| |
| |||||||
Log-Analyse und Auswertung: Windows 7: 30 Funde mbam, 2 Funde aviraWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.08.2014, 18:09
| #1 |
 |  Windows 7: 30 Funde mbam, 2 Funde avira FRST log Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-08-2014
Ran by Josef (administrator) on KURTMARKO-PC on 23-08-2014 15:25:53
Running from C:\Users\Josef\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Softwareentwicklung Remus - ArchiCrypt) C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 5\ArchiCryptInjector64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(SIEN S.A.) C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
() C:\Users\Josef\AppData\Roaming\Hub Timer\hub.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerMsg.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\Umbrella212.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3993416 2011-10-04] (O&O Software GmbH)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-05-24] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1957784 2014-07-31] (APN)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191016 2014-05-14] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Iminent] => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IminentMessenger] => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2182236534-1472095680-3225034628-1008\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2011-05-03] (Gadwin Systems, Inc)
HKU\S-1-5-21-2182236534-1472095680-3225034628-1008\...\MountPoints2: {0ae5441f-fc62-11e2-868e-705ab6c9791b} - E:\install.bat
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kurt Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * OODBS
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360510j725l0474z145t5562k54n
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll (SIEN)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll (SIEN)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll ()
BHO-x32: No Name -> {C32F5BF7-6918-4F78-A97A-53CDF7D07C8C} -> C:\Users\Josef\AppData\LocalLow\Internet Explorer BHO\bho.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927
FF SearchEngineOrder.1: Ask Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Josef\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF user.js: detected! => C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\user.js
FF Extension: Foxy Secure 7 - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\connect@foxy-sec.com [2014-08-05]
FF Extension: Iminent - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\firefoxmini@go.im.xpi [2014-08-22]
FF Extension: CookieCuller - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-01-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-06-18]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-08-03]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-08-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 ArchiCrypt Sichere Loeschzonen; C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 5\ArchiCryptInjector64.exe [312032 2010-05-04] (Softwareentwicklung Remus - ArchiCrypt)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 GlobalUpdater; C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe [378152 2014-08-13] (SIEN S.A.)
R2 HubService; C:\Users\Josef\AppData\Roaming\Hub Timer\hub.exe [536576 2014-07-30] () [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2404864 2011-03-24] (Deutsche Telekom AG) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3271496 2011-10-04] (O&O Software GmbH)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\Umbrella212.exe [3571360 2014-08-13] (Iminent)
R2 StarMoney 7.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S1 ACLE6Live; C:\Windows\system32\Drivers\ACLE1764.sys [108800 2011-01-05] (Softwareentwicklung Remus - ArchiCrypt - )
R1 ACLN6Live; C:\Windows\system32\Drivers\ACLE1764.sys [108800 2011-01-05] (Softwareentwicklung Remus - ArchiCrypt - )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 FARMNTIO; c:\windows\system32\drivers\farmntio.sys [24664 2011-01-26] ()
S3 Mass_Storage_Filter; C:\Windows\System32\DRIVERS\Mass_Storage_Filter.sys [13336 2012-07-23] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 S332x64; C:\Windows\System32\DRIVERS\S332x64.sys [78080 2009-10-19] (SCM Microsystems Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-09-13] (Duplex Secure Ltd.)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-23 15:25 - 2014-08-23 15:27 - 00026281 _____ () C:\Users\Josef\Downloads\FRST.txt
2014-08-23 15:25 - 2014-08-23 15:25 - 02102784 _____ (Farbar) C:\Users\Josef\Downloads\FRST64.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00050477 _____ () C:\Users\Josef\Downloads\Defogger.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00000524 _____ () C:\Users\Josef\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000598 _____ () C:\Users\Gast\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000020 _____ () C:\Users\Josef\defogger_reenable
2014-08-23 15:12 - 2014-08-23 15:13 - 00050477 _____ () C:\Users\Gast\Downloads\Defogger.exe
2014-08-22 10:16 - 2014-08-22 10:19 - 00000000 ____D () C:\Users\Gast\Documents\PrintScreen Files
2014-08-22 09:55 - 2014-08-22 09:55 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup[1].exe
2014-08-22 09:48 - 2014-08-22 09:48 - 00000000 ____D () C:\Program Files (x86)\Iminent
2014-08-22 09:47 - 2014-08-22 10:12 - 00000000 ____D () C:\Users\Josef\Documents\PrintScreen Files
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Kurt Marko\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Josef\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Gast\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\Program Files (x86)\Gadwin Systems
2014-08-22 09:46 - 2014-08-22 09:46 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup.exe
2014-08-20 15:29 - 2014-08-20 15:29 - 00000369 _____ () C:\Users\Josef\Downloads\426_1.vcf
2014-08-20 07:38 - 2014-08-20 07:38 - 00000000 ____D () C:\Users\Josef\AppData\Local\Adobe
2014-08-17 10:49 - 2014-08-17 10:49 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(3).exe
2014-08-14 14:24 - 2014-08-14 14:24 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Oracle
2014-08-14 14:23 - 2014-08-14 14:22 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-14 14:22 - 2014-08-14 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-13 22:44 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 22:44 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 22:44 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 22:44 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 22:44 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 22:44 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 22:44 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 22:44 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 21:28 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 21:28 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 21:28 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 21:28 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 21:28 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 21:28 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 21:28 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 21:28 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 21:28 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 21:28 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 21:28 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 21:28 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 21:28 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 21:28 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 21:28 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 21:28 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 21:28 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 21:28 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 21:28 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 21:28 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 21:28 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 21:28 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 21:28 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 21:28 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 21:27 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 21:27 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 21:27 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 21:27 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 21:27 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 21:27 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 21:27 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 21:27 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 21:27 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 21:27 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 21:27 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 21:27 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 21:27 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 21:27 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 21:27 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 21:27 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 21:27 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 21:27 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 21:27 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 21:27 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 21:27 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 21:27 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 21:27 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 21:27 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 21:27 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 21:27 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 21:27 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 21:27 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 21:27 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 21:27 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 21:27 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 21:27 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 21:27 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 21:27 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 21:27 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 21:27 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 21:27 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 21:27 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 21:27 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 21:27 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 21:27 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 21:27 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 21:27 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 21:27 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 21:27 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 21:27 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 21:25 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 21:25 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 21:25 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 21:25 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-06 10:08 - 2014-08-06 10:09 - 00292152 _____ () C:\Windows\Minidump\080614-31340-01.dmp
2014-08-06 10:08 - 2014-08-06 10:08 - 498326879 _____ () C:\Windows\MEMORY.DMP
2014-08-06 10:08 - 2014-08-06 10:08 - 00000000 ____D () C:\Windows\Minidump
2014-08-06 09:26 - 2014-08-22 19:24 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-05 09:43 - 2014-08-05 09:43 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-05 09:36 - 2014-08-05 09:36 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Hub Timer
2014-08-05 09:35 - 2014-08-23 14:04 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Security Systems
2014-08-05 09:35 - 2014-08-05 09:35 - 00002426 _____ () C:\Users\Public\Desktop\Aiseesoft PDF to Word Converter.lnk
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\Documents\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\AppData\Local\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio
2014-08-05 09:30 - 2014-08-05 09:33 - 346485032 _____ ( ) C:\Users\Josef\Desktop\pdf-to-word-converter.exe
2014-07-31 19:19 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 19:19 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 19:19 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 19:19 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 19:19 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 19:18 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 19:18 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 19:18 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 19:18 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 19:37 - 2014-07-30 19:37 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla Firefox
2014-07-29 20:13 - 2014-07-29 20:13 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-29 20:13 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\Program Files\iTunes
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-29 20:12 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iPod
2014-07-27 20:15 - 2014-07-27 20:15 - 00448512 _____ (OldTimer Tools) C:\Users\Josef\Downloads\TFC.exe
2014-07-24 21:13 - 2014-07-24 21:13 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(2).exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-23 15:27 - 2014-08-23 15:25 - 00026281 _____ () C:\Users\Josef\Downloads\FRST.txt
2014-08-23 15:26 - 2014-01-23 11:00 - 00000000 ____D () C:\FRST
2014-08-23 15:25 - 2014-08-23 15:25 - 02102784 _____ (Farbar) C:\Users\Josef\Downloads\FRST64.exe
2014-08-23 15:25 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-23 15:25 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-23 15:23 - 2014-08-23 15:23 - 00050477 _____ () C:\Users\Josef\Downloads\Defogger.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00000524 _____ () C:\Users\Josef\Downloads\defogger_disable.log
2014-08-23 15:21 - 2011-07-15 23:45 - 01394773 _____ () C:\Windows\WindowsUpdate.log
2014-08-23 15:19 - 2012-06-03 21:18 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-23 15:15 - 2013-09-09 22:49 - 00045771 _____ () C:\Windows\setupact.log
2014-08-23 15:15 - 2011-09-23 19:10 - 02449275 _____ () C:\Windows\system32\oodbs.lor
2014-08-23 15:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-23 15:14 - 2014-08-23 15:14 - 00000598 _____ () C:\Users\Gast\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000020 _____ () C:\Users\Josef\defogger_reenable
2014-08-23 15:14 - 2012-05-15 15:04 - 00000000 ____D () C:\Users\Josef
2014-08-23 15:13 - 2014-08-23 15:12 - 00050477 _____ () C:\Users\Gast\Downloads\Defogger.exe
2014-08-23 15:07 - 2009-07-14 06:45 - 00458816 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 15:01 - 2012-06-03 21:18 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-23 14:49 - 2012-05-08 20:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-23 14:04 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Security Systems
2014-08-23 14:04 - 2012-06-03 13:14 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008UA.job
2014-08-22 20:04 - 2012-06-03 13:14 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008Core.job
2014-08-22 19:24 - 2014-08-06 09:26 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-22 19:24 - 2014-06-02 09:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-22 19:24 - 2013-09-14 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-22 19:24 - 2013-09-14 15:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-22 10:19 - 2014-08-22 10:16 - 00000000 ____D () C:\Users\Gast\Documents\PrintScreen Files
2014-08-22 10:12 - 2014-08-22 09:47 - 00000000 ____D () C:\Users\Josef\Documents\PrintScreen Files
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Kurt Marko\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Josef\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Gast\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:55 - 2014-08-22 09:55 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup[1].exe
2014-08-22 09:48 - 2014-08-22 09:48 - 00000000 ____D () C:\Program Files (x86)\Iminent
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\Program Files (x86)\Gadwin Systems
2014-08-22 09:46 - 2014-08-22 09:46 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup.exe
2014-08-21 10:03 - 2014-04-03 08:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-20 20:54 - 2013-01-26 19:54 - 00003494 _____ () C:\Windows\System32\Tasks\Josef NBAgent 5 4
2014-08-20 15:29 - 2014-08-20 15:29 - 00000369 _____ () C:\Users\Josef\Downloads\426_1.vcf
2014-08-20 11:25 - 2010-03-25 05:51 - 00770060 _____ () C:\Windows\system32\perfh007.dat
2014-08-20 11:25 - 2010-03-25 05:51 - 00174240 _____ () C:\Windows\system32\perfc007.dat
2014-08-20 11:25 - 2009-07-14 07:13 - 01796562 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-20 09:28 - 2012-05-15 15:08 - 00000000 ____D () C:\Users\Josef\Valentin
2014-08-20 07:38 - 2014-08-20 07:38 - 00000000 ____D () C:\Users\Josef\AppData\Local\Adobe
2014-08-17 12:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-17 10:49 - 2014-08-17 10:49 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(3).exe
2014-08-14 14:24 - 2014-08-14 14:24 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Oracle
2014-08-14 14:23 - 2013-09-11 20:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-14 14:22 - 2014-08-14 14:23 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-14 14:22 - 2014-08-14 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-14 11:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 06:51 - 2014-05-01 14:26 - 00000000 ____D () C:\Users\Gast
2014-08-14 06:51 - 2011-06-22 21:38 - 00000000 ____D () C:\Users\DefaultAppPool
2014-08-14 06:51 - 2011-03-21 14:14 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-08-14 06:51 - 2010-05-10 15:05 - 00000000 ____D () C:\Users\Kurt Marko
2014-08-14 06:51 - 2010-03-25 05:50 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-08-14 06:51 - 2009-07-14 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-14 06:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-08-13 23:07 - 2010-03-02 12:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 22:59 - 2013-08-14 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 22:51 - 2010-05-10 21:31 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 22:43 - 2014-05-06 21:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 21:12 - 2012-05-08 20:56 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-13 21:12 - 2012-05-08 20:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-13 21:12 - 2011-06-22 12:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-07 04:06 - 2014-08-13 21:25 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 21:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 10:09 - 2014-08-06 10:08 - 00292152 _____ () C:\Windows\Minidump\080614-31340-01.dmp
2014-08-06 10:08 - 2014-08-06 10:08 - 498326879 _____ () C:\Windows\MEMORY.DMP
2014-08-06 10:08 - 2014-08-06 10:08 - 00000000 ____D () C:\Windows\Minidump
2014-08-06 10:08 - 2013-09-09 22:48 - 00265306 _____ () C:\Windows\PFRO.log
2014-08-06 09:26 - 2013-09-14 14:24 - 00000000 ____D () C:\ProgramData\Avira
2014-08-05 09:43 - 2014-08-05 09:43 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-05 09:36 - 2014-08-05 09:36 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Hub Timer
2014-08-05 09:35 - 2014-08-05 09:35 - 00002426 _____ () C:\Users\Public\Desktop\Aiseesoft PDF to Word Converter.lnk
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\Documents\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\AppData\Local\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio
2014-08-05 09:33 - 2014-08-05 09:30 - 346485032 _____ ( ) C:\Users\Josef\Desktop\pdf-to-word-converter.exe
2014-08-05 09:04 - 2011-06-29 09:11 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-08-01 01:41 - 2014-08-13 21:27 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 21:27 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-30 19:37 - 2014-07-30 19:37 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla Firefox
2014-07-29 20:13 - 2014-07-29 20:13 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-29 20:13 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iTunes
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-29 20:12 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iPod
2014-07-27 20:15 - 2014-07-27 20:15 - 00448512 _____ (OldTimer Tools) C:\Users\Josef\Downloads\TFC.exe
2014-07-27 16:36 - 2012-05-15 16:17 - 00000000 ____D () C:\Users\Josef\Michael
2014-07-25 16:52 - 2014-08-13 21:27 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-13 21:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-13 21:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-13 21:27 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-13 21:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-13 21:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:28 - 2014-08-13 21:27 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:25 - 2014-08-13 21:27 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-13 21:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-13 21:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-13 21:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-13 21:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-13 21:27 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-13 21:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-13 21:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-13 21:27 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-13 21:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-13 21:27 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-13 21:27 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-13 21:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-13 21:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-13 21:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-13 21:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:28 - 2014-08-13 21:27 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:21 - 2014-08-13 21:27 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-13 21:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-13 21:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-13 21:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:17 - 2014-08-13 21:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:12 - 2014-08-13 21:27 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-13 21:27 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-13 21:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-13 21:28 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-13 21:27 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-13 21:28 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-13 21:27 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-13 21:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-13 21:27 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-13 21:27 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-13 21:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-13 21:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-13 21:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-13 21:27 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-13 21:27 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-13 21:28 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-13 21:27 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-13 21:27 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-13 21:27 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-13 21:27 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-13 21:27 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-13 21:27 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-13 21:27 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-13 21:27 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-13 21:28 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 21:13 - 2014-07-24 21:13 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(2).exe
2014-07-24 17:50 - 2014-06-18 18:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-24 17:50 - 2013-03-14 21:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 17:50 - 2013-03-14 21:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 17:50 - 2012-10-14 19:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-24 15:42 - 2013-03-14 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 15:21 - 2013-09-14 15:41 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-24 13:50 - 2011-06-26 11:34 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-24 10:59 - 2010-05-17 13:14 - 00000000 ____D () C:\Windows\PCHEALTH
Files to move or delete:
====================
C:\Users\Josef\ccsetup405_slim_4.05.exe
C:\Users\Josef\GoogleEarthSetup.exe
C:\Users\Josef\JRT.exe
C:\Users\Josef\mbam-setup-1.75.0.1300.exe
C:\Users\Josef\vlc-2.0.8_win32.exe
Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\Josef\AppData\Local\Temp\avgnt.exe
C:\Users\Josef\AppData\Local\Temp\IminentSetup_july17.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-17 12:03
==================== End Of Log ============================
|
|
23.08.2014, 18:15
| #2 |
| | Windows 7: 30 Funde mbam, 2 Funde avira FRST additional
__________________Code:
ATTFilter t version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Softwareentwicklung Remus - ArchiCrypt) C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 5\ArchiCryptInjector64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(SIEN S.A.) C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
() C:\Users\Josef\AppData\Roaming\Hub Timer\hub.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerMsg.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\Umbrella212.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3993416 2011-10-04] (O&O Software GmbH)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-05-24] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1957784 2014-07-31] (APN)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191016 2014-05-14] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Iminent] => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IminentMessenger] => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2182236534-1472095680-3225034628-1008\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2011-05-03] (Gadwin Systems, Inc)
HKU\S-1-5-21-2182236534-1472095680-3225034628-1008\...\MountPoints2: {0ae5441f-fc62-11e2-868e-705ab6c9791b} - E:\install.bat
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kurt Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * OODBS
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360510j725l0474z145t5562k54n
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll (SIEN)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll (SIEN)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll ()
BHO-x32: No Name -> {C32F5BF7-6918-4F78-A97A-53CDF7D07C8C} -> C:\Users\Josef\AppData\LocalLow\Internet Explorer BHO\bho.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927
FF SearchEngineOrder.1: Ask Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Josef\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF user.js: detected! => C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\user.js
FF Extension: Foxy Secure 7 - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\connect@foxy-sec.com [2014-08-05]
FF Extension: Iminent - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\firefoxmini@go.im.xpi [2014-08-22]
FF Extension: CookieCuller - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-01-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-06-18]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-08-03]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-08-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 ArchiCrypt Sichere Loeschzonen; C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 5\ArchiCryptInjector64.exe [312032 2010-05-04] (Softwareentwicklung Remus - ArchiCrypt)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 GlobalUpdater; C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe [378152 2014-08-13] (SIEN S.A.)
