error: (06/10/2014 05:10:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 13 Media Server Service" wurde unerwartet beendet. Dies ist bereits 5 Mal passiert.

Error: (06/10/2014 04:51:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 13 Media Server Service" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.

Error: (06/10/2014 04:47:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 13 Media Server Service" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (06/09/2014 10:47:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 13 Media Server Service" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (06/09/2014 10:16:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 13 Media Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/09/2014 09:29:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
sptd

Error: (06/09/2014 09:29:17 PM) (Source: sptd) (EventID: 4) (User: )
Description: Der Treiber hat einen internen Fehler in seinen Datenstrukturen für  festgestellt.

Error: (06/09/2014 09:28:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (06/09/2014 09:28:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1EF75F33-893B-4E8F-9655-C3D602BA4897}


Microsoft Office Sessions:
=========================
Error: (06/10/2014 00:06:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3315489

Error: (06/10/2014 00:06:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3315489

Error: (06/10/2014 00:06:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/10/2014 00:06:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3314491

Error: (06/10/2014 00:06:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3314491

Error: (06/10/2014 00:06:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/10/2014 00:06:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3313492

Error: (06/10/2014 00:06:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3313492

Error: (06/10/2014 00:06:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/10/2014 00:06:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3312494


CodeIntegrity Errors:
===================================
  Date: 2013-06-16 18:49:44.356
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\NETwNs64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-16 18:49:44.294
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\NETwNs64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 8086.17 MB
Available physical RAM: 5467.04 MB
Total Pagefile: 16170.52 MB
Available Pagefile: 13121.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Volume) (Fixed) (Total:248.33 GB) (Free:152.6 GB) NTFS
Drive d: () (Fixed) (Total:217.42 GB) (Free:111.57 GB) NTFS
Drive f: (Volume) (Fixed) (Total:465.66 GB) (Free:461.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=248 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=217 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 0BD3D5E4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

schrauber · 11.06.2014, 09:47

Zitat:

127.0.0.1 activation.acronis.com

Acronis komplett deinstallieren.

almir_de · 11.06.2014, 17:22

Habe jetzt Acronis komplett deinstalliert, Computer neu gestartet und versucht Malware zu installieren, ohne Erfolg, das selbe Ergebnis wie oben.
Seit gestern geht irgendeine Werbung an, obwohl kein Browser offen ist, keine Ahnung was das ist oder woher das kommt.

schrauber · 12.06.2014, 08:04

Acronis wurde ja auch nur wegen des Cracks deinstalliert.

Adware & Co. deinstallieren

Lade Dir bitte von hier Revo Uninstaller herunter.
Installiere und starte das Programm.
Suche im Uninstallerfeld nach den Programmen, die unter:

diesen Zusatz haben:
Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Malware Antibytes - Funzte als Trial super, startet nun nicht mehr

Plagegeister aller Art und deren Bekämpfung: Malware Antibytes - Funzte als Trial super, startet nun nicht mehr