Windows 7: Advanced System Protector & RegClean Pro infiziert
Habe heute entdeckt, daß auf unserem Notebook die Troyaner Advanced System Protector & RegClean Pro sind.
Hier die Logs:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by *** *** (administrator) on ******-PC on 04-10-2013 15:50:57
Running from C:\Users\*** ***\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
(Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Spigot, Inc.) C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe
({StringFileInfo_CompanyName}) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
() C:\Windows\system32\dmwu.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
() C:\Windows\SysWOW64\jmdp\stij.exe
() C:\Windows\System32\ljkb\stij.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
() C:\Users\*** ***\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-03] (Dell Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2023936 2009-07-31] (Eastman Kodak Company)
HKLM-x32\...\runonceex: [] -
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-27] (Microsoft Corporation)
HKCU\...\Run: [OM2_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95536 2007-09-04] (OLYMPUS IMAGING CORP.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\RunOnce: [AutoLaunch] - C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe monthly [743584 2012-01-04] ()
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-25] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-19] ()
HKLM-x32\...\Run: [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe
HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2023936 2009-07-31] (Eastman Kodak Company)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [282624 2006-09-01] (Apple Computer, Inc.)
HKLM-x32\...\Run: [OM2_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [54576 2007-09-04] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [SearchSettings] - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe [974848 2010-01-08] (Spigot, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [901800 2011-11-21] ({StringFileInfo_CompanyName})
HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
Startup: C:\Users\*** ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\*** ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\*** ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * lsdelete
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.gmx.de/
URLSearchHook: (No Name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No File
SearchScopes: HKLM - DefaultScope {C9A36B78-D2C3-4773-8732-1724BC31F3AA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {05CE778F-6A4B-438A-9775-0BF1940C8FAD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {FB9D68CF-A0DC-45DC-AB29-99E01DD542C7} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
SearchScopes: HKCU - {05CE778F-6A4B-438A-9775-0BF1940C8FAD} URL =
SearchScopes: HKCU - {C9A36B78-D2C3-4773-8732-1724BC31F3AA} URL =
SearchScopes: HKCU - {FB9D68CF-A0DC-45DC-AB29-99E01DD542C7} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\*** ***\AppData\Roaming\Mozilla\Firefox\Profiles\z6ushyxf.default
FF NewTab: hxxp://www.sweetpacks-search.com/?barid=&src=97&
FF DefaultSearchEngine: Sweetpacks Search
FF SelectedSearchEngine: Sweetpacks Search
FF Homepage: hxxp://www.sweetpacks-search.com/?barid=&src=10&|hxxp://www.gmx.net/|hxxp://www.google.de/
FF Keyword.URL: hxxp://mysearch.sweetpacks.com?src=6&barid=&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @eleco.com/o2cplayer - C:\Program Files (x86)\Eleco\o2c Player\npO2CPlayer64.DLL (ELECO Software GmbH)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @eleco.com/o2cplayer - C:\Program Files (x86)\Eleco\o2c Player\npO2CPlayer.DLL (ELECO Software GmbH)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\*** ***\AppData\Roaming\Mozilla\Firefox\Profiles\z6ushyxf.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\*** ***\AppData\Roaming\Mozilla\Firefox\Profiles\z6ushyxf.default\searchplugins\MyStart.xml
FF SearchPlugin: C:\Users\*** ***\AppData\Roaming\Mozilla\Firefox\Profiles\z6ushyxf.default\searchplugins\Sweetpacks Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-08] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-20] (Just Develop It)
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1762608 2013-09-15] ()