R2 HubService; C:\Users\Josef\AppData\Roaming\Hub Timer\hub.exe [536576 2014-07-30] () [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2404864 2011-03-24] (Deutsche Telekom AG) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3271496 2011-10-04] (O&O Software GmbH)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\Umbrella212.exe [3571360 2014-08-13] (Iminent)
R2 StarMoney 7.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S1 ACLE6Live; C:\Windows\system32\Drivers\ACLE1764.sys [108800 2011-01-05] (Softwareentwicklung Remus - ArchiCrypt - )
R1 ACLN6Live; C:\Windows\system32\Drivers\ACLE1764.sys [108800 2011-01-05] (Softwareentwicklung Remus - ArchiCrypt - )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 FARMNTIO; c:\windows\system32\drivers\farmntio.sys [24664 2011-01-26] ()
S3 Mass_Storage_Filter; C:\Windows\System32\DRIVERS\Mass_Storage_Filter.sys [13336 2012-07-23] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 S332x64; C:\Windows\System32\DRIVERS\S332x64.sys [78080 2009-10-19] (SCM Microsystems Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-09-13] (Duplex Secure Ltd.)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-23 15:25 - 2014-08-23 15:27 - 00026281 _____ () C:\Users\Josef\Downloads\FRST.txt
2014-08-23 15:25 - 2014-08-23 15:25 - 02102784 _____ (Farbar) C:\Users\Josef\Downloads\FRST64.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00050477 _____ () C:\Users\Josef\Downloads\Defogger.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00000524 _____ () C:\Users\Josef\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000598 _____ () C:\Users\Gast\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000020 _____ () C:\Users\Josef\defogger_reenable
2014-08-23 15:12 - 2014-08-23 15:13 - 00050477 _____ () C:\Users\Gast\Downloads\Defogger.exe
2014-08-22 10:16 - 2014-08-22 10:19 - 00000000 ____D () C:\Users\Gast\Documents\PrintScreen Files
2014-08-22 09:55 - 2014-08-22 09:55 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup[1].exe
2014-08-22 09:48 - 2014-08-22 09:48 - 00000000 ____D () C:\Program Files (x86)\Iminent
2014-08-22 09:47 - 2014-08-22 10:12 - 00000000 ____D () C:\Users\Josef\Documents\PrintScreen Files
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Kurt Marko\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Josef\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Gast\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\Program Files (x86)\Gadwin Systems
2014-08-22 09:46 - 2014-08-22 09:46 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup.exe
2014-08-20 15:29 - 2014-08-20 15:29 - 00000369 _____ () C:\Users\Josef\Downloads\426_1.vcf
2014-08-20 07:38 - 2014-08-20 07:38 - 00000000 ____D () C:\Users\Josef\AppData\Local\Adobe
2014-08-17 10:49 - 2014-08-17 10:49 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(3).exe
2014-08-14 14:24 - 2014-08-14 14:24 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Oracle
2014-08-14 14:23 - 2014-08-14 14:22 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-14 14:22 - 2014-08-14 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-13 22:44 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 22:44 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 22:44 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 22:44 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 22:44 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 22:44 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 22:44 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 22:44 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 21:28 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 21:28 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 21:28 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 21:28 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 21:28 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 21:28 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 21:28 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 21:28 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 21:28 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 21:28 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 21:28 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 21:28 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 21:28 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 21:28 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 21:28 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 21:28 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 21:28 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 21:28 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 21:28 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 21:28 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 21:28 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 21:28 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 21:28 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 21:28 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 21:27 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 21:27 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 21:27 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 21:27 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 21:27 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 21:27 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 21:27 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 21:27 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 21:27 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 21:27 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 21:27 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 21:27 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 21:27 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 21:27 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 21:27 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 21:27 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 21:27 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 21:27 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 21:27 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 21:27 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 21:27 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 21:27 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 21:27 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 21:27 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 21:27 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 21:27 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 21:27 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 21:27 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 21:27 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 21:27 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 21:27 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 21:27 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 21:27 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 21:27 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 21:27 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 21:27 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 21:27 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 21:27 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 21:27 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 21:27 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 21:27 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 21:27 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 21:27 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 21:27 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 21:27 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 21:27 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 21:25 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 21:25 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 21:25 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 21:25 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-06 10:08 - 2014-08-06 10:09 - 00292152 _____ () C:\Windows\Minidump\080614-31340-01.dmp
2014-08-06 10:08 - 2014-08-06 10:08 - 498326879 _____ () C:\Windows\MEMORY.DMP
2014-08-06 10:08 - 2014-08-06 10:08 - 00000000 ____D () C:\Windows\Minidump
2014-08-06 09:26 - 2014-08-22 19:24 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-05 09:43 - 2014-08-05 09:43 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-05 09:36 - 2014-08-05 09:36 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Hub Timer
2014-08-05 09:35 - 2014-08-23 14:04 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Security Systems
2014-08-05 09:35 - 2014-08-05 09:35 - 00002426 _____ () C:\Users\Public\Desktop\Aiseesoft PDF to Word Converter.lnk
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\Documents\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\AppData\Local\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio
2014-08-05 09:30 - 2014-08-05 09:33 - 346485032 _____ ( ) C:\Users\Josef\Desktop\pdf-to-word-converter.exe
2014-07-31 19:19 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 19:19 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 19:19 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 19:19 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 19:19 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 19:18 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 19:18 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 19:18 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 19:18 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 19:37 - 2014-07-30 19:37 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla Firefox
2014-07-29 20:13 - 2014-07-29 20:13 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-29 20:13 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\Program Files\iTunes
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-29 20:12 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iPod
2014-07-27 20:15 - 2014-07-27 20:15 - 00448512 _____ (OldTimer Tools) C:\Users\Josef\Downloads\TFC.exe
2014-07-24 21:13 - 2014-07-24 21:13 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(2).exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-23 15:27 - 2014-08-23 15:25 - 00026281 _____ () C:\Users\Josef\Downloads\FRST.txt
2014-08-23 15:26 - 2014-01-23 11:00 - 00000000 ____D () C:\FRST
2014-08-23 15:25 - 2014-08-23 15:25 - 02102784 _____ (Farbar) C:\Users\Josef\Downloads\FRST64.exe
2014-08-23 15:25 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-23 15:25 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-23 15:23 - 2014-08-23 15:23 - 00050477 _____ () C:\Users\Josef\Downloads\Defogger.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00000524 _____ () C:\Users\Josef\Downloads\defogger_disable.log
2014-08-23 15:21 - 2011-07-15 23:45 - 01394773 _____ () C:\Windows\WindowsUpdate.log
2014-08-23 15:19 - 2012-06-03 21:18 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-23 15:15 - 2013-09-09 22:49 - 00045771 _____ () C:\Windows\setupact.log
2014-08-23 15:15 - 2011-09-23 19:10 - 02449275 _____ () C:\Windows\system32\oodbs.lor
2014-08-23 15:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-23 15:14 - 2014-08-23 15:14 - 00000598 _____ () C:\Users\Gast\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000020 _____ () C:\Users\Josef\defogger_reenable
2014-08-23 15:14 - 2012-05-15 15:04 - 00000000 ____D () C:\Users\Josef
2014-08-23 15:13 - 2014-08-23 15:12 - 00050477 _____ () C:\Users\Gast\Downloads\Defogger.exe
2014-08-23 15:07 - 2009-07-14 06:45 - 00458816 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 15:01 - 2012-06-03 21:18 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-23 14:49 - 2012-05-08 20:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-23 14:04 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Security Systems
2014-08-23 14:04 - 2012-06-03 13:14 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008UA.job
2014-08-22 20:04 - 2012-06-03 13:14 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008Core.job
2014-08-22 19:24 - 2014-08-06 09:26 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-22 19:24 - 2014-06-02 09:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-22 19:24 - 2013-09-14 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-22 19:24 - 2013-09-14 15:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-22 10:19 - 2014-08-22 10:16 - 00000000 ____D () C:\Users\Gast\Documents\PrintScreen Files
2014-08-22 10:12 - 2014-08-22 09:47 - 00000000 ____D () C:\Users\Josef\Documents\PrintScreen Files
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Kurt Marko\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Josef\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Gast\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:55 - 2014-08-22 09:55 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup[1].exe
2014-08-22 09:48 - 2014-08-22 09:48 - 00000000 ____D () C:\Program Files (x86)\Iminent
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\Program Files (x86)\Gadwin Systems
2014-08-22 09:46 - 2014-08-22 09:46 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup.exe
2014-08-21 10:03 - 2014-04-03 08:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-20 20:54 - 2013-01-26 19:54 - 00003494 _____ () C:\Windows\System32\Tasks\Josef NBAgent 5 4
2014-08-20 15:29 - 2014-08-20 15:29 - 00000369 _____ () C:\Users\Josef\Downloads\426_1.vcf
2014-08-20 11:25 - 2010-03-25 05:51 - 00770060 _____ () C:\Windows\system32\perfh007.dat
2014-08-20 11:25 - 2010-03-25 05:51 - 00174240 _____ () C:\Windows\system32\perfc007.dat
2014-08-20 11:25 - 2009-07-14 07:13 - 01796562 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-20 09:28 - 2012-05-15 15:08 - 00000000 ____D () C:\Users\Josef\Valentin
2014-08-20 07:38 - 2014-08-20 07:38 - 00000000 ____D () C:\Users\Josef\AppData\Local\Adobe
2014-08-17 12:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-17 10:49 - 2014-08-17 10:49 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(3).exe
2014-08-14 14:24 - 2014-08-14 14:24 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Oracle
2014-08-14 14:23 - 2013-09-11 20:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-14 14:22 - 2014-08-14 14:23 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-14 14:22 - 2014-08-14 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-14 11:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 06:51 - 2014-05-01 14:26 - 00000000 ____D () C:\Users\Gast
2014-08-14 06:51 - 2011-06-22 21:38 - 00000000 ____D () C:\Users\DefaultAppPool
2014-08-14 06:51 - 2011-03-21 14:14 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-08-14 06:51 - 2010-05-10 15:05 - 00000000 ____D () C:\Users\Kurt Marko
2014-08-14 06:51 - 2010-03-25 05:50 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-08-14 06:51 - 2009-07-14 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-14 06:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-08-13 23:07 - 2010-03-02 12:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 22:59 - 2013-08-14 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 22:51 - 2010-05-10 21:31 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 22:43 - 2014-05-06 21:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 21:12 - 2012-05-08 20:56 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-13 21:12 - 2012-05-08 20:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-13 21:12 - 2011-06-22 12:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-07 04:06 - 2014-08-13 21:25 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 21:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 10:09 - 2014-08-06 10:08 - 00292152 _____ () C:\Windows\Minidump\080614-31340-01.dmp
2014-08-06 10:08 - 2014-08-06 10:08 - 498326879 _____ () C:\Windows\MEMORY.DMP
2014-08-06 10:08 - 2014-08-06 10:08 - 00000000 ____D () C:\Windows\Minidump
2014-08-06 10:08 - 2013-09-09 22:48 - 00265306 _____ () C:\Windows\PFRO.log
2014-08-06 09:26 - 2013-09-14 14:24 - 00000000 ____D () C:\ProgramData\Avira
2014-08-05 09:43 - 2014-08-05 09:43 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-05 09:36 - 2014-08-05 09:36 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Hub Timer
2014-08-05 09:35 - 2014-08-05 09:35 - 00002426 _____ () C:\Users\Public\Desktop\Aiseesoft PDF to Word Converter.lnk
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\Documents\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\AppData\Local\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio
2014-08-05 09:33 - 2014-08-05 09:30 - 346485032 _____ ( ) C:\Users\Josef\Desktop\pdf-to-word-converter.exe
2014-08-05 09:04 - 2011-06-29 09:11 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-08-01 01:41 - 2014-08-13 21:27 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 21:27 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-30 19:37 - 2014-07-30 19:37 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla Firefox
2014-07-29 20:13 - 2014-07-29 20:13 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-29 20:13 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iTunes
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-29 20:12 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iPod
2014-07-27 20:15 - 2014-07-27 20:15 - 00448512 _____ (OldTimer Tools) C:\Users\Josef\Downloads\TFC.exe
2014-07-27 16:36 - 2012-05-15 16:17 - 00000000 ____D () C:\Users\Josef\Michael
2014-07-25 16:52 - 2014-08-13 21:27 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-13 21:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-13 21:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-13 21:27 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-13 21:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-13 21:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:28 - 2014-08-13 21:27 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:25 - 2014-08-13 21:27 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-13 21:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-13 21:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-13 21:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-13 21:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-13 21:27 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-13 21:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-13 21:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-13 21:27 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-13 21:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-13 21:27 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-13 21:27 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-13 21:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-13 21:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-13 21:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-13 21:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:28 - 2014-08-13 21:27 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:21 - 2014-08-13 21:27 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-13 21:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-13 21:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-13 21:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:17 - 2014-08-13 21:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:12 - 2014-08-13 21:27 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-13 21:27 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-13 21:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-13 21:28 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-13 21:27 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-13 21:28 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-13 21:27 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-13 21:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-13 21:27 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-13 21:27 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-13 21:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-13 21:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-13 21:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-13 21:27 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-13 21:27 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-13 21:28 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-13 21:27 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-13 21:27 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-13 21:27 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-13 21:27 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-13 21:27 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-13 21:27 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-13 21:27 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-13 21:27 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-13 21:28 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 21:13 - 2014-07-24 21:13 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(2).exe
2014-07-24 17:50 - 2014-06-18 18:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-24 17:50 - 2013-03-14 21:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 17:50 - 2013-03-14 21:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 17:50 - 2012-10-14 19:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-24 15:42 - 2013-03-14 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 15:21 - 2013-09-14 15:41 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-24 13:50 - 2011-06-26 11:34 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-24 10:59 - 2010-05-17 13:14 - 00000000 ____D () C:\Windows\PCHEALTH
Files to move or delete:
====================
C:\Users\Josef\ccsetup405_slim_4.05.exe
C:\Users\Josef\GoogleEarthSetup.exe
C:\Users\Josef\JRT.exe
C:\Users\Josef\mbam-setup-1.75.0.1300.exe
C:\Users\Josef\vlc-2.0.8_win32.exe
Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\Josef\AppData\Local\Temp\avgnt.exe
C:\Users\Josef\AppData\Local\Temp\IminentSetup_july17.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-17 12:03
==================== End Of Log ============================
GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-23 18:44:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\Josef\AppData\Local\Temp\awddauoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800037f0000 45 bytes [01, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800037f002f 16 bytes [00, 01, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Users\Josef\AppData\Roaming\Hub Timer\hub.exe[2008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Users\Josef\AppData\Roaming\Hub Timer\hub.exe[2008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Umbrella\Umbrella212.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Common Files\Umbrella\Umbrella212.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Umbrella\Umbrella212.exe[1480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Common Files\Umbrella\Umbrella212.exe[1480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[5048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[5048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4240] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4240] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4040:2540] 000007fef9f52bf8
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4040:3196] 000007fef1344830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4040:2500] 000007fef1344830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4040:2548] 000007fef1344830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4040:1388] 000007fef6685124
---- Processes - GMER 2.1 ----
Process C:\Users\Josef\AppData\Roaming\Hub Timer\hub.exe (*** suspicious ***) @ C:\Users\Josef\AppData\Roaming\Hub Timer\hub.exe [2008](2014- 0000000000400000
Library C:\Users\Josef\AppData\Roaming\Hub Timer\sub\default.dll (*** suspicious ***) @ C:\Users\Josef\AppData\Roaming\Hub Timer\hub.exe [2008](2014-08-05 07:36:30) 0000000003050000
---- EOF - GMER 2.1 ----
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 22. August 2014 19:26
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : KURTMARKO-PC
Versionsinformationen:
BUILD.DAT : 14.0.6.552 92022 Bytes 23.07.2014 13:29:00
AVSCAN.EXE : 14.0.6.548 1046608 Bytes 06.08.2014 07:07:06
AVSCANRC.DLL : 14.0.6.522 62544 Bytes 06.08.2014 07:07:06
LUKE.DLL : 14.0.6.522 57936 Bytes 06.08.2014 07:07:27
AVSCPLR.DLL : 14.0.6.548 92752 Bytes 06.08.2014 07:07:07
AVREG.DLL : 14.0.6.522 262224 Bytes 06.08.2014 07:07:04
avlode.dll : 14.0.6.526 603728 Bytes 06.08.2014 07:07:03
avlode.rdf : 14.0.4.42 65114 Bytes 17.07.2014 21:49:01
XBV00009.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:06
XBV00010.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:06
XBV00011.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:06
XBV00012.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:06
XBV00013.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:06
XBV00014.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:06
XBV00015.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:06
XBV00016.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:06
XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:06
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00067.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00068.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00069.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00070.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00071.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00072.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00073.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00074.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00075.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00076.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00077.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00078.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00079.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00080.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00081.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00082.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00083.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00084.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00085.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00086.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00087.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00088.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00089.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:15
