| Banana Joe | 20.09.2013 21:21 |
Win 7: "donedrive.net" lässt Fenster und Links erscheinen
Hallo zusammen
Ich habe ein Problem, das Avira nicht erkennen kann und das beunruhigt mich mittlerweile sehr.
Zuerst dachte ich, dass es normale Werbefenster sind, die da immer mal wieder aufblitzen. Mit der Zeit wurden es immer mehr und auch Links (die eigentlich garkeine waren) wurden auf jeder Homepage markiert. Auch der Rechner wurde langsamer. Da ich erst spät gemerkt habe, dass es auch ein Virus sein könnte, kann ich jetzt nicht mehr sagen, wann das ganze angefangen hat.
Mein Virenprogramm hat bei einem Scan nichts gefunden und deswegen habe ich im Netz nach spezialisierten Virenprogrammen gesucht, die mein Problem lösen können, aber keines konnte mir weiterhelfen. Auch Malvarebytes konnte nichts finden.
Ich weiss nicht sehr viel über Computer. Ich hoffe ihr Spezialisten könnt mir trotzdem Schritt für Schritt weiterhelfen.
Ich habe versucht die von euch benötigten Logs vorzubereiten.
Ich hoffe, ich habe es richtig gemacht.
Danke im Voraus für eure Hilfe.
Gruss
Joe
defogger_disable.txt: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:52 on 20/09/2013 (Joe)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST.txt: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-09-2013 01
Ran by Joe (administrator) on JOE-HP on 20-09-2013 16:59:12
Running from C:\Users\Joe\Downloads
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\aestsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(DeviceVM, Inc.) C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
() C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alcor Micro Corp.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Zecter Inc.) C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Somoto) C:\Users\Joe\AppData\Local\FilesFrog Update Checker\update_checker.exe
(Wajam) C:\Program Files\Wajam\Updater\WajamUpdater.exe
() C:\Users\Joe\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
(SafetyNut Inc.) C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe
(SafetyNut Inc.) C:\Program Files\Movies Toolbar\SafetyNut\safetynut.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1778984 2010-05-28] (Synaptics Incorporated)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [AmIcoSinglun] - C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [237568 2010-06-18] (Alcor Micro Corp.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-06-18] (IDT, Inc.)
HKLM\...\Run: [HP Quick Launch] - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602168 2010-06-29] (Hewlett-Packard Company)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [ZumoDrive] - C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2038 2010-08-23] ()
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-08] (Hewlett-Packard Company)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1573584 2012-08-22] (Ask)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522232 2012-09-26] (Cisco Systems, Inc.)
HKLM\...\Runonce: [awch7zip54974] - [x]
HKLM\...\Runonce: [awch7zip54950] - [x]
HKCU\...\Run: [SDP] - C:\Users\Joe\AppData\Local\FilesFrog Update Checker\update_checker.exe [201808 2013-01-31] (Somoto)
HKCU\...\Run: [AppsHat] - C:\Users\Joe\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: UsProvider Class - {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files\Minibar\Minibar.dll (KangoExtensions)
SearchScopes: HKLM - DefaultScope {0271F912-6E09-4C24-81FB-6E98DED09CCB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {0271F912-6E09-4C24-81FB-6E98DED09CCB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {19665229-8012-4C06-BF40-6F2D0EBC7AF5} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {7BE4A1B5-25FC-4D87-9C85-D42D380D55CE} URL = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - DefaultScope {0271F912-6E09-4C24-81FB-6E98DED09CCB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKCU - {0271F912-6E09-4C24-81FB-6E98DED09CCB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKCU - {19665229-8012-4C06-BF40-6F2D0EBC7AF5} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {7BE4A1B5-25FC-4D87-9C85-D42D380D55CE} URL = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {FF8C0CB3-8A5C-47FB-AB86-0D039F2DB63F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10262&src=crm&q={searchTerms}&locale=de_CH&apn_ptnrs=^AGT&apn_dtid=^YYYYYY^YY^CH&apn_uid=B9FCB6EE-FA3E-4A61-B5DD-99FCD4CA58E2&apn_sauid=9B8B1706-2D73-4DAF-A1A3-CD9DC84F10D7
BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Joe\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Movies Toolbar (Dist. by Somoto Ltd.) - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - C:\PROGRA~1\MOVIES~1\SAFETY~1\SRTOOL~1\IE\searchresultsDx.dll ()
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
BHO: MinibarBHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files\Minibar\Minibar.dll (KangoExtensions)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Movies Toolbar (Dist. by Somoto Ltd.) - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - C:\PROGRA~1\MOVIES~1\SAFETY~1\SRTOOL~1\IE\searchresultsDx.dll ()
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU -Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\dlx0hp9d.default
FF DefaultSearchEngine: Wikipedia (en)
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Wikipedia (en)
FF Homepage: hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-105&v=n8883-111&t=4
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10262&locale=de_CH&apn_uid=B9FCB6EE-FA3E-4A61-B5DD-99FCD4CA58E2&apn_ptnrs=%5EAGT&apn_sauid=9B8B1706-2D73-4DAF-A1A3-CD9DC84F10D7&apn_dtid=%5EYYYYYY%5EYY%5ECH&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Complitly - Speed up your search with your personal search suggestions tool - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\dlx0hp9d.default\Extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
FF Extension: Movies Toolbar (Dist. by Somoto Ltd.) - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\dlx0hp9d.default\Extensions\{3444c3c5-6c56-4a16-a453-832b05bf6ea4}
FF Extension: AppsHat - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\dlx0hp9d.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF}
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF Extension: No Name - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
========================== Services (Whitelisted) =================
R2 AntiVirFirewallService; C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe [655928 2013-09-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-10] (Avira Operations GmbH & Co. KG)
R2 DvmMDES; C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [338168 2010-07-20] (DeviceVM, Inc.)
S3 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [246520 2010-04-04] (WildTangent, Inc.)
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-07-08] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()
R2 SafetyNutManager; C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe [3394056 2013-08-20] (SafetyNut Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [237650 2010-06-18] (IDT, Inc.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-09-26] (Cisco Systems, Inc.)
R2 WajamUpdater; C:\Program Files\Wajam\Updater\WajamUpdater.exe [109064 2013-04-22] (Wajam)
==================== Drivers (Whitelisted) ====================
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-09-26] (Cisco Systems, Inc.)
S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [27136 2010-06-17] (Alcor Micro, Corp.)
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [92448 2013-09-10] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [113024 2013-09-10] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-05-26] (Avira Operations GmbH & Co. KG)
R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [294952 2010-06-10] (Broadcom Corporation.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [18136 2009-11-11] (DeviceVM, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-19] (Avira GmbH)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-20 16:59 - 2013-09-20 16:59 - 00000000 ____D C:\FRST
2013-09-20 16:56 - 2013-09-20 16:56 - 01083549 _____ (Farbar) C:\Users\Joe\Downloads\FRST.exe
2013-09-20 16:52 - 2013-09-20 16:53 - 00000468 _____ C:\Users\Joe\Downloads\defogger_disable.log
2013-09-20 16:52 - 2013-09-20 16:52 - 00000000 _____ C:\Users\Joe\defogger_reenable
2013-09-20 16:51 - 2013-09-20 16:51 - 00050477 _____ C:\Users\Joe\Downloads\Defogger.exe