R2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [1181328 2012-01-04] (Lavasoft)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [33280 2009-07-17] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-05-11] (Avira Operations GmbH & Co. KG)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-01-30] (Lavasoft AB)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
U1 usbj7xit; \??\C:\Windows\system32\drivers\usbj7xit.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-04 15:50 - 2013-10-04 15:50 - 00000000 ____D C:\FRST
2013-10-04 15:49 - 2013-10-04 15:49 - 01954124 _____ (Farbar) C:\Users\*** ***\Downloads\FRST64.exe
2013-10-04 15:47 - 2013-10-04 15:47 - 00000486 _____ C:\Users\*** ***\Downloads\defogger_disable.log
2013-10-04 15:47 - 2013-10-04 15:47 - 00000000 _____ C:\Users\*** ***\defogger_reenable
2013-10-04 15:46 - 2013-10-04 15:46 - 00050477 _____ C:\Users\*** ***\Downloads\Defogger.exe
2013-10-04 15:36 - 2013-10-04 15:44 - 00001158 _____ C:\Users\*** ***\Desktop\Continue Zip Extractor Installation.lnk
2013-10-04 15:36 - 2013-10-04 15:36 - 00749248 _____ C:\Users\*** ***\Downloads\ZipExtractorSetup.exe
2013-10-04 15:00 - 2013-10-04 15:00 - 00000000 ____D C:\38dc90448a460e38a3
2013-10-02 09:13 - 2013-10-04 14:55 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-10-02 09:12 - 2013-10-04 15:01 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-10-02 09:12 - 2013-10-04 15:01 - 00000290 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-10-02 09:12 - 2013-10-04 14:52 - 00000298 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-10-02 09:12 - 2013-10-02 09:13 - 00000000 ____D C:\Users\*** ***\AppData\Roaming\Systweak
2013-10-02 09:12 - 2013-10-02 09:13 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-02 09:12 - 2013-10-02 09:12 - 00003360 _____ C:\Windows\System32\Tasks\Advanced System Protector
2013-10-02 09:12 - 2013-10-02 09:12 - 00003066 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2013-10-02 09:12 - 2013-10-02 09:12 - 00002910 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2013-10-02 09:12 - 2013-10-02 09:12 - 00001203 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-10-02 09:12 - 2013-10-02 09:12 - 00001052 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-10-02 09:12 - 2013-10-02 09:12 - 00000000 ____D C:\Users\*** ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-10-02 09:12 - 2013-10-02 09:12 - 00000000 ____D C:\ProgramData\Systweak
2013-10-02 09:12 - 2013-10-02 09:12 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-10-02 09:12 - 2013-10-02 09:12 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-10-02 09:12 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-10-02 09:12 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2013-10-02 09:11 - 2013-10-02 09:11 - 05615928 _____ (Systweak Inc ) C:\Users\*** ***\Downloads\rcpsetup_matomy_my30679(1).exe
2013-10-02 09:10 - 2013-10-02 09:10 - 05615928 _____ (Systweak Inc ) C:\Users\*** ***\Downloads\rcpsetup_matomy_my30679.exe
2013-10-02 09:06 - 2013-10-02 09:06 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-10-02 09:06 - 2013-10-02 09:06 - 00000000 ____D C:\Windows\system32\ljkb
2013-10-01 09:10 - 2013-10-01 09:10 - 00000000 ____D C:\1a45980153ef8a268d71e2
2013-09-30 11:39 - 2013-09-30 11:39 - 00000078 _____ C:\Windows\system32\ricdb.ini
2013-09-30 11:39 - 2013-09-30 11:39 - 00000000 ____D C:\ProgramData\RICOH
2013-09-30 11:35 - 2013-09-30 11:37 - 09962452 _____ () C:\Users\*** ***\Downloads\r59085L11.exe
2013-09-29 17:07 - 2013-09-29 17:08 - 00000000 ____D C:\d5940577aa1d4b98ac6b8b46d94f
2013-09-26 09:17 - 2013-09-26 09:18 - 00000000 ____D C:\fdd91f46cb134d5d807b6d9f9987
2013-09-24 10:59 - 2013-09-24 10:59 - 00000000 ____D C:\Users\*** ***\Vodafone
2013-09-24 10:36 - 2013-09-24 10:36 - 00000000 ____D C:\Users\*** ***\Kind
2013-09-22 11:00 - 2013-09-24 12:31 - 00000000 ____D C:\Users\*** ***\Privat
2013-09-21 12:49 - 2013-09-21 12:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-21 07:57 - 2013-09-21 07:57 - 98498750 _____ C:\Windows\SysWOW64\⚖훶Ḽ—