XBV00090.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00091.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00092.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00093.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00094.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00095.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00096.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00097.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00098.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00099.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00100.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00101.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00102.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00103.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00104.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00105.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00106.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00107.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00108.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00109.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00110.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00111.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00112.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00113.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00114.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00115.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00116.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00117.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00118.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00119.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00120.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00121.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00122.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00123.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00124.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00125.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00126.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00127.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00128.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00129.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00130.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00131.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00132.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00133.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00134.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00135.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00136.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00137.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00138.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00139.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00140.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00141.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00142.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00143.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00144.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00145.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00146.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00147.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00148.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00149.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00150.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00151.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00152.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00153.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00154.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00155.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00156.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00157.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00158.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00159.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00160.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00161.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00162.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00163.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00164.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00165.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00166.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00167.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00168.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00169.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00170.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00171.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00172.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00173.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00174.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00175.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00176.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00177.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00178.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00179.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00180.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00181.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00182.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00183.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00184.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00185.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00186.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00187.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00188.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00189.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00190.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00191.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00192.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00193.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00194.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00195.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00196.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00197.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00198.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00199.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00200.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00201.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00202.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00203.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00204.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00205.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00206.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00207.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00208.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00209.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00210.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00211.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00212.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00213.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00214.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00215.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00216.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00217.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00218.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00219.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00220.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00221.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00222.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00223.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00224.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00225.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00226.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00227.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00228.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00229.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00230.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00231.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00232.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00233.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00234.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00235.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00236.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00237.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00238.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00239.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00240.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00241.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00242.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00243.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00244.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00245.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00246.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:21
XBV00247.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:21
XBV00248.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:21
XBV00249.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:21
XBV00250.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:21
XBV00251.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:21
XBV00252.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:21
XBV00253.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:21
XBV00254.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:21
XBV00255.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:21
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 13:26:19
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 13:26:22
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 13:26:24
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 13:26:26
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 13:26:29
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 13:26:35
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 17:17:02
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 17:07:42
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 13:45:06
XBV00042.VDF : 8.11.167.234 1073152 Bytes 19.08.2014 12:10:14
XBV00043.VDF : 8.11.167.236 3584 Bytes 19.08.2014 12:10:14
XBV00044.VDF : 8.11.167.238 17408 Bytes 19.08.2014 18:10:12
XBV00045.VDF : 8.11.167.242 7168 Bytes 19.08.2014 18:10:12
XBV00046.VDF : 8.11.167.248 2048 Bytes 19.08.2014 18:10:12
XBV00047.VDF : 8.11.168.26 19968 Bytes 19.08.2014 18:10:12
XBV00048.VDF : 8.11.168.44 10240 Bytes 19.08.2014 11:52:32
XBV00049.VDF : 8.11.168.60 2048 Bytes 19.08.2014 11:52:32
XBV00050.VDF : 8.11.168.78 27136 Bytes 20.08.2014 11:52:32
XBV00051.VDF : 8.11.168.80 2048 Bytes 20.08.2014 11:52:32
XBV00052.VDF : 8.11.168.98 15360 Bytes 20.08.2014 17:51:30
XBV00053.VDF : 8.11.168.100 2048 Bytes 20.08.2014 17:51:30
XBV00054.VDF : 8.11.168.116 28160 Bytes 20.08.2014 06:27:29
XBV00055.VDF : 8.11.168.118 9216 Bytes 20.08.2014 06:27:30
XBV00056.VDF : 8.11.168.120 4096 Bytes 20.08.2014 06:27:30
XBV00057.VDF : 8.11.168.124 12800 Bytes 21.08.2014 06:27:30
XBV00058.VDF : 8.11.168.126 25088 Bytes 21.08.2014 14:36:23
XBV00059.VDF : 8.11.168.132 33280 Bytes 21.08.2014 06:38:11
XBV00060.VDF : 8.11.168.134 2048 Bytes 21.08.2014 06:38:11
XBV00061.VDF : 8.11.168.138 11776 Bytes 21.08.2014 06:38:11
XBV00062.VDF : 8.11.168.140 3584 Bytes 21.08.2014 06:38:11
XBV00063.VDF : 8.11.168.158 3584 Bytes 22.08.2014 12:38:26
XBV00064.VDF : 8.11.168.174 2048 Bytes 22.08.2014 12:38:26
XBV00065.VDF : 8.11.168.180 5120 Bytes 22.08.2014 12:38:26
XBV00066.VDF : 8.11.168.220 7168 Bytes 22.08.2014 12:38:26
LOCAL001.VDF : 8.11.168.220 109023744 Bytes 22.08.2014 12:38:46
Engineversion : 8.3.24.18
AEVDF.DLL : 8.3.1.6 133992 Bytes 20.08.2014 17:51:30
AESCRIPT.DLL : 8.2.0.18 437104 Bytes 22.08.2014 12:38:26
AESCN.DLL : 8.3.2.2 139456 Bytes 21.07.2014 13:38:59
AESBX.DLL : 8.2.20.24 1409224 Bytes 08.05.2014 17:18:01
AERDL.DLL : 8.2.0.138 704888 Bytes 02.12.2013 14:05:13
AEPACK.DLL : 8.4.0.50 792488 Bytes 07.08.2014 13:45:03
AEOFFICE.DLL : 8.3.0.20 216104 Bytes 14.08.2014 16:00:51
AEHEUR.DLL : 8.1.4.1240 7433072 Bytes 22.08.2014 12:38:26
AEHELP.DLL : 8.3.1.0 278728 Bytes 28.05.2014 16:53:50
AEGEN.DLL : 8.1.7.28 450752 Bytes 06.06.2014 18:33:43
AEEXP.DLL : 8.4.2.30 247712 Bytes 22.08.2014 12:38:26
AEEMU.DLL : 8.1.3.4 399264 Bytes 07.08.2014 13:45:01
AEDROID.DLL : 8.4.2.24 442568 Bytes 04.06.2014 16:55:07
AECORE.DLL : 8.3.2.6 243712 Bytes 07.08.2014 13:45:01
AEBB.DLL : 8.1.2.0 60448 Bytes 07.08.2014 13:45:01
AVWINLL.DLL : 14.0.6.522 24144 Bytes 06.08.2014 07:07:01
AVPREF.DLL : 14.0.6.522 50256 Bytes 06.08.2014 07:07:04
AVREP.DLL : 14.0.6.522 219216 Bytes 06.08.2014 07:07:04
AVARKT.DLL : 14.0.5.368 226384 Bytes 01.07.2014 12:04:40
AVEVTLOG.DLL : 14.0.6.522 182352 Bytes 06.08.2014 07:07:02
SQLITE3.DLL : 14.0.6.522 452176 Bytes 06.08.2014 07:07:29
AVSMTP.DLL : 14.0.6.522 76368 Bytes 06.08.2014 07:07:07
NETNT.DLL : 14.0.6.522 13392 Bytes 06.08.2014 07:07:27
RCIMAGE.DLL : 14.0.6.544 4863568 Bytes 06.08.2014 07:07:01
RCTEXT.DLL : 14.0.6.536 74320 Bytes 06.08.2014 07:07:01
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\AVSCAN-20140822-191408-543BEC0C.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Freitag, 22. August 2014 19:26
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library
Versteckter Treiber
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '159' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'PhotoshopElementsFileAgent.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'apnmcp.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArchiCryptInjector64.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'dsiwmis.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'IMGUpdater.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'GregHSRW.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'hub.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'IJPLMSVC.EXE' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Netzmanager_Service.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'NitroPDFReaderDriverService3x64.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'oodag.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'PSIA.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'Umbrella212.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'StarMoneyOnlineUpdate.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'sua.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler64.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'msiexec.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '136' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'itype.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'ipoint.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'oodtray.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'psi_tray.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'TBNotifier.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdf24.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'MMDx64Fx.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerMsg.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMworker.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '27650' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Acer>
[0] Archivtyp: OVL
--> C:\Program Files\Vodafone SmartTabII10\usb\amd64\winusbcoinstaller2.dll
[1] Archivtyp: RSRC
--> C:\Program Files\Vodafone SmartTabII10\usb\amd64\WUDFUpdate_01009.dll
[2] Archivtyp: RSRC
--> C:\Program Files\Vodafone SmartTabII10\usb\i386\winusbcoinstaller2.dll
[3] Archivtyp: RSRC
--> C:\Program Files\Vodafone SmartTabII10\usb\i386\WUDFUpdate_01009.dll
[4] Archivtyp: RSRC
--> C:\Program Files (x86)\EgisTec\MyWinLocker 3\HTCA_SelfExtract.bin
[5] Archivtyp: OVL
--> C:\Users\Josef\AppData\Roaming\Security Systems\uninstall.exe
[6] Archivtyp: ZIP SFX (self extracting)
--> Setup.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/AgentCV.A.6984
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Josef\AppData\Roaming\Security Systems\uninstall.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/AgentCV.A.6984
Beginne mit der Desinfektion:
C:\Users\Josef\AppData\Roaming\Security Systems\uninstall.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/AgentCV.A.6984
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51a9235a.qua' verschoben!
Ende des Suchlaufs: Samstag, 23. August 2014 14:04
Benötigte Zeit: 18:37:30 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
47689 Verzeichnisse wurden überprüft
1142386 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1142384 Dateien ohne Befall
21895 Archive wurden durchsucht
1 Warnungen
1 Hinweise
99 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden
Code:
ATTFilter <?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/08/23 14:51:49 +0200</date>
<logfile>mbam-log-2014-08-23 (14-51-48).xml</logfile>
<isadmin>no</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.08.23.01</malware-database>
<rootkit-database>v2014.08.21.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Gast</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>274940</objects>
<time>732</time>
<processes>0</processes>
<modules>0</modules>
<keys>37</keys>
<values>5</values>
<datas>0</datas>
<folders>4</folders>
<files>18</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GlobalUpdater</path><vendor>PUP.Optional.IMGUpdater.A</vendor><action>delete-on-reboot</action><hash>d82503c65328e74f6bf8a1ef976a758b</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SProtection</path><vendor>PUP.Optional.Iminent</vendor><action>delete-on-reboot</action><hash>0eefbb0e12694ee858a6769dd22f956b</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{C58D664A-3DBC-4925-AE74-0382007DF113}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C58D664A-3DBC-4925-AE74-0382007DF113}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\IminentWebBooster.ScriptExtender.1</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\IminentWebBooster.ScriptExtender</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.ScriptExtender</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.ScriptExtender.1</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\IminentWebBooster.BrowserHelperObject.1</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\IminentWebBooster.BrowserHelperObject</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.BrowserHelperObject</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.BrowserHelperObject.1</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\INPROCSERVER32</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>09f4ac1d92e9dc5a8005802a52b0eb15</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>a4593a8f1f5ce254bdc92a80ae54e020</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>827b8940601b11250d0d75355ea4669a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></key>
<key><path>HKLM\SOFTWARE\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>8e6feedb0f6c0135c7e51bfbe41f06fa</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>c23baa1f3744bf7731cec27e7a8afe02</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\APPID\Iminent.WebBooster.InternetExplorer.DLL</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>a954ad1cabd00b2b25bf241033d1857b</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DatamngrCoordinator.exe</path><vendor>PUP.Optional.DataMangr.A</vendor><action>delete-on-reboot</action><hash>936a5c6d502b53e3091a1cd2ad55718f</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>07f63198e299e5513b71bc5a24df52ae</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>2bd24a7f99e224128c738eb2c93bc040</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\Iminent.WebBooster.InternetExplorer.DLL</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>9469d1f89edd52e4eef63103ae569c64</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\IMGUPDATER</path><vendor>PUP.Optional.IMGUpdater.A</vendor><action>delete-on-reboot</action><hash>f10c9e2b76051d19a3fe3db9e0225aa6</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DatamngrCoordinator.exe</path><vendor>PUP.Optional.DataMangr.A</vendor><action>delete-on-reboot</action><hash>06f78049077466d00d16a846bb4741bf</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\UMBRELLA</path><vendor>PUP.Optional.Umbrella.A</vendor><action>delete-on-reboot</action><hash>feff3f8aa3d895a1e4ad66c7e61ec63a</hash></key>
<value><path>HKLM\SOFTWARE\WOW6432NODE\IMGUPDATER</path><valuename>ConfigBlockJSN</valuename><vendor>PUP.Optional.IMGUpdater.A</vendor><action>delete-on-reboot</action><valuedata>{
"MAIN_SWITCH" : true,
"UPDATABLE" : {
"064A36CC-4404-42F9-B26E-3BFD515F2447" : {
"lastupdated" : 0,
"mindeltatime" : 259200
},
"2C200CBA-D536-40C8-902D-9C34FD10AD85" : {
"lastupdated" : 0,
"localversion" : "0",
"mindeltatime" : 259200
},
"4C973056-22D8-488C-A358-AEA00CC2EC7D" : {
"lastupdated" : 0,
"mindeltatime" : 259200
}
}
}
</valuedata><hash>f10c9e2b76051d19a3fe3db9e0225aa6</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>Iminent</valuename><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><valuedata>C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"</valuedata><hash>3fbee7e2c3b8b1856c0cd51013ef34cc</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>IminentMessenger</valuename><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><valuedata>C:\Program Files (x86)\Iminent\Iminent.Messengers.exe</valuedata><hash>7b821bae3546ef47b1c8e30258aaba46</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\UMBRELLA</path><valuename>MUpdBlock</valuename><vendor>PUP.Optional.Umbrella.A</vendor><action>delete-on-reboot</action><valuedata>{
"MASSUPDATE" : {
"CHROME_MBAR" : {
"Checked" : 1,
"RetryIdx" : 0,
"Version" : 1
},
"FIREFOX_MBAR" : {
"Checked" : 1,
"RetryIdx" : 0,
"Version" : 3
},
"IEXPLORE_BHO" : {
"Checked" : 1,
"RetryIdx" : 0,
"Version" : 4
}
}
}
</valuedata><hash>feff3f8aa3d895a1e4ad66c7e61ec63a</hash></value>
<value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GLOBALUPDATER</path><valuename>ImagePath</valuename><vendor>PUP.Optional.IMGUpdater.A</vendor><action>delete-on-reboot</action><valuedata>C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe</valuedata><hash>4db0a920413aa19584dfef088a78c739</hash></value>
<folder><path>C:\Program Files (x86)\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></folder>
<folder><path>C:\Program Files (x86)\Iminent\inst</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></folder>
<folder><path>C:\Program Files (x86)\Iminent\inst\Bootstrapper</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></folder>
<folder><path>C:\Users\Josef\AppData\Local\Temp\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>f90446836516aa8c555c635a7b87d030</hash></folder>
<file><path>C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe</path><vendor>PUP.Optional.IMGUpdater.A</vendor><action>delete-on-reboot</action><hash>d82503c65328e74f6bf8a1ef976a758b</hash></file>
<file><path>C:\Program Files (x86)\Common Files\Umbrella\Umbrella212.exe</path><vendor>PUP.Optional.Iminent</vendor><action>delete-on-reboot</action><hash>0eefbb0e12694ee858a6769dd22f956b</hash></file>
<file><path>C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></file>
<file><path>C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>02fbcffa314a96a01d8f3d6c7989639d</hash></file>
<file><path>c:\windows\system32\tasks\browser updater</path><vendor>PUP.Optional.HomeTab.A</vendor><action>delete-on-reboot</action><hash>1ce1e8e1d1aa4ceab329cd25bd459e62</hash></file>
<file><path>C:\Program Files (x86)\Iminent\SearchTheWeb.xml</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\iSearch.xml</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\StartWeb.xml</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\USearch.xml</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\inst\isearch.ico</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\inst\main.ico</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\inst\SearchTheWeb.ico</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\inst\Universely.ico</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\inst\Bootstrapper\CustomActionsIminent.dll</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\inst\Bootstrapper\IminentUninstall.exe</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\inst\Bootstrapper\MetroConfig.JSON</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Iminent\inst\Bootstrapper\uninstall.exe</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>24d914b5cead2610ca89bf6a9a6ad12f</hash></file>
<file><path>C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>639a3792d7a4e155164b0623f80ce61a</hash></file>
</items>
</mbam-log>
Code:
ATTFilter <?xml version="1.0" encoding="UTF-8" ?>
<logs>
<record severity="debug" LoggingEventType="1" datetime="2014-08-23T14:51:41.760427+02:00" source="Manual" type="Update" username="SYSTEM" systemname="KURTMARKO-PC" fromVersion="2014.8.22.5" last_modified_tag="9feb2fd6-0a68-4917-ab43-84df2fbc1adb" name="Malware Database" toVersion="2014.8.23.1"></record>
</logs>
hoffentlich kann mir jemand helfen... |
|
24.08.2014, 09:39
| #3 |
| /// the machine /// TB-Ausbilder    | Windows 7: 30 Funde mbam, 2 Funde avira Hi,
__________________Addition.txt von FRST fehlt noch 
__________________ |
|
24.08.2014, 16:00
| #4 |
| | Windows 7: 30 Funde mbam, 2 Funde aviraCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-08-2014
Ran by Josef at 2014-08-23 15:27:42
Running from C:\Users\Josef\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.63 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.1.4 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3002 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3006 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0105.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Active@ ISO Burner (HKLM-x32\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.5.1 - LSoft Technologies)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.2.1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Aiseesoft PDF to Word Converter 3.1.8 (HKLM-x32\...\{3CF515C0-55D9-4591-824F-1934352AC10E}_is1) (Version: - )
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ArchiCrypt Live Version 6.7.9.10014 (HKLM-x32\...\ArchiCrypt Live 6_is1) (Version: 6.7.9.10014 - Softwareentwicklung Patric Remus - ArchiCrypt)
ArchiCrypt Passwort Safe Version 5.5.4.2334 (HKLM-x32\...\ACRYSA5_is1) (Version: 5.5.4.2334 - Softwareentwicklung Patric Remus - ArchiCrypt)
ArchiCrypt Shredder Version 5.7.7.5579 (HKLM-x32\...\ACRYSH5_is1) (Version: 5.7.7.5579 - Softwareentwicklung Remus - ArchiCrypt)
Audiobook Cutter Free Edition (HKLM-x32\...\{B4D5287E-762E-4B80-8BA7-09D804BAF786}) (Version: 1.8.1 - Audiobook Software)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0F05}) (Version: 12.15.5.1034 - APN, LLC)
Backup Manager Basic (x32 Version: 2.0.0.63 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.01 - Broadcom Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon MP830 MP Drivers (HKLM\...\{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}) (Version: - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.)