2013-09-20 16:39 - 2013-09-20 16:39 - 00000000 ____D C:\ProgramData\Wincert
2013-09-20 16:38 - 2013-09-20 16:54 - 00000000 ____D C:\ProgramData\SafetyNut
2013-09-20 16:38 - 2013-09-20 16:38 - 00000000 ____D C:\Program Files\Movies Toolbar
2013-09-20 16:37 - 2013-09-20 16:37 - 00166600 _____ () C:\Users\Joe\Downloads\7ZipSetup(1).exe
2013-09-20 16:34 - 2013-09-20 16:34 - 00002058 _____ C:\Users\Joe\Desktop\AppsHat.lnk
2013-09-20 16:34 - 2013-09-20 16:34 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
2013-09-20 16:34 - 2013-09-20 16:34 - 00000000 ____D C:\Users\Joe\AppData\Local\WebPlayer
2013-09-20 16:34 - 2013-09-20 16:34 - 00000000 ____D C:\Users\Joe\AppData\Local\Minibar
2013-09-20 16:34 - 2013-09-20 16:34 - 00000000 ____D C:\Program Files\Minibar
2013-09-20 16:34 - 2013-09-20 16:34 - 00000000 ____D C:\Program Files\7-Zip
2013-09-20 16:33 - 2013-09-20 16:33 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
2013-09-20 16:33 - 2013-09-20 16:33 - 00000000 ____D C:\Users\Joe\AppData\Local\Wajam
2013-09-20 16:33 - 2013-09-20 16:33 - 00000000 ____D C:\Program Files\Wajam
2013-09-20 16:32 - 2013-09-20 16:32 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
2013-09-20 16:32 - 2013-09-20 16:32 - 00000000 ____D C:\Users\Joe\AppData\Local\FilesFrog Update Checker
2013-09-20 16:15 - 2013-09-20 16:15 - 00166600 _____ () C:\Users\Joe\Downloads\7ZipSetup.exe
2013-09-20 15:45 - 2013-09-20 15:45 - 98467286 _____ C:\Windows\system32\앶쮏ᩌa
2013-09-19 19:18 - 2013-09-19 19:18 - 00001984 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-09-18 12:05 - 2013-09-18 12:05 - 98123923 _____ C:\Windows\system32\泇ᩌ`
2013-09-17 16:43 - 2013-09-17 16:43 - 97949955 _____ C:\Windows\system32\ꍞ횇ᩌb
2013-09-17 00:58 - 2013-09-17 00:58 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Malwarebytes
2013-09-17 00:57 - 2013-09-17 00:57 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-17 00:57 - 2013-09-17 00:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-17 00:57 - 2013-09-17 00:57 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-17 00:57 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-17 00:52 - 2013-09-17 00:52 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Joe\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-16 00:37 - 2013-09-16 00:37 - 97671483 _____ C:\Windows\system32\榟ᩌ`
2013-09-13 00:54 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 00:54 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 00:54 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 00:54 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 00:54 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 00:54 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 00:54 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 00:54 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 00:54 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 00:54 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 00:54 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 00:54 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 00:54 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 00:54 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 00:54 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 00:54 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 23:21 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 23:21 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 23:21 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 23:21 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 23:21 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 23:21 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 23:21 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 23:21 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 23:21 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 21:33 - 2013-09-12 21:33 - 97373152 _____ C:\Windows\system32\쌛㭦ᩌ`
2013-09-10 19:49 - 2013-09-10 19:49 - 96985259 _____ C:\Windows\system32\�줪ᩌi
2013-09-10 13:15 - 2013-09-10 13:10 - 00113024 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwot.sys
2013-09-10 13:15 - 2013-09-10 13:10 - 00092448 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwim.sys
2013-09-10 12:53 - 2013-09-10 12:53 - 02092792 _____ C:\Users\Joe\Downloads\avira_free_antivirus(1).exe