2013-09-14 13:40 - 2013-09-14 13:40 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-14 13:39 - 2013-09-14 13:39 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-14 13:10 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-14 13:10 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-14 13:10 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-14 13:10 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-14 13:10 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-14 13:10 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-14 13:10 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-14 13:10 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-14 13:10 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-14 13:10 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-14 13:10 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-14 13:10 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-14 13:10 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-14 13:10 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-14 13:10 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-14 13:10 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-14 13:10 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-14 13:10 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-14 13:10 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-14 13:10 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-14 13:10 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-14 13:06 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-14 13:06 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-14 13:06 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-14 13:06 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-14 13:06 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-14 13:06 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-14 13:06 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-14 13:06 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-14 13:06 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-14 13:06 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-14 13:06 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-14 13:06 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-14 13:06 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-14 13:06 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-14 13:06 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-14 13:06 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-14 13:06 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-14 13:06 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-14 13:06 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-14 13:06 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-14 13:06 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-14 13:06 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-14 13:06 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-14 13:06 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-14 13:06 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-14 13:06 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-14 13:06 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-14 13:06 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-14 13:06 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-14 13:06 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-14 13:06 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-14 12:56 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-14 12:55 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-14 12:55 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-14 12:55 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-14 12:55 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-14 12:55 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-13 19:44 - 2013-09-13 19:44 - 00000000 ____D C:\ProgramData\Oracle
2013-09-12 17:22 - 2013-09-12 17:23 - 00000000 ____D C:\6f3a4c0ffba94caa04273053948b7d3f
2013-09-08 18:23 - 2013-09-08 18:25 - 00000000 ____D C:\eb8aa6eb69ad369b6e8c0719
==================== One Month Modified Files and Folders =======
2013-10-04 15:50 - 2013-10-04 15:50 - 00000000 ____D C:\FRST
2013-10-04 15:49 - 2013-10-04 15:49 - 01954124 _____ (Farbar) C:\Users\*** ***\Downloads\FRST64.exe
2013-10-04 15:47 - 2013-10-04 15:47 - 00000486 _____ C:\Users\*** ***\Downloads\defogger_disable.log
2013-10-04 15:47 - 2013-10-04 15:47 - 00000000 _____ C:\Users\*** ***\defogger_reenable
2013-10-04 15:47 - 2010-01-30 20:51 - 00000000 ____D C:\Users\*** ***
2013-10-04 15:46 - 2013-10-04 15:46 - 00050477 _____ C:\Users\*** ***\Downloads\Defogger.exe