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version: - )
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - )
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media)
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2529.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.2529.50 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version: - Microsoft)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
dsdminst (x32 Version: 1.01.0002 - Brother Industries, Ltd.) Hidden
Elements 9 Organizer (x32 Version: 9.0 - Ihr Firmenname) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Foxy Secure (HKLM-x32\...\Foxy Secure) (Version: 6 - )
Gadwin PrintScreen (HKLM-x32\...\Gadwin PrintScreen) (Version: 4.6 - Gadwin Systems, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version: - Oberon Media)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
High-Definition Video Playback (x32 Version: 7.3.10800.5.0 - Nero AG) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Iminent (HKLM-x32\...\IMBoosterARP) (Version: 7.5.3.1 - Iminent) <==== ATTENTION
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 3D 1.5.1 (HKLM-x32\...\{32A9C5B3-D166-4C6D-A11E-A54473151000}) (Version: 1.5.1 - Sun Microsystems, Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.6 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 2 - DEU (HKLM-x32\...\{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}) (Version: 2.0.50331.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 - DEU (HKLM-x32\...\{07AC2D83-E795-4AD5-970D-B9BD14A1E411}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools - DEU (HKLM-x32\...\{E5599ADE-1740-483F-817E-3C3E09C95636}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages - DEU (HKLM-x32\...\{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft IntelliType Pro 8.1 (HKLM\...\Microsoft IntelliType Pro 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliType Pro 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK - Deutsch (HKLM-x32\...\{91F54E1D-804A-46D8-A56C-53EA9C4B3177}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK - Deutsch (HKLM-x32\...\{803910CC-3A39-45E3-A594-0D5512A60A86}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
Nero 10 ClipartPack (HKLM-x32\...\{96ED4B78-300E-4033-AE6C-C115CEB4DF07}) (Version: 10.6.10000.11.0 - Nero AG)
Nero 10 Kwik Themes 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.6.10000.1.0 - Nero AG)
Nero 10 Kwik Themes 2 (HKLM-x32\...\{70F19404-B96C-4EBB-AD2B-3574F8736197}) (Version: 10.6.10000.2.0 - Nero AG)
Nero 10 Menu TemplatePack 1 (HKLM-x32\...\{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}) (Version: 10.6.10000.0.0 - Nero AG)
Nero 10 Menu TemplatePack 2 (HKLM-x32\...\{E712C273-7564-4C8E-AA59-0FA19BC35117}) (Version: 10.6.10000.0.0 - Nero AG)
Nero 10 Menu TemplatePack 3 (HKLM-x32\...\{92146419-AE44-4C8B-A48B-0ABB1B5EC026}) (Version: 10.6.10000.1.0 - Nero AG)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.6.10000.0.0 - Nero AG) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero 10 Sample ImagePack (HKLM-x32\...\{ACD15FDF-FC42-4175-B477-576F92FF2256}) (Version: 10.6.10000.11.0 - Nero AG)
Nero 10 Sample Videos (HKLM-x32\...\{92A10E9D-EA00-4A46-8F22-EEA660992D61}) (Version: 10.6.10000.11.0 - Nero AG)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10400.4.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.6.10600.4.100 - Nero AG)
Nero BurningROM 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10300.1.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12600.0.5 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.19800.9.10 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.6.10500.3.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10400.0.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Dolby Files 10 (x32 Version: 2.0.13000.0.10 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10600.4.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10200.0.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.14200.48.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.11200 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.10.10600.4.100 - Nero AG)
Nero Recode 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.10.10300.2.100 - Nero AG)
Nero SoundTrax 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10400.2.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.4.10800.7.100 - Nero AG)
Nero Vision 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.10.10400.3.100 - Nero AG)
Nero WaveEditor 10 Help (CHM) (x32 Version: 1.0.10500 - Nero AG) Hidden
NetObjects Fusion 11.0 (HKLM-x32\...\{C4B698E6-8AB4-4B7E-BCF3-03FE66E103BD}) (Version: 11 German - )
Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.06 - Deutsche Telekom AG)
Netzmanager (Version: 1.06 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Nitro Reader 3 (HKLM\...\{47220B83-D895-4262-9227-E5D8FA7F7384}) (Version: 3.5.2.10 - Nitro)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.616 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6509 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.2.6509 - NewTech Infosystems) Hidden
NuGet (HKLM-x32\...\{BE8DCA37-A15A-4C0B-B601-D18AC34C944D}) (Version: 1.0.20105.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
O&O Defrag Professional (HKLM\...\{83FA8348-A625-48F9-BF38-47E91F963930}) (Version: 15.0.83 - O&O Software GmbH)
PDF24 Creator 6.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-XChange Editor (HKLM-x32\...\{f02eba41-d9bb-4b8d-8682-9288c0802790}) (Version: 5.5.308.0 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 5.5.308.0 - Tracker Software Products (Canada) Ltd.) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QUICKfind (HKLM-x32\...\{593AFFA4-D08E-4272-BABB-420949D32A10}) (Version: - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6015 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.11.9874 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SpeedCommander 10 (HKLM-x32\...\SpeedCommander 10) (Version: 10.0 - SpeedProject)
SPR532 SmartCard Reader V1.87 (HKLM-x32\...\{063368C4-1F03-46C7-92A8-9066AF67B372}) (Version: 1.87 - SCM Microsystems Inc.)
StarMoney (x32 Version: 2.0 - StarFinanz) Hidden
StarMoney 7.0 (HKLM-x32\...\{A43E4943-4471-4C9F-B2C9-31051DED7387}) (Version: 7.0 - Star Finanz GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
USB PnP Sound Device (HKLM\...\C-Media CM108 Like Sound Driver) (Version: - )
Vektoris3D 2.0 (HKLM-x32\...\8458-4195-6614-3708) (Version: - kapieren.de)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3012 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - LENOVO COMPUTER INC. (Mass_Storage_Filter) CDROM (08/21/2012 6.2.8253.0) (HKLM\...\E8D70804D5C578821BCC929565DE41FEF872C27B) (Version: 08/21/2012 6.2.8253.0 - LENOVO COMPUTER INC.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
31-07-2014 17:18:05 Windows Update
13-08-2014 18:06:50 Windows Update
13-08-2014 20:42:58 Windows Update
14-08-2014 12:20:51 Installed Java 7 Update 67
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {019760FD-4CB3-4CA1-9D9E-64FE0B3397F6} - \Software Updater Ui No Task File <==== ATTENTION
Task: {0D8B3372-7EB0-4FD3-A7A5-E6672235968F} - System32\Tasks\Kurt Marko NBAgent 5 4 => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-04-08] (Nero AG)
Task: {13D55EDA-C6A7-4069-816E-445CD4B7E03B} - System32\Tasks\{29275110-6157-4492-8BD3-46D9A4BBE289} => C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2014-08-06] (Avira Operations GmbH & Co. KG)
Task: {1793CD5D-C755-4E4A-8C71-EF7DD43AB043} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {20E0F200-8DE9-4C2C-8A52-AC0B0F041082} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03] (Google Inc.)
Task: {2712B0B8-4333-4D83-B58D-CB9E8AB78B44} - System32\Tasks\Freemium1ClickMaint => C:\Users\Josef\1Click.exe
Task: {365C7539-2EE9-4337-B66F-C1DDD86D8EEB} - System32\Tasks\AdobeAAMUpdater-1.0-KurtMarko-PC-Kurt Marko => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {43EFE5B7-7B37-46EC-ADE8-74FDAAAE93BA} - System32\Tasks\Josef Local Autobackup 5 4 => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBCore.exe [2011-04-08] (Nero AG)
Task: {617F9670-68CC-4329-9CD1-B59F4B8019A6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-13] (Adobe Systems Incorporated)
Task: {64DD0B69-AAEB-4CEB-8AA2-94EF870D8272} - \ProtectedSearch\Protected Search No Task File <==== ATTENTION
Task: {70C0624C-BECD-4233-8931-BE697446B5FA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03] (Google Inc.)
Task: {7CF56BC2-6072-433A-90E4-001AAA7EC134} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {7D9C3FB5-F842-4343-8C96-D968B56F9DBE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008UA => C:\Users\Josef\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: {9F2F77DA-7E82-4DC5-AB97-A9E3E8E585BE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {AD057EE1-5E55-47D0-83F2-EB57B1872D74} - \Software Updater No Task File <==== ATTENTION
Task: {BB550654-D380-4D28-8C2A-282EA4D85DD3} - System32\Tasks\{EF57B1D4-437B-4A06-8E6E-4AD0D7C8BA43} => C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2014-08-06] (Avira Operations GmbH & Co. KG)
Task: {CAD5BE3A-8F40-41F9-9320-F802911DDA9E} - \Browser Updater\Browser Updater No Task File <==== ATTENTION
Task: {E8A3C980-9687-4E06-900B-D6F7A3B5BE11} - System32\Tasks\Josef NBAgent 5 4 => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-04-08] (Nero AG)
Task: {EA927D6C-1E04-4611-A340-E5523BD31B43} - System32\Tasks\{ABC31295-9D6D-4862-ADAB-52F873C15264} => C:\Program Files (x86)\FreeMind\Freemind.exe
Task: {F3ABEB8B-5998-4444-B75B-C5E68EA7DA1C} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-04-13] (Microsoft Corporation)
Task: {FDA46D7A-83E0-4788-AE6A-13385F0487CB} - System32\Tasks\AdobeAAMUpdater-1.0-KurtMarko-PC-Josef => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {FE783D2F-5671-4B1F-8724-5E716F741F49} - System32\Tasks\{9CE0C549-0AE6-4AE6-8CC8-96FD9A6662A9} => C:\Program Files (x86)\FreeMind\Freemind.exe
Task: {FEDECC6D-F643-4712-B3AF-7C0F27AF8D52} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008Core => C:\Users\Josef\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008Core.job => C:\Users\Josef\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008UA.job => C:\Users\Josef\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-08-05 09:36 - 2014-07-30 13:22 - 00536576 _____ () C:\Users\Josef\AppData\Roaming\Hub Timer\hub.exe
2011-06-29 09:13 - 2010-04-05 21:55 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-05 09:36 - 2014-08-05 09:36 - 00374272 _____ () C:\Users\Josef\AppData\Roaming\Hub Timer\sub\default.dll
2010-05-24 17:16 - 2010-05-24 17:16 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-05-24 17:09 - 2010-05-24 17:09 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-02-23 05:04 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-08-06 17:15 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\Gast\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2011-12-07 20:36 - 2009-10-06 15:36 - 00205312 _____ () C:\Program Files (x86)\StarMoney 7.0\ouservice\PATCHW32.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2010-03-02 12:40 - 2009-12-24 03:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-08-19 16:21 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\Josef\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-06-18 18:27 - 2014-07-17 07:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-08-03 11:02 - 2013-08-18 15:36 - 00122880 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\CitaviPickerCommunication.dll
2014-08-13 21:12 - 2014-08-13 21:12 - 17048240 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: EgisTecLiveUpdate => "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Josef\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/23/2014 01:50:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13223783
Error: (08/23/2014 01:50:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13223783
Error: (08/23/2014 01:50:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/22/2014 10:21:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15569
Error: (08/22/2014 10:21:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15569
Error: (08/22/2014 10:21:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/22/2014 09:56:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SoftonicDownloader_fuer_gadwin-printscreen.exe, Version 1.41.3.9 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1190
Startzeit: 01cfbdde609dcfab
Endzeit: 3
Anwendungspfad: C:\Users\Gast\Downloads\SoftonicDownloader_fuer_gadwin-printscreen.exe
Berichts-ID: de235809-29d1-11e4-9fc2-705ab6c9791b
Error: (08/22/2014 09:47:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SoftonicDownloader_fuer_gadwin-printscreen.exe, Version 1.41.3.9 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1614
Startzeit: 01cfbddd0d81dc5f
Endzeit: 5
Anwendungspfad: C:\Users\Gast\Downloads\SoftonicDownloader_fuer_gadwin-printscreen.exe
Berichts-ID: 96d4f58b-29d0-11e4-9fc2-705ab6c9791b
Error: (08/21/2014 10:00:51 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.InvalidOperationException: Die Sequenz enthält keine Elemente.
bei System.Linq.Enumerable.First[TSource](IEnumerable`1 source)
bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(String extensionId)
bei System.Linq.Enumerable.Any[TSource](IEnumerable`1 source, Func`2 predicate)
bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(List`1 extensionIds)
bei Avira.OE.BrowserExtensionConnector.ExtensionStatusMonitor.StartWatching(TimeSpan timeSpan)
bei Avira.OE.BrowserExtensionConnector.AviraBrowserSafetyStatusConnector.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (08/20/2014 08:54:46 PM) (Source: BackItUp5) (EventID: 3374) (User: )
Description: Backup process failed.