2013-09-10 12:46 - 2013-09-10 12:46 - 02092776 _____ C:\Users\Joe\Downloads\avira_internet_security.exe
2013-09-10 00:28 - 2013-09-10 00:28 - 04054000 _____ (LionSea Software ) C:\Users\Joe\Downloads\setup.exe
2013-09-05 00:21 - 2013-09-05 00:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-28 23:56 - 2013-09-13 00:46 - 00000000 ____D C:\Windows\system32\MRT
2013-08-28 19:42 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-28 19:42 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-28 19:42 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-28 19:42 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-28 19:42 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-28 19:42 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-28 19:42 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-28 19:42 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-28 19:42 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-28 19:42 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-28 19:42 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-28 19:42 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-28 19:41 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-28 19:41 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-28 19:36 - 2013-09-05 00:38 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
==================== One Month Modified Files and Folders =======
2013-09-20 16:59 - 2013-09-20 16:59 - 00000000 ____D C:\FRST
2013-09-20 16:57 - 2010-12-20 15:54 - 01628639 _____ C:\Windows\WindowsUpdate.log
2013-09-20 16:56 - 2013-09-20 16:56 - 01083549 _____ (Farbar) C:\Users\Joe\Downloads\FRST.exe
2013-09-20 16:54 - 2013-09-20 16:38 - 00000000 ____D C:\ProgramData\SafetyNut
2013-09-20 16:53 - 2013-09-20 16:52 - 00000468 _____ C:\Users\Joe\Downloads\defogger_disable.log
2013-09-20 16:52 - 2013-09-20 16:52 - 00000000 _____ C:\Users\Joe\defogger_reenable
2013-09-20 16:52 - 2013-03-17 19:24 - 00000000 ____D C:\Users\Joe
2013-09-20 16:51 - 2013-09-20 16:51 - 00050477 _____ C:\Users\Joe\Downloads\Defogger.exe
2013-09-20 16:50 - 2013-03-24 23:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-20 16:39 - 2013-09-20 16:39 - 00000000 ____D C:\ProgramData\Wincert
2013-09-20 16:38 - 2013-09-20 16:38 - 00000000 ____D C:\Program Files\Movies Toolbar
2013-09-20 16:37 - 2013-09-20 16:37 - 00166600 _____ () C:\Users\Joe\Downloads\7ZipSetup(1).exe
2013-09-20 16:34 - 2013-09-20 16:34 - 00002058 _____ C:\Users\Joe\Desktop\AppsHat.lnk
2013-09-20 16:34 - 2013-09-20 16:34 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
2013-09-20 16:34 - 2013-09-20 16:34 - 00000000 ____D C:\Users\Joe\AppData\Local\WebPlayer
2013-09-20 16:34 - 2013-09-20 16:34 - 00000000 ____D C:\Users\Joe\AppData\Local\Minibar
2013-09-20 16:34 - 2013-09-20 16:34 - 00000000 ____D C:\Program Files\Minibar
2013-09-20 16:34 - 2013-09-20 16:34 - 00000000 ____D C:\Program Files\7-Zip
2013-09-20 16:33 - 2013-09-20 16:33 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
2013-09-20 16:33 - 2013-09-20 16:33 - 00000000 ____D C:\Users\Joe\AppData\Local\Wajam
2013-09-20 16:33 - 2013-09-20 16:33 - 00000000 ____D C:\Program Files\Wajam
2013-09-20 16:32 - 2013-09-20 16:32 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
2013-09-20 16:32 - 2013-09-20 16:32 - 00000000 ____D C:\Users\Joe\AppData\Local\FilesFrog Update Checker
2013-09-20 16:16 - 2009-07-14 06:34 - 00014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-20 16:16 - 2009-07-14 06:34 - 00014128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-20 16:15 - 2013-09-20 16:15 - 00166600 _____ () C:\Users\Joe\Downloads\7ZipSetup.exe
2013-09-20 15:47 - 2013-03-17 19:41 - 00000000 ____D C:\Users\Joe\AppData\Roaming\ZumoDrive
2013-09-20 15:45 - 2013-09-20 15:45 - 98467286 _____ C:\Windows\system32\앶쮏ᩌa
2013-09-20 10:09 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-20 10:09 - 2009-07-14 06:39 - 00045833 _____ C:\Windows\setupact.log
2013-09-19 19:18 - 2013-09-19 19:18 - 00001984 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-09-19 19:02 - 2013-03-17 19:20 - 00277468 _____ C:\Windows\PFRO.log
2013-09-18 12:05 - 2013-09-18 12:05 - 98123923 _____ C:\Windows\system32\泇ᩌ`