2013-10-04 15:44 - 2013-10-04 15:36 - 00001158 _____ C:\Users\*** ***\Desktop\Continue Zip Extractor Installation.lnk
2013-10-04 15:42 - 2009-07-14 07:10 - 01405491 _____ C:\Windows\WindowsUpdate.log
2013-10-04 15:36 - 2013-10-04 15:36 - 00749248 _____ C:\Users\*** ***\Downloads\ZipExtractorSetup.exe
2013-10-04 15:35 - 2013-01-28 14:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-04 15:02 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-04 15:02 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 15:01 - 2013-10-02 09:12 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-10-04 15:01 - 2013-10-02 09:12 - 00000290 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-10-04 15:00 - 2013-10-04 15:00 - 00000000 ____D C:\38dc90448a460e38a3
2013-10-04 14:56 - 2010-01-30 22:53 - 00003608 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2013-10-04 14:56 - 2010-01-30 22:53 - 00003416 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Daily 4)
2013-10-04 14:56 - 2010-01-30 22:53 - 00003416 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Daily 3)
2013-10-04 14:56 - 2010-01-30 22:53 - 00003416 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Daily 2)
2013-10-04 14:56 - 2010-01-30 22:53 - 00003416 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Daily 1)
2013-10-04 14:55 - 2013-10-02 09:13 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-10-04 14:53 - 2013-06-06 22:41 - 00000000 ____D C:\Users\*** ***\AppData\Roaming\Skype
2013-10-04 14:52 - 2013-10-02 09:12 - 00000298 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-10-04 14:52 - 2010-02-01 13:35 - 00000000 ____D C:\Users\*** ***\Tracing
2013-10-04 14:52 - 2010-01-31 20:13 - 00136188 _____ C:\aaw7boot.log
2013-10-04 14:52 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-04 14:52 - 2009-07-14 06:51 - 00095499 _____ C:\Windows\setupact.log
2013-10-02 09:13 - 2013-10-02 09:12 - 00000000 ____D C:\Users\*** ***\AppData\Roaming\Systweak
2013-10-02 09:13 - 2013-10-02 09:12 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-02 09:12 - 2013-10-02 09:12 - 00003360 _____ C:\Windows\System32\Tasks\Advanced System Protector
2013-10-02 09:12 - 2013-10-02 09:12 - 00003066 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2013-10-02 09:12 - 2013-10-02 09:12 - 00002910 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2013-10-02 09:12 - 2013-10-02 09:12 - 00001203 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-10-02 09:12 - 2013-10-02 09:12 - 00001052 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-10-02 09:12 - 2013-10-02 09:12 - 00000000 ____D C:\Users\*** ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-10-02 09:12 - 2013-10-02 09:12 - 00000000 ____D C:\ProgramData\Systweak
2013-10-02 09:12 - 2013-10-02 09:12 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-10-02 09:12 - 2013-10-02 09:12 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-10-02 09:12 - 2010-01-30 20:51 - 00000000 ___RD C:\Users\*** ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-02 09:11 - 2013-10-02 09:11 - 05615928 _____ (Systweak Inc ) C:\Users\*** ***\Downloads\rcpsetup_matomy_my30679(1).exe
2013-10-02 09:10 - 2013-10-02 09:10 - 05615928 _____ (Systweak Inc ) C:\Users\*** ***\Downloads\rcpsetup_matomy_my30679.exe
2013-10-02 09:06 - 2013-10-02 09:06 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-10-02 09:06 - 2013-10-02 09:06 - 00000000 ____D C:\Windows\system32\ljkb
2013-10-02 09:06 - 2013-06-09 19:42 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-10-02 09:04 - 2013-06-09 19:42 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2013-10-01 09:10 - 2013-10-01 09:10 - 00000000 ____D C:\1a45980153ef8a268d71e2
2013-09-30 11:39 - 2013-09-30 11:39 - 00000078 _____ C:\Windows\system32\ricdb.ini
2013-09-30 11:39 - 2013-09-30 11:39 - 00000000 ____D C:\ProgramData\RICOH
2013-09-30 11:37 - 2013-09-30 11:35 - 09962452 _____ () C:\Users\*** ***\Downloads\r59085L11.exe
2013-09-29 17:08 - 2013-09-29 17:07 - 00000000 ____D C:\d5940577aa1d4b98ac6b8b46d94f
2013-09-26 15:22 - 2009-12-20 16:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-26 09:18 - 2013-09-26 09:17 - 00000000 ____D C:\fdd91f46cb134d5d807b6d9f9987
2013-09-25 09:08 - 2010-01-30 20:52 - 00085776 _____ C:\Users\*** ***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-25 09:06 - 2009-07-14 06:45 - 00368400 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-24 12:31 - 2013-09-22 11:00 - 00000000 ____D C:\Users\*** ***\Privat