System errors:
=============
Error: (08/23/2014 03:18:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ACLE6Live
Error: (08/23/2014 03:17:10 PM) (Source: DCOM) (EventID: 10016) (User: KurtMarko-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}KurtMarko-PCGastS-1-5-21-2182236534-1472095680-3225034628-501LocalHost (unter Verwendung von LRPC)
Error: (08/23/2014 03:09:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ACLE6Live
Error: (08/23/2014 03:09:29 PM) (Source: DCOM) (EventID: 10016) (User: KurtMarko-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}KurtMarko-PCGastS-1-5-21-2182236534-1472095680-3225034628-501LocalHost (unter Verwendung von LRPC)
Error: (08/23/2014 03:08:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (08/23/2014 03:08:34 PM) (Source: DCOM) (EventID: 10016) (User: KurtMarko-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}KurtMarko-PCGastS-1-5-21-2182236534-1472095680-3225034628-501LocalHost (unter Verwendung von LRPC)
Error: (08/23/2014 02:09:04 PM) (Source: DCOM) (EventID: 10016) (User: KurtMarko-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}KurtMarko-PCGastS-1-5-21-2182236534-1472095680-3225034628-501LocalHost (unter Verwendung von LRPC)
Error: (08/23/2014 02:08:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ACLE6Live
Error: (08/23/2014 02:08:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (08/23/2014 02:08:02 PM) (Source: DCOM) (EventID: 10016) (User: KurtMarko-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}KurtMarko-PCGastS-1-5-21-2182236534-1472095680-3225034628-501LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
Error: (08/23/2014 01:50:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13223783
Error: (08/23/2014 01:50:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13223783
Error: (08/23/2014 01:50:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/22/2014 10:21:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15569
Error: (08/22/2014 10:21:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15569
Error: (08/22/2014 10:21:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/22/2014 09:56:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SoftonicDownloader_fuer_gadwin-printscreen.exe1.41.3.9119001cfbdde609dcfab3C:\Users\Gast\Downloads\SoftonicDownloader_fuer_gadwin-printscreen.exede235809-29d1-11e4-9fc2-705ab6c9791b
Error: (08/22/2014 09:47:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SoftonicDownloader_fuer_gadwin-printscreen.exe1.41.3.9161401cfbddd0d81dc5f5C:\Users\Gast\Downloads\SoftonicDownloader_fuer_gadwin-printscreen.exe96d4f58b-29d0-11e4-9fc2-705ab6c9791b
Error: (08/21/2014 10:00:51 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.InvalidOperationException: Die Sequenz enthält keine Elemente.
bei System.Linq.Enumerable.First[TSource](IEnumerable`1 source)
bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(String extensionId)
bei System.Linq.Enumerable.Any[TSource](IEnumerable`1 source, Func`2 predicate)
bei Avira.OE.BrowserExtensionConnector.FirefoxProductInfo.ExtensionIsInstalled(List`1 extensionIds)
bei Avira.OE.BrowserExtensionConnector.ExtensionStatusMonitor.StartWatching(TimeSpan timeSpan)
bei Avira.OE.BrowserExtensionConnector.AviraBrowserSafetyStatusConnector.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (08/20/2014 08:54:46 PM) (Source: BackItUp5) (EventID: 3374) (User: )
Description: Sicherung ist fehlgeschlagen.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 48%
Total physical RAM: 3958.78 MB
Available physical RAM: 2036.38 MB
Total Pagefile: 7915.73 MB
Available Pagefile: 5613.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:584.07 GB) (Free:404.82 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: F3F55134)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=584.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
25.08.2014, 11:28
| #5 |
| /// the machine /// TB-Ausbilder | Windows 7: 30 Funde mbam, 2 Funde avira Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.08.2014, 14:53
| #6 |
| | Windows 7: 30 Funde mbam, 2 Funde avira Beim ersten ausführen des Programms traten am Ende nach bzw. beim "löschen" Probleme auf und das Programm musste geschlossen werden. Hab es dann nochmal ausgeführt und dann lief es sauber durch. Der logfile ist vom 2. Durchlauf. Beim 1. gab es keinen. Code:
ATTFilter # AdwCleaner v3.308 - Bericht erstellt am 25/08/2014 um 15:28:16
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Josef - KURTMARKO-PC
# Gestartet von : C:\Users\Josef\Downloads\adwcleaner_3.308.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : HubService
Dienst Gelöscht : SProtection
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\Program Files (x86)\Common Files\IMGUpdater
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Umbrella
Ordner Gelöscht : C:\Users\Josef\AppData\Local\Temp\Iminent
Ordner Gelöscht : C:\Users\Josef\AppData\Roaming\Hub Timer
Ordner Gelöscht : C:\Users\Josef\AppData\Roaming\Security Systems
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js
Datei Gelöscht : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_602798\user.js
Datei Gelöscht : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\user.js
***** [ Tasks ] *****
Task Gelöscht : Freemium1ClickMaint
Task Gelöscht : Software Updater Ui
Task Gelöscht : Software Updater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6F7E26D7-C6AD-49BE-B48E-A5FCEE221C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B21E5B2D-2AF6-4182-9E8E-1FF00EE3EFD0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\IMGUPDATER
Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Umbrella
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\6e64ht3s.default\prefs.js ]
Zeile gelöscht : user_pref("iminent.BirthDate", "1408693691");
Zeile gelöscht : user_pref("iminent.LayoutId", "1");
Zeile gelöscht : user_pref("iminent.ShowThankyouPixel", "0");
Zeile gelöscht : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":3}");
Zeile gelöscht : user_pref("iminent.adapters", "{\"www.google.de\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"AdapterKey\":\"google\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"expireTime\":\"1408693804993864[...]
Zeile gelöscht : user_pref("iminent.enableToolbar", "false");
Zeile gelöscht : user_pref("iminent.newtabredirect", "false");
Zeile gelöscht : user_pref("iminent.nomsi", "true");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent101", "1408711551405");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent102", "1408693807057");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent109", "1408711634576");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent111", "1408711634295");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent112", "1408711636750");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent122", "1408711634859");
Zeile gelöscht : user_pref("iminent.searchindex", "1");
Zeile gelöscht : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
Zeile gelöscht : user_pref("iminent.version", "8.33.3.1");
Zeile gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.33.3.1\",\"InstallEventCTime\":1408693802204,\"InstallEvent\":\"True\"}");
[ Datei : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_602798\prefs.js ]
[ Datei : C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\prefs.js ]
Zeile gelöscht : user_pref("iminent.BirthDate", "1408693691");
Zeile gelöscht : user_pref("iminent.enableToolbar", "false");
Zeile gelöscht : user_pref("iminent.enabledAds", "false");
Zeile gelöscht : user_pref("iminent.newtabredirect", "false");
Zeile gelöscht : user_pref("iminent.nomsi", "true");
Zeile gelöscht : user_pref("iminent.searchindex", "1");
[ Datei : C:\Users\Kurt Marko\AppData\Roaming\Mozilla\Firefox\Profiles\5vub7u1w.default\prefs.js ]
Zeile gelöscht : user_pref("iminent.enableToolbar", "false");
Zeile gelöscht : user_pref("iminent.BirthDate", "1408693691");
Zeile gelöscht : user_pref("iminent.searchindex", "1");
Zeile gelöscht : user_pref("iminent.newtabredirect", "false");
Zeile gelöscht : user_pref("iminent.enableToolbar", "false");
Zeile gelöscht : user_pref("iminent.nomsi", "true");
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [23404 octets] - [23/09/2013 09:33:35]
AdwCleaner[R1].txt - [8474 octets] - [25/08/2014 15:22:07]
AdwCleaner[R2].txt - [8560 octets] - [25/08/2014 15:27:14]
AdwCleaner[S0].txt - [22496 octets] - [23/09/2013 09:35:07]
AdwCleaner[S1].txt - [358 octets] - [25/08/2014 15:26:08]
AdwCleaner[S2].txt - [8348 octets] - [25/08/2014 15:28:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [8408 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Josef on 25.08.2014 at 15:37:21,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
~~~ FireFox
Successfully deleted the following from C:\Users\Josef\AppData\Roaming\mozilla\firefox\profiles\zm0ohrbj.default-1378816091927\prefs.js
user_pref("extensions.AVIRA-V7.com.avira.dnt.rules", "\"{\\\"Version\\\":38,\\\"Companies\\\":[{\\\"company\\\":\\\"Google Inc\\\",\\\"rules\\\":[{\\\"name\\\":\\\"Google Anal
user_pref("extensions.AVIRA-V7.domain", "\"avira.search.ask.com\"");
user_pref("extensions.AVIRA-V7.hpr_ff", "\"hxxp://avira.search.ask.com/?p2=%5EB0Q%5EYYYYYY%5EZF%5EDE&gct=hp&o=APN11074&apn_ptnrs=%5EB0Q&apn_dtid=%5EYYYYYY%5EZF%5EDE&tpid=AVIRA
Emptied folder: C:\Users\Josef\AppData\Roaming\mozilla\firefox\profiles\zm0ohrbj.default-1378816091927\minidumps [113 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.08.2014 at 15:44:20,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by Josef (administrator) on KURTMARKO-PC on 25-08-2014 15:47:01
Running from C:\Users\Josef\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Softwareentwicklung Remus - ArchiCrypt) C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 5\ArchiCryptInjector64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Farbar) C:\Users\Josef\Downloads\FRST64(1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3993416 2011-10-04] (O&O Software GmbH)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-05-24] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191016 2014-05-14] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2182236534-1472095680-3225034628-1008\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2011-05-03] (Gadwin Systems, Inc)
HKU\S-1-5-21-2182236534-1472095680-3225034628-1008\...\MountPoints2: {0ae5441f-fc62-11e2-868e-705ab6c9791b} - E:\install.bat
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kurt Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * OODBS
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360510j725l0474z145t5562k54n
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} -> No File
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll ()
BHO-x32: No Name -> {C32F5BF7-6918-4F78-A97A-53CDF7D07C8C} -> C:\Users\Josef\AppData\LocalLow\Internet Explorer BHO\bho.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927
FF SearchEngineOrder.1: Ask Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Josef\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: Foxy Secure 7 - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\connect@foxy-sec.com [2014-08-05]
FF Extension: Iminent - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\firefoxmini@go.im.xpi [2014-08-22]
FF Extension: CookieCuller - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-01-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-06-18]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-08-03]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-08-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 ArchiCrypt Sichere Loeschzonen; C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 5\ArchiCryptInjector64.exe [312032 2010-05-04] (Softwareentwicklung Remus - ArchiCrypt)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2404864 2011-03-24] (Deutsche Telekom AG) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3271496 2011-10-04] (O&O Software GmbH)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 StarMoney 7.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S1 ACLE6Live; C:\Windows\system32\Drivers\ACLE1764.sys [108800 2011-01-05] (Softwareentwicklung Remus - ArchiCrypt - )
R1 ACLN6Live; C:\Windows\system32\Drivers\ACLE1764.sys [108800 2011-01-05] (Softwareentwicklung Remus - ArchiCrypt - )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 FARMNTIO; c:\windows\system32\drivers\farmntio.sys [24664 2011-01-26] ()
S3 Mass_Storage_Filter; C:\Windows\System32\DRIVERS\Mass_Storage_Filter.sys [13336 2012-07-23] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 S332x64; C:\Windows\System32\DRIVERS\S332x64.sys [78080 2009-10-19] (SCM Microsystems Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-09-13] (Duplex Secure Ltd.)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-25 15:46 - 2014-08-25 15:46 - 02103296 _____ (Farbar) C:\Users\Josef\Downloads\FRST64(1).exe
2014-08-25 15:44 - 2014-08-25 15:44 - 00001610 _____ () C:\Users\Josef\Desktop\JRT.txt
2014-08-25 15:36 - 2014-08-25 15:36 - 01016261 _____ (Thisisu) C:\Users\Josef\Downloads\JRT.exe
2014-08-25 15:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-25 15:21 - 2014-08-25 15:21 - 01364531 _____ () C:\Users\Josef\Downloads\adwcleaner_3.308.exe
2014-08-25 10:50 - 2014-08-25 10:50 - 00002426 _____ () C:\Users\Public\Desktop\Aiseesoft PDF to Word Converter.lnk
2014-08-23 18:44 - 2014-08-23 18:44 - 00010908 _____ () C:\Users\Josef\Desktop\gmer.txt
2014-08-23 16:39 - 2014-08-23 16:40 - 00292104 _____ () C:\Windows\Minidump\082314-25708-01.dmp
2014-08-23 16:02 - 2014-08-23 16:02 - 00380416 _____ () C:\Users\Josef\Downloads\Gmer-19357(1).exe
2014-08-23 15:30 - 2014-08-23 15:30 - 00380416 _____ () C:\Users\Josef\Downloads\Gmer-19357.exe
2014-08-23 15:27 - 2014-08-23 15:28 - 00054110 _____ () C:\Users\Josef\Downloads\Addition.txt
2014-08-23 15:25 - 2014-08-25 15:47 - 00022828 _____ () C:\Users\Josef\Downloads\FRST.txt
2014-08-23 15:25 - 2014-08-23 15:25 - 02102784 _____ (Farbar) C:\Users\Josef\Downloads\FRST64.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00050477 _____ () C:\Users\Josef\Downloads\Defogger.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00000524 _____ () C:\Users\Josef\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000598 _____ () C:\Users\Gast\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000020 _____ () C:\Users\Josef\defogger_reenable
2014-08-23 15:12 - 2014-08-23 15:13 - 00050477 _____ () C:\Users\Gast\Downloads\Defogger.exe
2014-08-22 10:16 - 2014-08-22 10:19 - 00000000 ____D () C:\Users\Gast\Documents\PrintScreen Files
2014-08-22 09:55 - 2014-08-22 09:55 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup[1].exe
2014-08-22 09:47 - 2014-08-22 10:12 - 00000000 ____D () C:\Users\Josef\Documents\PrintScreen Files
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Kurt Marko\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Josef\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Gast\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\Program Files (x86)\Gadwin Systems
2014-08-22 09:46 - 2014-08-22 09:46 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup.exe
2014-08-20 15:29 - 2014-08-20 15:29 - 00000369 _____ () C:\Users\Josef\Downloads\426_1.vcf
2014-08-20 07:38 - 2014-08-20 07:38 - 00000000 ____D () C:\Users\Josef\AppData\Local\Adobe
2014-08-17 10:49 - 2014-08-17 10:49 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(3).exe
2014-08-14 14:24 - 2014-08-14 14:24 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Oracle
2014-08-14 14:23 - 2014-08-14 14:22 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-14 14:22 - 2014-08-14 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-13 22:44 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 22:44 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 22:44 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 22:44 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 22:44 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 22:44 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 22:44 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 22:44 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 21:28 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 21:28 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 21:28 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 21:28 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 21:28 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 21:28 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 21:28 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 21:28 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 21:28 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 21:28 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 21:28 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 21:28 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 21:28 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 21:28 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 21:28 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 21:28 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 21:28 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 21:28 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 21:28 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 21:28 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 21:28 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 21:28 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 21:28 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 21:28 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 21:27 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 21:27 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 21:27 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 21:27 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 21:27 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 21:27 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 21:27 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 21:27 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 21:27 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 21:27 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 21:27 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 21:27 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 21:27 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 21:27 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 21:27 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 21:27 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 21:27 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 21:27 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 21:27 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 21:27 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 21:27 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 21:27 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 21:27 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 21:27 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 21:27 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 21:27 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 21:27 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 21:27 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 21:27 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 21:27 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 21:27 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 21:27 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 21:27 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 21:27 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 21:27 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 21:27 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 21:27 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 21:27 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 21:27 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 21:27 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 21:27 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 21:27 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 21:27 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 21:27 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 21:27 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 21:27 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 21:25 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 21:25 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 21:25 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 21:25 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-06 10:08 - 2014-08-23 16:39 - 815111471 _____ () C:\Windows\MEMORY.DMP
2014-08-06 10:08 - 2014-08-23 16:39 - 00000000 ____D () C:\Windows\Minidump