2013-09-17 16:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-17 16:43 - 2013-09-17 16:43 - 97949955 _____ C:\Windows\system32\ꍞ횇ᩌb
2013-09-17 00:58 - 2013-09-17 00:58 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Malwarebytes
2013-09-17 00:57 - 2013-09-17 00:57 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-17 00:57 - 2013-09-17 00:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-17 00:57 - 2013-09-17 00:57 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-17 00:52 - 2013-09-17 00:52 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Joe\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-16 00:51 - 2013-03-24 23:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-16 00:51 - 2013-03-24 23:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-16 00:37 - 2013-09-16 00:37 - 97671483 _____ C:\Windows\system32\榟ᩌ`
2013-09-15 16:28 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-15 16:15 - 2009-07-14 06:33 - 00408952 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-15 16:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-13 01:05 - 2013-03-19 17:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 00:46 - 2013-08-28 23:56 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 00:42 - 2013-03-21 14:43 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 21:33 - 2013-09-12 21:33 - 97373152 _____ C:\Windows\system32\쌛㭦ᩌ`
2013-09-10 19:49 - 2013-09-10 19:49 - 96985259 _____ C:\Windows\system32\�줪ᩌi
2013-09-10 13:17 - 2013-03-19 16:46 - 00000000 ____D C:\ProgramData\Avira
2013-09-10 13:10 - 2013-09-10 13:15 - 00113024 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwot.sys
2013-09-10 13:10 - 2013-09-10 13:15 - 00092448 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwim.sys
2013-09-10 12:53 - 2013-09-10 12:53 - 02092792 _____ C:\Users\Joe\Downloads\avira_free_antivirus(1).exe
2013-09-10 12:52 - 2009-09-07 01:02 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-10 12:46 - 2013-09-10 12:46 - 02092776 _____ C:\Users\Joe\Downloads\avira_internet_security.exe
2013-09-10 00:28 - 2013-09-10 00:28 - 04054000 _____ (LionSea Software ) C:\Users\Joe\Downloads\setup.exe
2013-09-09 18:30 - 2013-03-19 18:27 - 00000000 ____D C:\Users\Joe\AppData\Local\CrashDumps
2013-09-08 14:41 - 2013-05-26 21:16 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-08 14:41 - 2013-03-19 16:46 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-08 14:41 - 2013-03-19 16:46 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-08 14:34 - 2013-03-21 11:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-05 00:38 - 2013-08-28 19:36 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-09-05 00:38 - 2013-05-26 21:23 - 00000052 _____ C:\Windows\system32\DOErrors.log
2013-09-05 00:22 - 2013-09-05 00:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-29 21:45 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-28 23:43 - 2010-08-23 12:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
Some content of TEMP:
====================
C:\Users\Joe\AppData\Local\Temp\7z920.exe
C:\Users\Joe\AppData\Local\Temp\app.exe
C:\Users\Joe\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Joe\AppData\Local\Temp\AskSLib.dll
C:\Users\Joe\AppData\Local\Temp\biclient.exe
C:\Users\Joe\AppData\Local\Temp\Extract.exe
C:\Users\Joe\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Joe\AppData\Local\Temp\HPQSi.exe
C:\Users\Joe\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe
C:\Users\Joe\AppData\Local\Temp\SP56497.exe
C:\Users\Joe\AppData\Local\Temp\sp58915.exe
C:\Users\Joe\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\Joe\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\Joe\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Joe\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Joe\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Joe\AppData\Local\Temp\wajam_download.exe
C:\Users\Joe\AppData\Local\Temp\WindowsAPI.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-13 00:15
==================== End Of Log ============================
Addition.txt: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-09-2013 01
Ran by Joe at 2013-09-20 17:02:06
Running from C:\Users\Joe\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
7-Zip 9.20