2013-09-24 12:23 - 2010-02-02 11:25 - 00000000 ____D C:\Users\*** ***\PhD
2013-09-24 12:13 - 2012-03-18 19:43 - 00000000 ____D C:\Users\*** ***\Haus Haar
2013-09-24 10:59 - 2013-09-24 10:59 - 00000000 ____D C:\Users\*** ***\Vodafone
2013-09-24 10:36 - 2013-09-24 10:36 - 00000000 ____D C:\Users\*** ***\Kind
2013-09-24 10:02 - 2009-07-14 19:58 - 00643866 _____ C:\Windows\system32\perfh007.dat
2013-09-24 10:02 - 2009-07-14 19:58 - 00126394 _____ C:\Windows\system32\perfc007.dat
2013-09-24 10:02 - 2009-07-14 07:13 - 01472002 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-21 17:44 - 2013-01-28 19:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-21 12:50 - 2013-01-28 19:10 - 00000000 ____D C:\Users\*** ***\AppData\Local\Mozilla
2013-09-21 12:49 - 2013-09-21 12:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-21 07:58 - 2013-01-28 14:58 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-21 07:57 - 2013-09-21 07:57 - 98498750 _____ C:\Windows\SysWOW64\⚖훶Ḽ—
2013-09-21 07:57 - 2013-01-28 14:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-21 07:57 - 2012-01-04 15:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-16 03:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-15 14:33 - 2013-06-09 19:42 - 01762608 _____ C:\Windows\system32\dmwu.exe
2013-09-15 14:27 - 2013-06-09 19:42 - 00033792 _____ (IncrediMail, Ltd.) C:\Windows\system32\ImHttpComm.dll
2013-09-15 14:22 - 2010-01-30 21:45 - 00000000 ____D C:\Users\*** ***\AppData\Roaming\Adobe
2013-09-14 14:00 - 2010-01-30 20:52 - 00000000 ___RD C:\Users\*** ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-14 14:00 - 2010-01-30 20:51 - 00000000 ___RD C:\Users\*** ***\Eigene Bilder
2013-09-14 13:58 - 2009-12-20 09:24 - 00573396 _____ C:\Windows\PFRO.log
2013-09-14 13:40 - 2013-09-14 13:40 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-14 13:39 - 2013-09-14 13:39 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-14 13:39 - 2010-02-01 13:15 - 00000000 ____D C:\Users\*** ***\AppData\Local\Adobe
2013-09-14 13:39 - 2009-12-20 16:33 - 00000000 ____D C:\ProgramData\Adobe
2013-09-14 13:06 - 2013-07-21 21:41 - 00000000 ____D C:\Windows\system32\MRT
2013-09-14 13:00 - 2010-01-31 22:11 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-13 19:44 - 2013-09-13 19:44 - 00000000 ____D C:\ProgramData\Oracle
2013-09-12 17:23 - 2013-09-12 17:22 - 00000000 ____D C:\6f3a4c0ffba94caa04273053948b7d3f
2013-09-09 10:54 - 2013-06-09 19:42 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2013-09-09 10:54 - 2013-06-09 19:42 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2013-09-08 18:25 - 2013-09-08 18:23 - 00000000 ____D C:\eb8aa6eb69ad369b6e8c0719
2013-09-08 18:20 - 2013-05-11 13:37 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-08 18:20 - 2013-05-11 13:37 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-08 18:20 - 2013-05-11 13:37 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
Files to move or delete:
====================
C:\Users\*** ***\Ad-AwareInstallation.exe
C:\Users\*** ***\Ad-AwareInstaller.exe
C:\Users\*** ***\aio_install.exe
C:\Users\*** ***\avira_antivir_personal_de.exe
C:\Users\*** ***\avira_free_antivirus_de.exe
C:\Users\*** ***\FirmwareFlashLauncher.exe
Some content of TEMP:
====================
C:\Users\*** ***\AppData\Local\Temp\7.8.50.2-EasyShrx.Dll
C:\Users\*** ***\AppData\Local\Temp\BackupSetup.exe
C:\Users\*** ***\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\*** ***\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\*** ***\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\*** ***\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\*** ***\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\*** ***\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\*** ***\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\*** ***\AppData\Local\Temp\mgsqlite3.dll
C:\Users\*** ***\AppData\Local\Temp\Shortcut_sweetim_0711-adf025c2.exe
C:\Users\*** ***\AppData\Local\Temp\SIMEEI2Installer.exe
C:\Users\*** ***\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\*** ***\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*** ***\AppData\Local\Temp\wajam_install.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-01 12:43