2014-08-06 10:08 - 2014-08-06 10:09 - 00292152 _____ () C:\Windows\Minidump\080614-31340-01.dmp
2014-08-06 09:26 - 2014-08-22 19:24 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-05 09:43 - 2014-08-05 09:43 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-05 09:35 - 2014-08-25 10:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\Documents\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\AppData\Local\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio
2014-08-05 09:30 - 2014-08-05 09:33 - 346485032 _____ ( ) C:\Users\Josef\Desktop\pdf-to-word-converter.exe
2014-07-31 19:19 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 19:19 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 19:19 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 19:19 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 19:19 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 19:18 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 19:18 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 19:18 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 19:18 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 19:37 - 2014-07-30 19:37 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla Firefox
2014-07-29 20:13 - 2014-07-29 20:13 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-29 20:13 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\Program Files\iTunes
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-29 20:12 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iPod
2014-07-27 20:15 - 2014-07-27 20:15 - 00448512 _____ (OldTimer Tools) C:\Users\Josef\Downloads\TFC.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-25 15:48 - 2014-08-23 15:25 - 00022828 _____ () C:\Users\Josef\Downloads\FRST.txt
2014-08-25 15:47 - 2014-01-23 11:00 - 00000000 ____D () C:\FRST
2014-08-25 15:46 - 2014-08-25 15:46 - 02103296 _____ (Farbar) C:\Users\Josef\Downloads\FRST64(1).exe
2014-08-25 15:44 - 2014-08-25 15:44 - 00001610 _____ () C:\Users\Josef\Desktop\JRT.txt
2014-08-25 15:39 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-25 15:39 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-25 15:36 - 2014-08-25 15:36 - 01016261 _____ (Thisisu) C:\Users\Josef\Downloads\JRT.exe
2014-08-25 15:32 - 2009-07-14 06:45 - 00458816 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 15:30 - 2012-06-03 21:18 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-25 15:29 - 2013-09-09 22:49 - 00046051 _____ () C:\Windows\setupact.log
2014-08-25 15:29 - 2013-09-09 22:48 - 00265620 _____ () C:\Windows\PFRO.log
2014-08-25 15:29 - 2011-09-23 19:10 - 02455650 _____ () C:\Windows\system32\oodbs.lor
2014-08-25 15:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-25 15:28 - 2013-09-23 09:26 - 00000000 ____D () C:\AdwCleaner
2014-08-25 15:28 - 2011-07-15 23:45 - 01456006 _____ () C:\Windows\WindowsUpdate.log
2014-08-25 15:21 - 2014-08-25 15:21 - 01364531 _____ () C:\Users\Josef\Downloads\adwcleaner_3.308.exe
2014-08-25 15:01 - 2012-06-03 21:18 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-25 14:52 - 2012-06-03 13:14 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008UA.job
2014-08-25 14:52 - 2012-05-08 20:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-25 10:50 - 2014-08-25 10:50 - 00002426 _____ () C:\Users\Public\Desktop\Aiseesoft PDF to Word Converter.lnk
2014-08-25 10:50 - 2014-08-05 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2014-08-25 10:02 - 2013-01-26 19:54 - 00003494 _____ () C:\Windows\System32\Tasks\Josef NBAgent 5 4
2014-08-24 20:04 - 2012-06-03 13:14 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008Core.job
2014-08-24 18:49 - 2012-08-31 08:19 - 00000000 ____D () C:\Users\Josef\ASB
2014-08-23 18:50 - 2014-04-03 08:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-23 18:44 - 2014-08-23 18:44 - 00010908 _____ () C:\Users\Josef\Desktop\gmer.txt
2014-08-23 16:40 - 2014-08-23 16:39 - 00292104 _____ () C:\Windows\Minidump\082314-25708-01.dmp
2014-08-23 16:39 - 2014-08-06 10:08 - 815111471 _____ () C:\Windows\MEMORY.DMP
2014-08-23 16:39 - 2014-08-06 10:08 - 00000000 ____D () C:\Windows\Minidump
2014-08-23 16:02 - 2014-08-23 16:02 - 00380416 _____ () C:\Users\Josef\Downloads\Gmer-19357(1).exe
2014-08-23 15:30 - 2014-08-23 15:30 - 00380416 _____ () C:\Users\Josef\Downloads\Gmer-19357.exe
2014-08-23 15:28 - 2014-08-23 15:27 - 00054110 _____ () C:\Users\Josef\Downloads\Addition.txt
2014-08-23 15:25 - 2014-08-23 15:25 - 02102784 _____ (Farbar) C:\Users\Josef\Downloads\FRST64.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00050477 _____ () C:\Users\Josef\Downloads\Defogger.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00000524 _____ () C:\Users\Josef\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000598 _____ () C:\Users\Gast\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000020 _____ () C:\Users\Josef\defogger_reenable
2014-08-23 15:14 - 2012-05-15 15:04 - 00000000 ____D () C:\Users\Josef
2014-08-23 15:13 - 2014-08-23 15:12 - 00050477 _____ () C:\Users\Gast\Downloads\Defogger.exe
2014-08-22 19:24 - 2014-08-06 09:26 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-22 19:24 - 2014-06-02 09:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-22 19:24 - 2013-09-14 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-22 19:24 - 2013-09-14 15:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-22 10:19 - 2014-08-22 10:16 - 00000000 ____D () C:\Users\Gast\Documents\PrintScreen Files
2014-08-22 10:12 - 2014-08-22 09:47 - 00000000 ____D () C:\Users\Josef\Documents\PrintScreen Files
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Kurt Marko\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Josef\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Gast\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:55 - 2014-08-22 09:55 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup[1].exe
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\Program Files (x86)\Gadwin Systems
2014-08-22 09:46 - 2014-08-22 09:46 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup.exe
2014-08-20 15:29 - 2014-08-20 15:29 - 00000369 _____ () C:\Users\Josef\Downloads\426_1.vcf
2014-08-20 11:25 - 2010-03-25 05:51 - 00770060 _____ () C:\Windows\system32\perfh007.dat
2014-08-20 11:25 - 2010-03-25 05:51 - 00174240 _____ () C:\Windows\system32\perfc007.dat
2014-08-20 11:25 - 2009-07-14 07:13 - 01796562 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-20 09:28 - 2012-05-15 15:08 - 00000000 ____D () C:\Users\Josef\Valentin
2014-08-20 07:38 - 2014-08-20 07:38 - 00000000 ____D () C:\Users\Josef\AppData\Local\Adobe
2014-08-17 12:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-17 10:49 - 2014-08-17 10:49 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(3).exe
2014-08-14 14:24 - 2014-08-14 14:24 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Oracle
2014-08-14 14:23 - 2013-09-11 20:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-14 14:22 - 2014-08-14 14:23 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-14 14:22 - 2014-08-14 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-14 11:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 06:51 - 2014-05-01 14:26 - 00000000 ____D () C:\Users\Gast
2014-08-14 06:51 - 2011-06-22 21:38 - 00000000 ____D () C:\Users\DefaultAppPool
2014-08-14 06:51 - 2011-03-21 14:14 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-08-14 06:51 - 2010-05-10 15:05 - 00000000 ____D () C:\Users\Kurt Marko
2014-08-14 06:51 - 2010-03-25 05:50 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-08-14 06:51 - 2009-07-14 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-14 06:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-08-13 23:07 - 2010-03-02 12:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 22:59 - 2013-08-14 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 22:51 - 2010-05-10 21:31 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 22:43 - 2014-05-06 21:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 21:12 - 2012-05-08 20:56 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-13 21:12 - 2012-05-08 20:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-13 21:12 - 2011-06-22 12:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-07 04:06 - 2014-08-13 21:25 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 21:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 10:09 - 2014-08-06 10:08 - 00292152 _____ () C:\Windows\Minidump\080614-31340-01.dmp
2014-08-06 09:26 - 2013-09-14 14:24 - 00000000 ____D () C:\ProgramData\Avira
2014-08-05 09:43 - 2014-08-05 09:43 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\Documents\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\AppData\Local\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio
2014-08-05 09:33 - 2014-08-05 09:30 - 346485032 _____ ( ) C:\Users\Josef\Desktop\pdf-to-word-converter.exe
2014-08-05 09:04 - 2011-06-29 09:11 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-08-01 01:41 - 2014-08-13 21:27 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 21:27 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-30 19:37 - 2014-07-30 19:37 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla Firefox
2014-07-29 20:13 - 2014-07-29 20:13 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-29 20:13 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iTunes
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-29 20:12 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iPod
2014-07-27 20:15 - 2014-07-27 20:15 - 00448512 _____ (OldTimer Tools) C:\Users\Josef\Downloads\TFC.exe
2014-07-27 16:36 - 2012-05-15 16:17 - 00000000 ____D () C:\Users\Josef\Michael
Files to move or delete:
====================
C:\Users\Josef\ccsetup405_slim_4.05.exe
C:\Users\Josef\GoogleEarthSetup.exe
C:\Users\Josef\JRT.exe
C:\Users\Josef\mbam-setup-1.75.0.1300.exe
C:\Users\Josef\vlc-2.0.8_win32.exe
Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\Josef\AppData\Local\Temp\avgnt.exe
C:\Users\Josef\AppData\Local\Temp\IminentSetup_july17.exe
C:\Users\Josef\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-17 12:03
==================== End Of Log ============================
--- --- --- Wie gehe ich am besten vor um antivira freeware zu löschen und danach gekaufte nortan antivir security zu installieren? Computer sollte vorher virenfrei sein, denn ich habe ne kostenlose Virenbeseitigung von norten mit dazu bekommen wenn sich nach Installation ein Virenbefall ereignet. |
|
26.08.2014, 06:24
| #7 |
| /// the machine /// TB-Ausbilder | Windows 7: 30 Funde mbam, 2 Funde aviraESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.08.2014, 17:49
| #8 |
| | Windows 7: 30 Funde mbam, 2 Funde aviraCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2a66c93130cc70478ab16be3c13b78ca
# engine=16787
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-24 05:46:46
# local_time=2014-01-24 06:46:46 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 22523 11420493 15296 0
# compatibility_mode=5893 16776574 100 94 17015715 142215456 0 0
# scanned=295752
# found=0
# cleaned=0
# scan_time=8546
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2a66c93130cc70478ab16be3c13b78ca
# engine=16787
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-26 11:37:56
# local_time=2014-08-26 01:37:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 14321 29887866 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 35483185 160682926 0 0
# scanned=381574
# found=9
# cleaned=0
# scan_time=13035
sh=2A88FC6509FDC3B22587F6E97AC12F70E4F75DC8 ft=1 fh=86e0df17c19558fd vn="Variante von Win32/Bundled.Toolbar.Ask.E potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe"
sh=F2CFD9E6717ED73F51E976B3957C81DD518C5603 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.10.0_AVIRA-V7.msi"
sh=5E12FDAD3FCC3D96C1018E2D2F7A7F9F0B3F0633 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.4.0_AVIRA-V7.msi"
sh=F4B0FF4B42F223CF8338684906BCFFAD9AA2710E ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.6.0_AVIRA-V7.msi"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=BC92C9C2C5F5FB9F2A3EF098443FEFD86D80064F ft=1 fh=62d1cfbd545f317d vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="G:\Dateien ASB Computer Seminararbeit\Eigene Dateien\Downloads\avira_free_antivirus_de.exe"
sh=D789BB47A683C7168A58D18ABF52974ECF468301 ft=1 fh=9148df94f4fc16fc vn="Variante von Win32/MediaGet evtl. unerwünschte Anwendung" ac=I fn="G:\lwc\Tools\AcrobatReader9\Adobe_Community_Help_3.5.0_mediaget.exe"
sh=E430FF22D842E9940E97BBE95A51A28E131E45B3 ft=1 fh=cac44e7cc296e6b3 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="G:\lwc\Tools\FreeVideoConverter\Setup_FreeVideoConverter.exe"
sh=10E39108C28FABDB8E01B85B789C31A06FE8D033 ft=1 fh=16220121e2f61614 vn="Mehrere Bedrohungen" ac=I fn="G:\lwc\Tools\PinacleTV\setup_christv_5_30_lite.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.7011)
Java 7 Update 67
Java 3D 1.5.1
Adobe Flash Player 14.0.0.179
Adobe Reader XI
Mozilla Firefox (31.0)
Mozilla Thunderbird (24.6.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
StarMoney 7.0 ouservice StarMoneyOnlineUpdate.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by Josef (administrator) on KURTMARKO-PC on 26-08-2014 14:00:50
Running from C:\Users\Josef\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Softwareentwicklung Remus - ArchiCrypt) C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 5\ArchiCryptInjector64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Josef\Downloads\FRST64(2).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3993416 2011-10-04] (O&O Software GmbH)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-05-24] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191016 2014-05-14] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2182236534-1472095680-3225034628-1008\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2011-05-03] (Gadwin Systems, Inc)
HKU\S-1-5-21-2182236534-1472095680-3225034628-1008\...\MountPoints2: {0ae5441f-fc62-11e2-868e-705ab6c9791b} - E:\install.bat
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kurt Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * OODBS
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360510j725l0474z145t5562k54n
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} -> No File
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll ()
BHO-x32: No Name -> {C32F5BF7-6918-4F78-A97A-53CDF7D07C8C} -> C:\Users\Josef\AppData\LocalLow\Internet Explorer BHO\bho.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927
FF SearchEngineOrder.1: Ask Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Josef\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: Foxy Secure 7 - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\connect@foxy-sec.com [2014-08-05]
FF Extension: Iminent - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\firefoxmini@go.im.xpi [2014-08-22]
FF Extension: CookieCuller - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-01-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-06-18]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-08-03]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-08-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 ArchiCrypt Sichere Loeschzonen; C:\Program Files (x86)\ArchiCrypt\ArchiCrypt Shredder 5\ArchiCryptInjector64.exe [312032 2010-05-04] (Softwareentwicklung Remus - ArchiCrypt)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2404864 2011-03-24] (Deutsche Telekom AG) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3271496 2011-10-04] (O&O Software GmbH)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 StarMoney 7.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S1 ACLE6Live; C:\Windows\system32\Drivers\ACLE1764.sys [108800 2011-01-05] (Softwareentwicklung Remus - ArchiCrypt - )
R1 ACLN6Live; C:\Windows\system32\Drivers\ACLE1764.sys [108800 2011-01-05] (Softwareentwicklung Remus - ArchiCrypt - )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 FARMNTIO; c:\windows\system32\drivers\farmntio.sys [24664 2011-01-26] ()
S3 Mass_Storage_Filter; C:\Windows\System32\DRIVERS\Mass_Storage_Filter.sys [13336 2012-07-23] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 S332x64; C:\Windows\System32\DRIVERS\S332x64.sys [78080 2009-10-19] (SCM Microsystems Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-09-13] (Duplex Secure Ltd.)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-26 14:00 - 2014-08-26 14:00 - 02103296 _____ (Farbar) C:\Users\Josef\Downloads\FRST64(2).exe
2014-08-26 13:51 - 2014-08-26 13:52 - 00854417 _____ () C:\Users\Josef\Desktop\SecurityCheck.exe
2014-08-26 09:57 - 2014-08-26 09:57 - 02347384 _____ (ESET) C:\Users\Josef\Downloads\esetsmartinstaller_deu.exe
2014-08-25 15:46 - 2014-08-25 15:46 - 02103296 _____ (Farbar) C:\Users\Josef\Downloads\FRST64(1).exe
2014-08-25 15:44 - 2014-08-25 15:44 - 00001610 _____ () C:\Users\Josef\Desktop\JRT.txt
2014-08-25 15:36 - 2014-08-25 15:36 - 01016261 _____ (Thisisu) C:\Users\Josef\Downloads\JRT.exe
2014-08-25 15:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-25 15:21 - 2014-08-25 15:21 - 01364531 _____ () C:\Users\Josef\Downloads\adwcleaner_3.308.exe
2014-08-25 10:50 - 2014-08-25 10:50 - 00002426 _____ () C:\Users\Public\Desktop\Aiseesoft PDF to Word Converter.lnk
2014-08-23 18:44 - 2014-08-23 18:44 - 00010908 _____ () C:\Users\Josef\Desktop\gmer.txt
2014-08-23 16:39 - 2014-08-23 16:40 - 00292104 _____ () C:\Windows\Minidump\082314-25708-01.dmp
2014-08-23 16:02 - 2014-08-23 16:02 - 00380416 _____ () C:\Users\Josef\Downloads\Gmer-19357(1).exe
2014-08-23 15:30 - 2014-08-23 15:30 - 00380416 _____ () C:\Users\Josef\Downloads\Gmer-19357.exe
2014-08-23 15:27 - 2014-08-23 15:28 - 00054110 _____ () C:\Users\Josef\Downloads\Addition.txt
2014-08-23 15:25 - 2014-08-26 14:00 - 00022797 _____ () C:\Users\Josef\Downloads\FRST.txt
2014-08-23 15:25 - 2014-08-23 15:25 - 02102784 _____ (Farbar) C:\Users\Josef\Downloads\FRST64.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00050477 _____ () C:\Users\Josef\Downloads\Defogger.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00000524 _____ () C:\Users\Josef\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000598 _____ () C:\Users\Gast\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000020 _____ () C:\Users\Josef\defogger_reenable
2014-08-23 15:12 - 2014-08-23 15:13 - 00050477 _____ () C:\Users\Gast\Downloads\Defogger.exe
2014-08-22 10:16 - 2014-08-22 10:19 - 00000000 ____D () C:\Users\Gast\Documents\PrintScreen Files
2014-08-22 09:55 - 2014-08-22 09:55 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup[1].exe
2014-08-22 09:47 - 2014-08-22 10:12 - 00000000 ____D () C:\Users\Josef\Documents\PrintScreen Files
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Kurt Marko\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Josef\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00001224 _____ () C:\Users\Gast\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:47 - 2014-08-22 09:57 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\Program Files (x86)\Gadwin Systems
2014-08-22 09:46 - 2014-08-22 09:46 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup.exe
2014-08-20 15:29 - 2014-08-20 15:29 - 00000369 _____ () C:\Users\Josef\Downloads\426_1.vcf
2014-08-20 07:38 - 2014-08-20 07:38 - 00000000 ____D () C:\Users\Josef\AppData\Local\Adobe
2014-08-17 10:49 - 2014-08-17 10:49 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(3).exe
2014-08-14 14:24 - 2014-08-14 14:24 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Oracle