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.174)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader 9.5.5 MUI (Version: 9.5.5)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Alcor Micro USB Card Reader (Version: 1.9.17.35420)
AppsHat Mobile Apps (HKCU Version: 1.0.0.0)
Ask Toolbar (Version: 1.15.5.0)
Ask Toolbar Updater (HKCU Version: 1.3.1.26360)
Avira Internet Security (Version: 13.0.0.4052)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Bar (Version: 7.1.391.0)
Broadcom 2070 Bluetooth 3.0 (Version: 6.3.0.5600)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)
Bundled software uninstaller
Chuzzle Deluxe (Version: 2.2.0.95)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.10057)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.10057)
Complitly
CyberLink DVD Suite (Version: 7.0.3003)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dream Chronicles (Version: 2.2.0.95)
Energy Star Digital Logo (Version: 1.0.1)
ESU for Microsoft Windows 7 (Version: 1.0.0)
FATE (Version: 2.2.0.95)
FilesFrog Update Checker
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)
HP CloudDrive
HP Customer Experience Enhancements (Version: 6.0.1.3)
HP Documentation (Version: 1.1.0.0)
HP Game Console
HP Games (Version: 1.0.1.3)
HP HomeBase (Version: 3.2.2.90)
HP Power Manager (Version: 1.0.3)
HP Quick Launch (Version: 2.1.5)
HP QuickSync (Version: 6.2.684.10454)
HP QuickWeb Installer (Version: 1.3.12.1)
HP Setup (Version: 8.1.4186.3400)
HP Software Framework (Version: 4.0.51.1)
HP Support Assistant (Version: 7.0.39.15)
HP Wireless Assistant (Version: 4.0.10.0)
IDT Audio (Version: 1.0.6289.0)
Insaniquarium Deluxe (Version: 2.2.0.95)
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2117)
Intel(R) Matrix Storage Manager
Java Auto Updater (Version: 2.0.2.1)
Java(TM) 6 Update 20 (Version: 6.0.200)
Jewel Quest - Heritage (Version: 2.2.0.95)
Jewel Quest II (Version: 2.2.0.95)
Jewel Quest Solitaire (Version: 2.2.0.95)
JoJo's Fashion Show (Version: 2.2.0.95)
Junk Mail filter update (Version: 14.0.8117.416)
Mahjongg Artifacts (Version: 2.2.0.95)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MiKTeX 2.9 (Version: 2.9)
Movies Toolbar for Firefox (Dist. by Somoto Ltd.) (Version: 1.6.2.0)
Movies Toolbar for Internet Explorer (Dist. by Somoto Ltd.) (Version: 1.6.2.0)
Mozilla Firefox 23.0.1 (x86 en-US) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSVCRT (Version: 14.0.1468.721)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Power2Go (Version: 6.1.4204)
R for Windows 2.15.3 (Version: 2.15.3)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.23.623.2010)
Recovery Manager (Version: 5.5.3023)
Skip-Bo - Castaway Caper (Version: 2.2.0.95)
Slingo Deluxe (Version: 2.2.0.95)
Synaptics Pointing Device Driver (Version: 15.0.23.0)
Tradewinds Legends (Version: 2.2.0.95)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Virtual Villagers - The Secret City (Version: 2.2.0.95)
Wajam (Version: 1.93)
Wedding Dash (Version: 2.2.0.95)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Fotogalerie (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Zuma Deluxe (Version: 2.2.0.95)
==================== Restore Points =========================
28-08-2013 17:53:47 HPSF Applying updates
28-08-2013 17:54:43 HPSF Applying updates
28-08-2013 21:42:03 Windows Update
12-09-2013 22:42:02 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {097AAF57-93C5-49CB-B38B-B55B47A57E5E} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-08-22] ()
Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {172226EF-A546-43C9-9F76-855F7DDD1EA3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4247427C-0ED7-474A-8ADB-4ED157B4BDAD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-08-20] (Microsoft)
Task: {5D03F871-AE77-4263-8E45-16D4AAA8389E} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {6B087A3D-97CB-4D38-8437-031A327AD55F} - System32\Tasks\ServicePlan => C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {71B73C6B-1B9B-4797-8337-3B1409C760A3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {7FBD16E3-21CC-4B81-A5AA-65383983081A} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {82B52AF7-914E-40B2-8798-6E5DAB52F646} - System32\Tasks\JavaUpdateSched => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18] (Sun Microsystems, Inc.)