==================== End Of Log ==
--- --- ---
FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by *** *** at 2013-10-04 15:52:56
Running from C:\Users\*** ***\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Watch Live! (Disabled - Up to date) {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
==================== Installed Programs ======================
Ad-Aware (x32 Version: 8.1.1)
Ad-Aware (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader 9.1.2 - Deutsch (x32 Version: 9.1.2)
Adobe Reader XI (11.0.04) - Deutsch (x32 Version: 11.0.04)
Advanced Audio FX Engine (x32 Version: 1.12.05)
Advanced System Protector (x32 Version: 2.1.1000.10905)
aiofw (x32 Version: 2.04.0000.0000)
aioocr (x32 Version: 1.00.0000)
aioprnt (x32 Version: 2.04.0000.0000)
aioscnnr (x32 Version: 2.04.0000.0000)
Ask Toolbar (x32 Version: 1.13.2.0)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Bing Bar (x32 Version: 7.0.850.0)
center (x32 Version: 2.04.0000.0000)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Dell Dock (Version: 2.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell Touchpad (Version: 7.104.115.102)
Dell Webcam Central (x32 Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
ElsterFormular (x32 Version: 11.1.2.3848)
GoToAssist 8.0.0.514 (x32)
Help_CTR (x32 Version: 2.04.0000.000)
helptut (x32 Version: 2.00.0000.0000)
helpug (x32 Version: 2.04.0000.0000)
IB Updater Service (x32 Version: 4.0.7.4)
IKEA Home Planner (x32 Version: 2.0.3)
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology (x32 Version: 10.5.0.1029)
Intel® Matrix Storage Manager
Internet Explorer Toolbar 4.6 by SweetPacks (x32 Version: 4.6.0004)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 14 (64-bit) (Version: 6.0.140)
Java(TM) 6 Update 30 (x32 Version: 6.0.300)
Junk Mail filter update (x32 Version: 14.0.8089.726)
ksdip (x32 Version: 2.00.0000.0000)
ksDIP (x32 Version: 3.20.0000.0000)
Live! Cam Avatar Creator (x32 Version: 4.6.3009.1)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office XP Media Content (x32 Version: 10.0.2619.0)
Microsoft Office XP Professional (x32 Version: 10.0.6626.0)
Microsoft Search Enhancement Pack (x32 Version: 1.2.123.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Silverlight (x32 Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
MyPC Backup (Version: )
Nero Media Player (x32)
Nero OEM (x32)
NeroVision Express 2 SE (x32)
netbrdg (x32 Version: 7.00.0000.0003)
o2c Player (x32 Version: 2.0.0.64)
OLYMPUS Master 2 (x32 Version: 1.0.6)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
PDFCreator (x32 Version: 1.0.1)
pdfforge Toolbar v1.1.2 (x32 Version: 1.1.2)
PowerDVD DX (x32 Version: 8.3.5424)
PreReq (x32 Version: 3.20.0000.0000)
Quickset64 (Version: 9.6.6)
QuickTime (x32 Version: 7.1.3.100)
RegClean Pro (x32 Version: 6.21)
Roxio Burn (x32 Version: 1.0)
Roxio Burn (x32 Version: 1.0.0)
Roxio Update Manager (x32 Version: 6.0.0)
SFR (x32 Version: 7.00.0000.0004)
Skype™ 6.7 (x32 Version: 6.7.102)
SweetIM for Messenger 3.7 (x32 Version: 3.7.0007)
SweetPacks bundle uninstaller (x32 Version: 1.0.0001)
Universal Document Converter (Demo) (x32 Version: 5.1)
Update Manager for SweetPacks 1.1 (x32 Version: 1.1.0008)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (x32 Version: 9.0.30729.01)
VLC media player 1.1.11 (x32 Version: 1.1.11)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Toolbar (x32 Version: 14.0.8064.206)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
==================== Restore Points =========================
27-09-2013 07:04:17 Windows Update
27-09-2013 11:23:01 Windows Update
28-09-2013 06:35:31 Windows Update
28-09-2013 19:58:41 Windows Update
29-09-2013 15:06:16 Windows Update
29-09-2013 15:49:35 Windows Update
29-09-2013 18:43:21 Windows-Sicherung
29-09-2013 20:22:43 Windows Update
30-09-2013 11:23:44 Windows Update
01-10-2013 07:09:01 Windows Update
01-10-2013 12:25:06 Windows Update
02-10-2013 07:03:43 Windows Update
02-10-2013 12:22:18 Windows Update
04-10-2013 12:59:06 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {146BAB91-ECD6-48DD-B2EE-A7A4261BDA50} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-08-22] (Systweak Inc)
Task: {25BBAC6B-14CA-4653-933C-C81AECE6B226} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2012-01-04] (Lavasoft)