2014-08-14 14:23 - 2014-08-14 14:22 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-14 14:22 - 2014-08-14 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-13 22:44 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 22:44 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 22:44 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 22:44 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 22:44 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 22:44 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 22:44 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 22:44 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 21:28 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 21:28 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 21:28 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 21:28 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 21:28 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 21:28 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 21:28 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 21:28 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 21:28 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 21:28 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 21:28 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 21:28 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 21:28 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 21:28 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 21:28 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 21:28 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 21:28 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 21:28 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 21:28 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 21:28 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 21:28 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 21:28 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 21:28 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 21:28 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 21:28 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 21:28 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 21:28 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 21:27 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 21:27 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 21:27 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 21:27 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 21:27 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 21:27 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 21:27 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 21:27 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 21:27 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 21:27 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 21:27 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 21:27 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 21:27 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 21:27 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 21:27 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 21:27 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 21:27 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 21:27 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 21:27 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 21:27 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 21:27 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 21:27 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 21:27 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 21:27 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 21:27 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 21:27 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 21:27 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 21:27 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 21:27 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 21:27 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 21:27 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 21:27 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 21:27 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 21:27 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 21:27 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 21:27 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 21:27 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 21:27 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 21:27 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 21:27 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 21:27 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 21:27 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 21:27 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 21:27 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 21:27 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 21:27 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 21:25 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 21:25 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 21:25 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 21:25 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-06 10:08 - 2014-08-23 16:39 - 815111471 _____ () C:\Windows\MEMORY.DMP
2014-08-06 10:08 - 2014-08-23 16:39 - 00000000 ____D () C:\Windows\Minidump
2014-08-06 10:08 - 2014-08-06 10:09 - 00292152 _____ () C:\Windows\Minidump\080614-31340-01.dmp
2014-08-06 09:26 - 2014-08-22 19:24 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-05 09:43 - 2014-08-05 09:43 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-05 09:35 - 2014-08-25 10:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\Documents\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\AppData\Local\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio
2014-08-05 09:30 - 2014-08-05 09:33 - 346485032 _____ ( ) C:\Users\Josef\Desktop\pdf-to-word-converter.exe
2014-07-31 19:19 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 19:19 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 19:19 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 19:19 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 19:19 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 19:19 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 19:18 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 19:18 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 19:18 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 19:18 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 19:37 - 2014-07-30 19:37 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla Firefox
2014-07-29 20:13 - 2014-07-29 20:13 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-29 20:13 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\Program Files\iTunes
2014-07-29 20:12 - 2014-07-29 20:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-29 20:12 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iPod
2014-07-27 20:15 - 2014-07-27 20:15 - 00448512 _____ (OldTimer Tools) C:\Users\Josef\Downloads\TFC.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-26 14:01 - 2014-08-23 15:25 - 00022797 _____ () C:\Users\Josef\Downloads\FRST.txt
2014-08-26 14:01 - 2012-06-03 21:18 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-26 14:00 - 2014-08-26 14:00 - 02103296 _____ (Farbar) C:\Users\Josef\Downloads\FRST64(2).exe
2014-08-26 14:00 - 2014-01-23 11:00 - 00000000 ____D () C:\FRST
2014-08-26 13:52 - 2014-08-26 13:51 - 00854417 _____ () C:\Users\Josef\Desktop\SecurityCheck.exe
2014-08-26 13:49 - 2012-05-08 20:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-26 11:15 - 2012-06-04 16:54 - 00004186 _____ () C:\Windows\System32\Tasks\Josef Local Autobackup 5 4
2014-08-26 11:04 - 2012-06-03 13:14 - 00001138 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008UA.job
2014-08-26 10:01 - 2012-06-03 21:18 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-26 09:59 - 2010-03-25 05:51 - 00770060 _____ () C:\Windows\system32\perfh007.dat
2014-08-26 09:59 - 2010-03-25 05:51 - 00174240 _____ () C:\Windows\system32\perfc007.dat
2014-08-26 09:59 - 2009-07-14 07:13 - 01796562 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-26 09:57 - 2014-08-26 09:57 - 02347384 _____ (ESET) C:\Users\Josef\Downloads\esetsmartinstaller_deu.exe
2014-08-26 09:42 - 2013-01-26 19:54 - 00003494 _____ () C:\Windows\System32\Tasks\Josef NBAgent 5 4
2014-08-26 09:41 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-26 09:41 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-26 09:39 - 2011-07-15 23:45 - 01483001 _____ () C:\Windows\WindowsUpdate.log
2014-08-26 09:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-26 09:31 - 2013-09-09 22:49 - 00046163 _____ () C:\Windows\setupact.log
2014-08-26 09:31 - 2011-09-23 19:10 - 02458200 _____ () C:\Windows\system32\oodbs.lor
2014-08-25 20:04 - 2012-06-03 13:14 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2182236534-1472095680-3225034628-1008Core.job
2014-08-25 20:03 - 2009-07-14 06:45 - 00458816 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 15:46 - 2014-08-25 15:46 - 02103296 _____ (Farbar) C:\Users\Josef\Downloads\FRST64(1).exe
2014-08-25 15:44 - 2014-08-25 15:44 - 00001610 _____ () C:\Users\Josef\Desktop\JRT.txt
2014-08-25 15:36 - 2014-08-25 15:36 - 01016261 _____ (Thisisu) C:\Users\Josef\Downloads\JRT.exe
2014-08-25 15:29 - 2013-09-09 22:48 - 00265620 _____ () C:\Windows\PFRO.log
2014-08-25 15:28 - 2013-09-23 09:26 - 00000000 ____D () C:\AdwCleaner
2014-08-25 15:21 - 2014-08-25 15:21 - 01364531 _____ () C:\Users\Josef\Downloads\adwcleaner_3.308.exe
2014-08-25 10:50 - 2014-08-25 10:50 - 00002426 _____ () C:\Users\Public\Desktop\Aiseesoft PDF to Word Converter.lnk
2014-08-25 10:50 - 2014-08-05 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2014-08-24 18:49 - 2012-08-31 08:19 - 00000000 ____D () C:\Users\Josef\ASB
2014-08-23 18:50 - 2014-04-03 08:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-23 18:44 - 2014-08-23 18:44 - 00010908 _____ () C:\Users\Josef\Desktop\gmer.txt
2014-08-23 16:40 - 2014-08-23 16:39 - 00292104 _____ () C:\Windows\Minidump\082314-25708-01.dmp
2014-08-23 16:39 - 2014-08-06 10:08 - 815111471 _____ () C:\Windows\MEMORY.DMP
2014-08-23 16:39 - 2014-08-06 10:08 - 00000000 ____D () C:\Windows\Minidump
2014-08-23 16:02 - 2014-08-23 16:02 - 00380416 _____ () C:\Users\Josef\Downloads\Gmer-19357(1).exe
2014-08-23 15:30 - 2014-08-23 15:30 - 00380416 _____ () C:\Users\Josef\Downloads\Gmer-19357.exe
2014-08-23 15:28 - 2014-08-23 15:27 - 00054110 _____ () C:\Users\Josef\Downloads\Addition.txt
2014-08-23 15:25 - 2014-08-23 15:25 - 02102784 _____ (Farbar) C:\Users\Josef\Downloads\FRST64.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00050477 _____ () C:\Users\Josef\Downloads\Defogger.exe
2014-08-23 15:23 - 2014-08-23 15:23 - 00000524 _____ () C:\Users\Josef\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000598 _____ () C:\Users\Gast\Downloads\defogger_disable.log
2014-08-23 15:14 - 2014-08-23 15:14 - 00000020 _____ () C:\Users\Josef\defogger_reenable
2014-08-23 15:14 - 2012-05-15 15:04 - 00000000 ____D () C:\Users\Josef
2014-08-23 15:13 - 2014-08-23 15:12 - 00050477 _____ () C:\Users\Gast\Downloads\Defogger.exe
2014-08-22 19:24 - 2014-08-06 09:26 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-22 19:24 - 2014-06-02 09:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-22 19:24 - 2013-09-14 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-22 19:24 - 2013-09-14 15:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-22 10:19 - 2014-08-22 10:16 - 00000000 ____D () C:\Users\Gast\Documents\PrintScreen Files
2014-08-22 10:12 - 2014-08-22 09:47 - 00000000 ____D () C:\Users\Josef\Documents\PrintScreen Files
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Kurt Marko\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Josef\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00001224 _____ () C:\Users\Gast\Desktop\Gadwin PrintScreen.lnk
2014-08-22 09:57 - 2014-08-22 09:47 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:55 - 2014-08-22 09:55 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup[1].exe
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-08-22 09:47 - 2014-08-22 09:47 - 00000000 ____D () C:\Program Files (x86)\Gadwin Systems
2014-08-22 09:46 - 2014-08-22 09:46 - 02885296 _____ () C:\Users\Josef\Desktop\PrintScreen46_Setup.exe
2014-08-20 15:29 - 2014-08-20 15:29 - 00000369 _____ () C:\Users\Josef\Downloads\426_1.vcf
2014-08-20 09:28 - 2012-05-15 15:08 - 00000000 ____D () C:\Users\Josef\Valentin
2014-08-20 07:38 - 2014-08-20 07:38 - 00000000 ____D () C:\Users\Josef\AppData\Local\Adobe
2014-08-17 12:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-17 10:49 - 2014-08-17 10:49 - 00448512 _____ (OldTimer Tools) C:\Users\Gast\Downloads\TFC(3).exe
2014-08-14 14:24 - 2014-08-14 14:24 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Oracle
2014-08-14 14:23 - 2013-09-11 20:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-14 14:22 - 2014-08-14 14:23 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-14 14:22 - 2014-08-14 14:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-14 14:22 - 2014-08-14 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-14 11:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 06:51 - 2014-05-01 14:26 - 00000000 ____D () C:\Users\Gast
2014-08-14 06:51 - 2011-06-22 21:38 - 00000000 ____D () C:\Users\DefaultAppPool
2014-08-14 06:51 - 2011-03-21 14:14 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-08-14 06:51 - 2010-05-10 15:05 - 00000000 ____D () C:\Users\Kurt Marko
2014-08-14 06:51 - 2010-03-25 05:50 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-08-14 06:51 - 2009-07-14 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2014-08-14 06:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-14 06:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-08-13 23:07 - 2010-03-02 12:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 22:59 - 2013-08-14 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 22:51 - 2010-05-10 21:31 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 22:43 - 2014-05-06 21:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 21:12 - 2012-05-08 20:56 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-13 21:12 - 2012-05-08 20:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-13 21:12 - 2011-06-22 12:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-07 04:06 - 2014-08-13 21:25 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 21:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 10:09 - 2014-08-06 10:08 - 00292152 _____ () C:\Windows\Minidump\080614-31340-01.dmp
2014-08-06 09:26 - 2013-09-14 14:24 - 00000000 ____D () C:\ProgramData\Avira
2014-08-05 09:43 - 2014-08-05 09:43 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\Documents\Aiseesoft Studio
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 ____D () C:\Users\Josef\AppData\Local\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\ProgramData\Aiseesoft Studio
2014-08-05 09:34 - 2014-08-05 09:34 - 00000000 ____D () C:\Program Files (x86)\Aiseesoft Studio
2014-08-05 09:33 - 2014-08-05 09:30 - 346485032 _____ ( ) C:\Users\Josef\Desktop\pdf-to-word-converter.exe
2014-08-05 09:04 - 2011-06-29 09:11 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-08-01 01:41 - 2014-08-13 21:27 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 21:27 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-30 19:37 - 2014-07-30 19:37 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla Firefox
2014-07-29 20:13 - 2014-07-29 20:13 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-29 20:13 - 2014-07-29 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iTunes
2014-07-29 20:13 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-29 20:12 - 2014-07-29 20:12 - 00000000 ____D () C:\Program Files\iPod
2014-07-27 20:15 - 2014-07-27 20:15 - 00448512 _____ (OldTimer Tools) C:\Users\Josef\Downloads\TFC.exe
2014-07-27 16:36 - 2012-05-15 16:17 - 00000000 ____D () C:\Users\Josef\Michael
Files to move or delete:
====================
C:\Users\Josef\ccsetup405_slim_4.05.exe
C:\Users\Josef\GoogleEarthSetup.exe
C:\Users\Josef\JRT.exe
C:\Users\Josef\mbam-setup-1.75.0.1300.exe
C:\Users\Josef\vlc-2.0.8_win32.exe
Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\Josef\AppData\Local\Temp\avgnt.exe
C:\Users\Josef\AppData\Local\Temp\IminentSetup_july17.exe
C:\Users\Josef\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-17 12:03
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- mbam schlägt noch alarm... Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 26.08.2014 Suchlauf-Zeit: 14:04:41 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.26.01 Rootkit Datenbank: v2014.08.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Josef Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 471163 Verstrichene Zeit: 27 Min, 0 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 6 PUP.Optional.Iminent.A, HKU\S-1-5-21-2182236534-1472095680-3225034628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, , [039601c86b109a9ca8a4624955ad2dd3], PUP.Optional.Iminent.A, HKU\S-1-5-21-2182236534-1472095680-3225034628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, , [039601c86b109a9ca8a4624955ad2dd3], PUP.Optional.Iminent.A, HKU\S-1-5-21-2182236534-1472095680-3225034628-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\Iminent, , [861307c2ef8c1125370aa1623fc4fc04], PUP.Optional.Iminent.A, HKU\S-1-5-21-2182236534-1472095680-3225034628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, , [5544f4d5a7d4b87ea4de44d43cc7b24e], PUP.Optional.Iminent.A, HKU\S-1-5-21-2182236534-1472095680-3225034628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\Iminent, , [4554efda9be0053162dfa65d0cf76d93], PUP.Optional.Softonic.A, HKU\S-1-5-21-2182236534-1472095680-3225034628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [d5c419b0423956e0fdb1808625de9868], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 2 PUP.Optional.Iminent.A, C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\extensions\firefoxmini@go.im.xpi, , [7227cffadd9e42f474de5099c33fcb35], PUP.Optional.Iminent.A, C:\Users\Kurt Marko\AppData\Roaming\Mozilla\Firefox\Profiles\5vub7u1w.default\extensions\firefoxmini@go.im.xpi, , [aeebcbfe90ebbd794f038168976bea16], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter <?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/08/26 14:04:41 +0200</date>
<logfile>mbam-log-2014-08-26 (14-04-36).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.08.26.01</malware-database>
<rootkit-database>v2014.08.21.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Josef</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>471163</objects>
<time>1620</time>
<processes>0</processes>
<modules>0</modules>
<keys>6</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>2</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKU\S-1-5-21-2182236534-1472095680-3225034628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>039601c86b109a9ca8a4624955ad2dd3</hash></key>
<key><path>HKU\S-1-5-21-2182236534-1472095680-3225034628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>039601c86b109a9ca8a4624955ad2dd3</hash></key>
<key><path>HKU\S-1-5-21-2182236534-1472095680-3225034628-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>861307c2ef8c1125370aa1623fc4fc04</hash></key>
<key><path>HKU\S-1-5-21-2182236534-1472095680-3225034628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>5544f4d5a7d4b87ea4de44d43cc7b24e</hash></key>
<key><path>HKU\S-1-5-21-2182236534-1472095680-3225034628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>delete-on-reboot</action><hash>4554efda9be0053162dfa65d0cf76d93</hash></key>
<key><path>HKU\S-1-5-21-2182236534-1472095680-3225034628-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader</path><vendor>PUP.Optional.Softonic.A</vendor><action>delete-on-reboot</action><hash>d5c419b0423956e0fdb1808625de9868</hash></key>
<file><path>C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\zm0ohrbj.default-1378816091927\extensions\firefoxmini@go.im.xpi</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>7227cffadd9e42f474de5099c33fcb35</hash></file>
<file><path>C:\Users\Kurt Marko\AppData\Roaming\Mozilla\Firefox\Profiles\5vub7u1w.default\extensions\firefoxmini@go.im.xpi</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>aeebcbfe90ebbd794f038168976bea16</hash></file>
</items>
</mbam-log>
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 26. August 2014 14:54
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : KURTMARKO-PC
Versionsinformationen:
BUILD.DAT : 14.0.6.552 92022 Bytes 23.07.2014 13:29:00
AVSCAN.EXE : 14.0.6.548 1046608 Bytes 06.08.2014 07:07:06
AVSCANRC.DLL : 14.0.6.522 62544 Bytes 06.08.2014 07:07:06
LUKE.DLL : 14.0.6.522 57936 Bytes 06.08.2014 07:07:27
AVSCPLR.DLL : 14.0.6.548 92752 Bytes 06.08.2014 07:07:07
AVREG.DLL : 14.0.6.522 262224 Bytes 06.08.2014 07:07:04
avlode.dll : 14.0.6.526 603728 Bytes 06.08.2014 07:07:03
avlode.rdf : 14.0.4.42 65114 Bytes 17.07.2014 21:49:01
XBV00009.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:06
XBV00010.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:06
XBV00011.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:06
XBV00012.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:06
XBV00013.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:06
XBV00014.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:06
XBV00015.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:06
XBV00016.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:06
XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:06
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:45:07