Task: {8CD924E2-19F8-4A00-9516-06B693433AAE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {A1606451-56BE-4ABD-8B85-57A7B26277AD} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {B5627F1B-B8A4-43FE-9FF6-00F2804FC182} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-16] (Adobe Systems Incorporated)
Task: {BA7A1EE0-20E4-45B8-B00B-BB13443AF560} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {D1062BD2-029F-4D0E-A9FA-911AC63D5E59} - System32\Tasks\RecoveryCDWin7 => C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2010-04-19 18:55 - 2010-04-19 18:55 - 00303616 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2010-05-28 06:06 - 2010-05-28 06:06 - 00173352 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2010-05-28 06:06 - 2010-05-28 06:06 - 00165160 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2010-12-20 16:09 - 2010-06-18 07:10 - 03473408 _____ (IDT, Inc.) C:\Program Files\IDT\WDM\STLang.dll
2010-12-20 16:09 - 2010-06-18 07:10 - 00527872 _____ (IDT, Inc.) C:\Windows\system32\stapi32.dll
2013-03-17 19:41 - 2013-09-20 15:47 - 00198144 _____ () C:\Users\Joe\AppData\Local\Temp\WindowsAPI.dll
2013-03-17 19:41 - 2013-03-17 19:41 - 00335872 _____ (Eclipse Foundation) C:\Users\Joe\AppData\Local\Temp\swt-win32-3448.dll
2013-03-17 19:41 - 2013-03-17 19:41 - 00077824 _____ (Eclipse Foundation) C:\Users\Joe\AppData\Local\Temp\swt-gdip-win32-3448.dll
2013-09-20 15:47 - 2013-09-20 15:47 - 00379904 _____ () C:\Users\Joe\AppData\Local\Temp\libsqlitejdbc-8933792094994555371.lib
2010-06-09 00:04 - 2010-06-09 00:04 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-07-08 13:46 - 2010-07-08 13:46 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-07-08 13:45 - 2010-07-08 13:45 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-07-08 13:46 - 2010-07-08 13:46 - 00028216 _____ (Root-Project) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\LocalizeExtension.dll
2010-08-23 12:42 - 2010-08-23 12:42 - 00237112 _____ (Hewlett-Packard Development Company, L.P.) C:\Windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll
2010-07-08 13:46 - 2010-07-08 13:46 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2013-09-15 18:27 - 2013-09-16 00:51 - 16244616 ____R (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\Flash32_11_8_800_174.ocx
2010-03-29 00:22 - 2010-03-29 00:22 - 00718848 _____ (Versionate Inc.) C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
2013-09-20 16:38 - 2013-08-20 17:42 - 00476680 _____ () C:\Program Files\Movies Toolbar\SafetyNut\safetycrt.dll
2013-04-09 18:01 - 2013-04-09 18:01 - 00055296 _____ () C:\Users\Joe\AppData\Local\Temp\nsdFC1.tmp\~nsoE63F.tmp
2013-09-20 16:38 - 2013-08-20 17:42 - 00017416 _____ () C:\Program Files\Movies Toolbar\SafetyNut\safetyldr.dll
2013-09-20 16:38 - 2013-08-20 17:42 - 02055176 _____ (SafetyNut Inc.) C:\Program Files\Movies Toolbar\SafetyNut\safetynut.dll
2013-09-05 00:22 - 2013-09-05 00:22 - 03551640 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-09-10 19:52 - 2013-09-10 19:52 - 16177544 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
==================== Alternate Data Streams (whitelisted) ==========
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/17/2013 04:45:58 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (09/17/2013 10:32:51 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/13/2013 00:18:34 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/09/2013 06:29:38 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0xdc8
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (08/28/2013 10:40:26 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (08/28/2013 10:38:49 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/03/2013 03:20:41 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (07/03/2013 03:18:56 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/04/2013 11:56:52 PM) (Source: MsiInstaller) (User: Joe-HP)
Description: Product: HP Customer Experience Enhancements -- Error 1609.An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (06/04/2013 11:53:20 PM) (Source: Microsoft-Windows-RestartManager) (User: Joe-HP)
Description: Die Anwendung oder der Dienst "hpCaslNotification" konnte nicht heruntergefahren werden.