Task: {3251847B-98ED-4C18-9974-209251375D12} - System32\Tasks\D6ZBH2K1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: {3882A5B6-4DA9-4534-8F7E-2144C9373039} - System32\Tasks\Ad-Aware Update (Daily 1) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2012-01-04] (Lavasoft)
Task: {3BB59E43-A197-4288-A5D8-EAC67334544F} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-08-22] (Systweak Inc)
Task: {3DD0B00F-88F8-41BA-953B-2B6AA6C56E94} - System32\Tasks\Ad-Aware Update (Daily 3) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2012-01-04] (Lavasoft)
Task: {9EA12679-9D56-4772-898F-EA1F5833F171} - System32\Tasks\Ad-Aware Update (Daily 2) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2012-01-04] (Lavasoft)
Task: {A64EC3D4-21C6-4E16-87BC-DE08A55A13F8} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2013-05-24] (Systweak)
Task: {ABE1EDEF-9428-45CF-9F4C-411DC45ADA5F} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe [2013-08-22] (Systweak Inc )
Task: {E33D80E8-D48E-456E-B784-E719AC466AD9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-21] (Adobe Systems Incorporated)
Task: {F8309F66-6A36-44D0-97E7-5542C0FEBD7B} - System32\Tasks\Ad-Aware Update (Daily 4) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2012-01-04] (Lavasoft)
Task: {FD370088-BCB5-4015-ACC3-839C96DDFA61} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-08-22] (Systweak Inc)
Task: {FD48DC46-ED09-4C23-A49D-260A58CDE931} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe
==================== Loaded Modules (whitelisted) =============
2009-12-02 15:19 - 2012-01-04 16:54 - 00398568 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll
2009-12-20 16:48 - 2009-07-17 03:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2013-08-16 20:02 - 2013-08-16 20:02 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\b02a06065bf03ce9817ae9cce23bc2e4\VistaBridgeLibrary.ni.dll
2013-09-20 00:37 - 2013-09-20 00:37 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2013-09-20 00:32 - 2013-09-20 00:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2013-09-15 14:32 - 2013-09-15 14:32 - 01321472 _____ () C:\Windows\System32\ljkb\lmrn.dll
2009-12-02 15:19 - 2012-01-04 16:52 - 00327000 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\RPAPI.dll
2013-01-28 15:49 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-10-02 09:12 - 2012-07-25 12:03 - 00886272 _____ () C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll
2013-10-02 09:12 - 2013-05-24 13:13 - 01730928 _____ () C:\Program Files (x86)\Advanced System Protector\aspsys.dll
2013-10-02 09:12 - 2012-07-25 12:03 - 00168448 _____ () C:\Program Files (x86)\Advanced System Protector\UNRAR.DLL
2010-05-04 15:36 - 2010-05-04 15:36 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-09-15 14:30 - 2013-09-15 14:30 - 01062912 _____ () C:\Windows\SysWOW64\jmdp\lmrn.dll
2013-09-21 12:49 - 2013-09-21 12:49 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-12 18:35 - 2013-09-12 18:35 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
2009-12-02 15:19 - 2012-01-04 16:53 - 00389784 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\UpdateManager.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/04/2013 03:00:48 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4 Client Profile -- Fehler 1723. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Eine für den Abschluss der Installation erforderliche DLL konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: SchedSecureObjects_x64, Eintrag: SchedSecureObjects, Bibliothek: C:\Windows\Installer\MSI2B5C.tmp
Error: (10/04/2013 02:55:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SweetIM.exe, Version: 3.7.0.7, Zeitstempel: 0x506d9e00
Name des fehlerhaften Moduls: ole32.DLL, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00039342
ID des fehlerhaften Prozesses: 0xb80
Startzeit der fehlerhaften Anwendung: 0xSweetIM.exe0
Pfad der fehlerhaften Anwendung: SweetIM.exe1
Pfad des fehlerhaften Moduls: SweetIM.exe2
Berichtskennung: SweetIM.exe3
Error: (10/04/2013 02:53:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x1014
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (10/02/2013 02:22:38 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1714.Die ältere Version von Microsoft Visual C++ 2005 Redistributable konnte nicht entfernt werden. Wenden Sie sich an den technischen Support. Systemfehler 1612.
Error: (10/02/2013 01:23:15 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (10/02/2013 09:04:58 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1714.Die ältere Version von Microsoft Visual C++ 2005 Redistributable konnte nicht entfernt werden. Wenden Sie sich an den technischen Support. Systemfehler 1612.
Error: (10/01/2013 09:28:10 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x1180
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (10/01/2013 02:25:23 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1714.Die ältere Version von Microsoft Visual C++ 2005 Redistributable konnte nicht entfernt werden. Wenden Sie sich an den technischen Support. Systemfehler 1612.
Error: (10/01/2013 00:45:26 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (10/01/2013 09:10:51 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4 Client Profile -- Fehler 1723. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Eine für den Abschluss der Installation erforderliche DLL konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: SchedSecureObjects_x64, Eintrag: SchedSecureObjects, Bibliothek: C:\Windows\Installer\MSIB67B.tmp
System errors:
=============
Error: (10/04/2013 03:01:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Microsoft .NET Framework 4 Client Profile für Windows 7 x64-basierte Systeme (KB982670)
Error: (10/04/2013 02:54:11 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Avira Echtzeit-Scanner" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (10/04/2013 02:54:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/04/2013 02:54:08 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (10/04/2013 02:54:00 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (10/04/2013 02:52:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/04/2013 02:52:55 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
Error: (10/02/2013 02:22:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243)
Error: (10/02/2013 02:22:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Silverlight (KB2847559)
Error: (10/02/2013 09:06:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243)
Microsoft Office Sessions:
=========================
Error: (10/04/2010 05:07:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22019 seconds with 0 seconds of active time. This session ended with a crash.
Error: (06/09/2010 01:49:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6551 seconds with 2880 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 52%
Total physical RAM: 4056.36 MB
Available physical RAM: 1944.52 MB
Total Pagefile: 8110.91 MB
Available Pagefile: 5751.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:205.72 GB) NTFS
Drive d: (Disk) (CDROM) (Total:0.19 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 9E6BDD7B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
==================== End Of Log ============================
--- --- --- Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-04 16:15:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\BIANCA~1\AppData\Local\Temp\kwtyraod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff80002dc1000 19 bytes [8B, 01, 48, 83, C1, 08, 48, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 564 fffff80002dc1014 50 bytes [8B, 5C, 24, 40, 48, 8B, 6C, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c31465 2 bytes [C3, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c314bb 2 bytes [C3, 76]
.text ... * 2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2492] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 000000006c2e11a8 2 bytes [2E, 6C]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2492] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 000000006c2e13a8 2 bytes [2E, 6C]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2492] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 000000006c2e1422 2 bytes [2E, 6C]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[2492] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 000000006c2e1498 2 bytes [2E, 6C]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c31465 2 bytes [C3, 76]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[3008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c314bb 2 bytes [C3, 76]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c31465 2 bytes [C3, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c314bb 2 bytes [C3, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3692] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076c31465 2 bytes [C3, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3692] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076c314bb 2 bytes [C3, 76]
.text ... * 2
.text C:\Windows\SysWOW64\jmdp\stij.exe[4052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c31465 2 bytes [C3, 76]
.text C:\Windows\SysWOW64\jmdp\stij.exe[4052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c314bb 2 bytes [C3, 76]
.text ... * 2
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c31465 2 bytes [C3, 76]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c314bb 2 bytes [C3, 76]
.text ... * 2
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c31465 2 bytes [C3, 76]
.text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c314bb 2 bytes [C3, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5892:5592] 000007fefbce2a7c
---- EOF - GMER 2.1 ----
und die Avira Meldung: Code:
In der Datei 'C:\Users\*** ***\AppData\Local\Temp\sptemp\skypesetup.exe_635163024110064801'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Vielen Dank für Eure Hilfe! |
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