XBV00093.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00094.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00095.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00096.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00097.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00098.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00099.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00100.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00101.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00102.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00103.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00104.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00105.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00106.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00107.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00108.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00109.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00110.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00111.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00112.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00113.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00114.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00115.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00116.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00117.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00118.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:16
XBV00119.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00120.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00121.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00122.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00123.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00124.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00125.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00126.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00127.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00128.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00129.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00130.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00131.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00132.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00133.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00134.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00135.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00136.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00137.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00138.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00139.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00140.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00141.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00142.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00143.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00144.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00145.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00146.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00147.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00148.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00149.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00150.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:17
XBV00151.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00152.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00153.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00154.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00155.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00156.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00157.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00158.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00159.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00160.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00161.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00162.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00163.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00164.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00165.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00166.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00167.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00168.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00169.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00170.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00171.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00172.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00173.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00174.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00175.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00176.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00177.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00178.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00179.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00180.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00181.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00182.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00183.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:18
XBV00184.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00185.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00186.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00187.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00188.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00189.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00190.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00191.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00192.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00193.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00194.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00195.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00196.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00197.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00198.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00199.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00200.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00201.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00202.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00203.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00204.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00205.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00206.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00207.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00208.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00209.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00210.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00211.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00212.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00213.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00214.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:19
XBV00215.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00216.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00217.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00218.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00219.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00220.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00221.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00222.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00223.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00224.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00225.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00226.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00227.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00228.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00229.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00230.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00231.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00232.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00233.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00234.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00235.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00236.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00237.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00238.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00239.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00240.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00241.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00242.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00243.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00244.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00245.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:20
XBV00246.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:21
XBV00247.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:21
XBV00248.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:21
XBV00249.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:21
XBV00250.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:21
XBV00251.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:21
XBV00252.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:21
XBV00253.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:21
XBV00254.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:21
XBV00255.VDF : 8.11.167.234 2048 Bytes 19.08.2014 12:10:21
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 13:26:19
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 13:26:22
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 13:26:24
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 13:26:26
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 13:26:29
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 13:26:35
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 17:17:02
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 17:07:42
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 13:45:06
XBV00042.VDF : 8.11.167.234 1073152 Bytes 19.08.2014 12:10:14
XBV00043.VDF : 8.11.167.236 3584 Bytes 19.08.2014 12:10:14
XBV00044.VDF : 8.11.167.238 17408 Bytes 19.08.2014 18:10:12
XBV00045.VDF : 8.11.167.242 7168 Bytes 19.08.2014 18:10:12
XBV00046.VDF : 8.11.167.248 2048 Bytes 19.08.2014 18:10:12
XBV00047.VDF : 8.11.168.26 19968 Bytes 19.08.2014 18:10:12
XBV00048.VDF : 8.11.168.44 10240 Bytes 19.08.2014 11:52:32
XBV00049.VDF : 8.11.168.60 2048 Bytes 19.08.2014 11:52:32
XBV00050.VDF : 8.11.168.78 27136 Bytes 20.08.2014 11:52:32
XBV00051.VDF : 8.11.168.80 2048 Bytes 20.08.2014 11:52:32
XBV00052.VDF : 8.11.168.98 15360 Bytes 20.08.2014 17:51:30
XBV00053.VDF : 8.11.168.100 2048 Bytes 20.08.2014 17:51:30
XBV00054.VDF : 8.11.168.116 28160 Bytes 20.08.2014 06:27:29
XBV00055.VDF : 8.11.168.118 9216 Bytes 20.08.2014 06:27:30
XBV00056.VDF : 8.11.168.120 4096 Bytes 20.08.2014 06:27:30
XBV00057.VDF : 8.11.168.124 12800 Bytes 21.08.2014 06:27:30
XBV00058.VDF : 8.11.168.126 25088 Bytes 21.08.2014 14:36:23
XBV00059.VDF : 8.11.168.132 33280 Bytes 21.08.2014 06:38:11
XBV00060.VDF : 8.11.168.134 2048 Bytes 21.08.2014 06:38:11
XBV00061.VDF : 8.11.168.138 11776 Bytes 21.08.2014 06:38:11
XBV00062.VDF : 8.11.168.140 3584 Bytes 21.08.2014 06:38:11
XBV00063.VDF : 8.11.168.158 3584 Bytes 22.08.2014 12:38:26
XBV00064.VDF : 8.11.168.174 2048 Bytes 22.08.2014 12:38:26
XBV00065.VDF : 8.11.168.180 5120 Bytes 22.08.2014 12:38:26
XBV00066.VDF : 8.11.168.220 7168 Bytes 22.08.2014 12:38:26
XBV00067.VDF : 8.11.168.222 20480 Bytes 22.08.2014 19:50:59
XBV00068.VDF : 8.11.168.226 17920 Bytes 22.08.2014 19:50:59
XBV00069.VDF : 8.11.168.230 8704 Bytes 22.08.2014 07:40:00
XBV00070.VDF : 8.11.168.234 4608 Bytes 23.08.2014 19:38:57
XBV00071.VDF : 8.11.168.236 4608 Bytes 23.08.2014 19:38:57
XBV00072.VDF : 8.11.168.238 4608 Bytes 23.08.2014 19:38:57
XBV00073.VDF : 8.11.168.240 37376 Bytes 23.08.2014 19:38:57
XBV00074.VDF : 8.11.168.242 2048 Bytes 23.08.2014 19:38:57
XBV00075.VDF : 8.11.168.244 38400 Bytes 24.08.2014 14:57:11
XBV00076.VDF : 8.11.168.246 2048 Bytes 24.08.2014 14:57:11
XBV00077.VDF : 8.11.168.248 14848 Bytes 24.08.2014 14:57:11
XBV00078.VDF : 8.11.168.252 2048 Bytes 24.08.2014 14:57:12
XBV00079.VDF : 8.11.168.254 24576 Bytes 24.08.2014 14:57:12
XBV00080.VDF : 8.11.169.2 2048 Bytes 24.08.2014 07:58:47
XBV00081.VDF : 8.11.169.4 22528 Bytes 25.08.2014 07:58:47
XBV00082.VDF : 8.11.169.20 6656 Bytes 25.08.2014 07:58:47
XBV00083.VDF : 8.11.169.36 4608 Bytes 25.08.2014 13:57:54
XBV00084.VDF : 8.11.169.38 11264 Bytes 25.08.2014 13:57:54
XBV00085.VDF : 8.11.169.40 2048 Bytes 25.08.2014 13:57:54
XBV00086.VDF : 8.11.169.54 8192 Bytes 25.08.2014 13:57:54
XBV00087.VDF : 8.11.169.62 28672 Bytes 25.08.2014 19:57:53
XBV00088.VDF : 8.11.169.66 14336 Bytes 25.08.2014 07:38:20
XBV00089.VDF : 8.11.169.68 3584 Bytes 25.08.2014 07:38:20
XBV00090.VDF : 8.11.169.72 15872 Bytes 26.08.2014 07:38:20
XBV00091.VDF : 8.11.169.74 6144 Bytes 26.08.2014 07:38:20
XBV00092.VDF : 8.11.169.76 12288 Bytes 26.08.2014 07:38:20
LOCAL001.VDF : 8.11.169.76 109282304 Bytes 26.08.2014 07:38:40
Engineversion : 8.3.24.18
AEVDF.DLL : 8.3.1.6 133992 Bytes 20.08.2014 17:51:30
AESCRIPT.DLL : 8.2.0.18 437104 Bytes 22.08.2014 12:38:26
AESCN.DLL : 8.3.2.2 139456 Bytes 21.07.2014 13:38:59
AESBX.DLL : 8.2.20.24 1409224 Bytes 08.05.2014 17:18:01
AERDL.DLL : 8.2.0.138 704888 Bytes 02.12.2013 14:05:13
AEPACK.DLL : 8.4.0.50 792488 Bytes 07.08.2014 13:45:03
AEOFFICE.DLL : 8.3.0.20 216104 Bytes 14.08.2014 16:00:51
AEHEUR.DLL : 8.1.4.1240 7433072 Bytes 22.08.2014 12:38:26
AEHELP.DLL : 8.3.1.0 278728 Bytes 28.05.2014 16:53:50
AEGEN.DLL : 8.1.7.28 450752 Bytes 06.06.2014 18:33:43
AEEXP.DLL : 8.4.2.30 247712 Bytes 22.08.2014 12:38:26
AEEMU.DLL : 8.1.3.4 399264 Bytes 07.08.2014 13:45:01
AEDROID.DLL : 8.4.2.24 442568 Bytes 04.06.2014 16:55:07
AECORE.DLL : 8.3.2.6 243712 Bytes 07.08.2014 13:45:01
AEBB.DLL : 8.1.2.0 60448 Bytes 07.08.2014 13:45:01
AVWINLL.DLL : 14.0.6.522 24144 Bytes 06.08.2014 07:07:01
AVPREF.DLL : 14.0.6.522 50256 Bytes 06.08.2014 07:07:04
AVREP.DLL : 14.0.6.522 219216 Bytes 06.08.2014 07:07:04
AVARKT.DLL : 14.0.5.368 226384 Bytes 01.07.2014 12:04:40
AVEVTLOG.DLL : 14.0.6.522 182352 Bytes 06.08.2014 07:07:02
SQLITE3.DLL : 14.0.6.522 452176 Bytes 06.08.2014 07:07:29
AVSMTP.DLL : 14.0.6.522 76368 Bytes 06.08.2014 07:07:07
NETNT.DLL : 14.0.6.522 13392 Bytes 06.08.2014 07:07:27
RCIMAGE.DLL : 14.0.6.544 4863568 Bytes 06.08.2014 07:07:01
RCTEXT.DLL : 14.0.6.536 74320 Bytes 06.08.2014 07:07:01
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:, G:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Dienstag, 26. August 2014 14:54
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:)'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'HDD1(E:)'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'HDD3(G:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '163' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'PhotoshopElementsFileAgent.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '132' Modul(e) wurden durchsucht
Durchsuche Prozess 'apnmcp.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArchiCryptInjector64.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'dsiwmis.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'GregHSRW.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'IJPLMSVC.EXE' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Netzmanager_Service.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'NitroPDFReaderDriverService3x64.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'oodag.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'PSIA.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'StarMoneyOnlineUpdate.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'sua.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '199' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler64.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerTray.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'itype.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'ipoint.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'oodtray.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'PrintScreen.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'psi_tray.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'splwow64.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdf24.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerEvent.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'MMDx64Fx.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMworker.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'NBAgent.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '135' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '132' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '27694' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Acer>
Beginne mit der Suche in 'E:\'
Beginne mit der Suche in 'G:\' <Iomega_Ext_Drive>
[0] Archivtyp: OVL
--> C:\Program Files\Vodafone SmartTabII10\usb\amd64\winusbcoinstaller2.dll
[1] Archivtyp: RSRC
--> C:\Program Files\Vodafone SmartTabII10\usb\amd64\WUDFUpdate_01009.dll
[2] Archivtyp: RSRC
--> C:\Program Files\Vodafone SmartTabII10\usb\i386\winusbcoinstaller2.dll
[3] Archivtyp: RSRC
--> C:\Program Files\Vodafone SmartTabII10\usb\i386\WUDFUpdate_01009.dll
[4] Archivtyp: RSRC
--> C:\Program Files (x86)\EgisTec\MyWinLocker 3\HTCA_SelfExtract.bin
[5] Archivtyp: OVL
--> C:\Users\Josef\Downloads\jxpiinstall.exe
[6] Archivtyp: Runtime Packed
--> C:\Windows\System32\DriverStore\FileRepository\android_winusb.inf_amd64_neutral_d3c24ca91a346bfa\amd64\WinUSBCoInstaller2.dll
[7] Archivtyp: RSRC
--> G:\lwc\Tools\ACLiveSE\ACLive\Update V 3.3.2\Live_Vollversion.zip
[8] Archivtyp: ZIP
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen9
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
G:\lwc\Tools\ACLiveSE\ACLive\Update V 3.3.2\Live_Vollversion.zip
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen9
G:\lwc\Tools\AcrobatReader9\Adobe_Community_Help_3.5.0_mediaget.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Mediaget.EB.2
--> G:\lwc\Tools\Java\jxpiinstall.exe
[8] Archivtyp: Runtime Packed
--> G:\lwc\Tools\PinacleTV\setup_christv_5_30_lite.exe
[9] Archivtyp: Inno Setup
--> {tmp}\rkverify.exe
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Relevant.axar
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> {tmp}\rkinstall.exe
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Relevant.P
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
G:\lwc\Tools\PinacleTV\setup_christv_5_30_lite.exe
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Relevant.P
Beginne mit der Desinfektion:
G:\lwc\Tools\PinacleTV\setup_christv_5_30_lite.exe
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Relevant.P
[WARNUNG] Die Datei wurde ignoriert.
G:\lwc\Tools\AcrobatReader9\Adobe_Community_Help_3.5.0_mediaget.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Mediaget.EB.2
[WARNUNG] Die Datei wurde ignoriert.
G:\lwc\Tools\ACLiveSE\ACLive\Update V 3.3.2\Live_Vollversion.zip
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen9
[WARNUNG] Die Datei wurde ignoriert.
Ende des Suchlaufs: Dienstag, 26. August 2014 18:46
Benötigte Zeit: 3:51:55 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
59187 Verzeichnisse wurden überprüft
2501688 Dateien wurden geprüft
6 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
2501682 Dateien ohne Befall
37310 Archive wurden durchsucht
6 Warnungen
0 Hinweise
1193539 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
|
|
27.08.2014, 14:22
| #9 |
| /// the machine /// TB-Ausbilder | Windows 7: 30 Funde mbam, 2 Funde avira Lass die Funde von MBAm löschen, kommen die dann wieder? Den Kram auf der Externen löschen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.08.2014, 10:17
| #10 |
| | Windows 7: 30 Funde mbam, 2 Funde avira schaut gut aus - mbam meldet keine Funde mehr! Code:
ATTFilter <?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/08/28 08:45:57 +0200</date>
<logfile>mbam-log-2014-08-28 (08-45-44).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.08.27.08</malware-database>
<rootkit-database>v2014.08.21.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Josef</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>custom</type>
<result>completed</result>
<objects>548299</objects>
<time>7788</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>
|
|
29.08.2014, 07:57
| #11 |
| /// the machine /// TB-Ausbilder | Windows 7: 30 Funde mbam, 2 Funde avira Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.08.2014, 15:44
| #12 |
| | Windows 7: 30 Funde mbam, 2 Funde avira Ein rießen großes DANKESCHÖN !!!!!!!!!!!!!!! |
|
30.08.2014, 07:03
| #13 |
| /// the machine /// TB-Ausbilder | Windows 7: 30 Funde mbam, 2 Funde avira Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