System errors:
=============
Error: (09/20/2013 04:39:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SafetyNut Manager" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (09/20/2013 03:45:33 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst btwdins erreicht.
Error: (09/20/2013 00:41:18 AM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}
Error: (09/19/2013 07:05:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/19/2013 07:05:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Email-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (09/19/2013 07:05:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (09/19/2013 07:05:12 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (09/19/2013 07:05:12 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (09/18/2013 07:35:27 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error: (09/18/2013 07:32:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (09/17/2013 04:45:58 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (09/17/2013 10:32:51 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Hewlett-Packard\HP Quick Launch\x64\Beats64.exe
Error: (09/13/2013 00:18:34 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Hewlett-Packard\HP Quick Launch\x64\Beats64.exe
Error: (09/09/2013 06:29:38 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487dc801cead79b84b60d4C:\Program Files\Avira\AntiVir Desktop\avnotify.exeC:\Program Files\Avira\AntiVir Desktop\avnotify.exe04c57a69-196d-11e3-abd8-e02a828df09e
Error: (08/28/2013 10:40:26 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (08/28/2013 10:38:49 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Hewlett-Packard\HP Quick Launch\x64\Beats64.exe
Error: (07/03/2013 03:20:41 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (07/03/2013 03:18:56 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Hewlett-Packard\HP Quick Launch\x64\Beats64.exe
Error: (06/04/2013 11:56:52 PM) (Source: MsiInstaller)(User: Joe-HP)
Description: Product: HP Customer Experience Enhancements -- Error 1609.An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (06/04/2013 11:53:20 PM) (Source: Microsoft-Windows-RestartManager)(User: Joe-HP)
Description: 1C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exehpCaslNotification0211748480
==================== Memory info ===========================
Percentage of memory in use: 84%
Total physical RAM: 1011.87 MB
Available physical RAM: 155.71 MB
Total Pagefile: 2035.87 MB
Available Pagefile: 639.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.92 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:212.07 GB) (Free:176.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:20.52 GB) (Free:2.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 537F3549)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=212 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
==================== End Of Log ============================
GMER.txt: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-20 21:18:56
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.PC2O 232.89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Joe\AppData\Local\Temp\fxldypow.sys
---- System - GMER 2.1 ----
SSDT 8A0A8EB6 ZwCreateSection
SSDT 8A0A8E8E ZwCreateSymbolicLinkObject
SSDT 8A0A8E93 ZwLoadDriver
SSDT 8A0A8E89 ZwOpenSection
SSDT 8A0A8EC0 ZwRequestWaitReplyPort
SSDT 8A0A8EBB ZwSetContextThread
SSDT 8A0A8EC5 ZwSetSecurityObject
SSDT 8A0A8E98 ZwSetSystemInformation
SSDT 8A0A8ECA ZwSystemDebugControl
SSDT 8A0A8E57 ZwTerminateProcess
SSDT 8A0A8E52 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 81A4EA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81A88212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 81A8F58C 4 Bytes [B6, 8E, 0A, 8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 81A8F594 4 Bytes [8E, 8E, 0A, 8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1313 81A8F6A8 4 Bytes [93, 8E, 0A, 8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 13AF 81A8F744 4 Bytes [89, 8E, 0A, 8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 81A8F8E8 4 Bytes [C0, 8E, 0A, 8A]
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp avfwot.sys
AttachedDevice \Driver\tdx \Device\Udp avfwot.sys
AttachedDevice \Driver\tdx \Device\RawIp avfwot.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a828df09e
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a828df09e (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
AdwCleaner auf deinen Desktop.
Malwarebytes Anti-Malware 
SecurityCheck und:
Lesestoff: