Trojaner-Board - [IMINENT] Browser befallen, Programm unerklärlich auf Computer installiert

Bei einem neuen Tab ist es immer noch das selbe, bei der Startseite kann ich das nicht beurteilen da ich diese vorher schon manuell umgestellt hatte.

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013

Ran by nektarum (administrator) on NEKTARUM-VAIO on 12-10-2013 15:11:13

Running from C:\Users\nektarum\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Sony Corporation) c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe

(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

(1und1 Mail und Media GmbH) C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe

(ALPS) C:\Program Files\Apoint\Apvfb.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe

(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe

(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe

(Microsoft Corporation) C:\Windows\System32\vds.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-29] (Conexant Systems, Inc.)

HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790688 2011-04-29] (Atheros Communications)

HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-04-29] (Atheros Commnucations)

HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-10-17] (Alps Electric Co., Ltd.)

HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-08-08] (Google Inc.)

HKCU\...\Run: [Rainlendar2] - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe

HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)

HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)

HKLM-x32\...\Run: [PMBVolumeWatcher] - c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)

HKLM-x32\...\Run: [MailCheck IE Broker] - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [1481280 2013-07-01] (1und1 Mail und Media GmbH)

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)

AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.191\{c16c1~1\browse~1.dll [ ] ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/

SearchScopes: HKCU - {04EF6A70-3BC6-4482-B6DB-0EFDAD96C21B} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {1A6097A7-3498-4E03-BEA3-A1F22528D7EC} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie

SearchScopes: HKCU - {3CFD213A-FD11-4C43-9042-05103AE3EAFE} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {6197DA52-83DB-4560-894A-D4029C22A7E8} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices

SearchScopes: HKCU - {67986C53-5956-4D02-84B2-71DC482E29BD} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q311&_nkw={searchTerms}

SearchScopes: HKCU - {7B40797C-6F89-4E21-A913-06BFACFDD4EA} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)

BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: TubeSaver - {f336028d-158a-481f-9dd7-cd19734173c1} - C:\Program Files (x86)\TubeSaver\130.dll No File

Toolbar: HKLM - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)

Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - GMX MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU -  No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File

Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)

Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\nektarum\AppData\Roaming\Mozilla\Firefox\Profiles\recthfxd.default

FF user.js: detected! => C:\Users\nektarum\AppData\Roaming\Mozilla\Firefox\Profiles\recthfxd.default\user.js

FF NewTab: hxxp://start.iminent.com/?ref=NewTab&appId=8E9A383C-010C-46F3-B12E-65DF2CC41BED

FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");

FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF SearchPlugin: C:\Users\nektarum\AppData\Roaming\Mozilla\Firefox\Profiles\recthfxd.default\searchplugins\iminent.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: FoxyDeal - C:\Users\nektarum\AppData\Roaming\Mozilla\Firefox\Profiles\recthfxd.default\Extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D}

FF Extension: nosquint - C:\Users\nektarum\AppData\Roaming\Mozilla\Firefox\Profiles\recthfxd.default\Extensions\nosquint@urandom.ca.xpi

FF Extension: No Name - C:\Users\nektarum\AppData\Roaming\Mozilla\Firefox\Profiles\recthfxd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF HKCU\...\Firefox\Extensions: [{9d98c11e-02f4-4775-8299-faaaa81f3865}] - C:\Program Files (x86)\TubeSaver\130.xpi
 

Chrome: 

=======

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx

CHR HKLM-x32\...\Chrome\Extension: [ojcdnngpmbenohhjlickdajclhbcaada] - C:\Program Files (x86)\TubeSaver\130.crx
 

==================== Services (Whitelisted) =================
 

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)

R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)

S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)

S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1021112 2011-03-30] (Sony Corporation)

S2 McAfee SiteAdvisor Service; 
 

==================== Drivers (Whitelisted) ====================
 

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-01] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-01] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)

S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)

U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-12 15:11 - 2013-10-12 15:11 - 00000000 ____D C:\FRST

2013-10-12 15:10 - 2013-10-12 15:10 - 01954124 _____ (Farbar) C:\Users\nektarum\Downloads\FRST64.exe

2013-10-12 15:10 - 2013-10-12 15:10 - 01087213 _____ (Farbar) C:\Users\nektarum\Downloads\FRST.exe

2013-10-12 14:50 - 2013-10-12 14:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\nektarum\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-12 14:50 - 2013-10-12 14:50 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-12 14:50 - 2013-10-12 14:50 - 00000000 ____D C:\Users\nektarum\AppData\Roaming\Malwarebytes

2013-10-12 14:50 - 2013-10-12 14:50 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-12 14:50 - 2013-10-12 14:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-12 14:50 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-11 16:34 - 2013-10-11 16:36 - 00000000 ____D C:\Users\nektarum\Desktop\Neuer Ordner

2013-10-11 09:24 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-10-11 09:24 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-10-11 09:24 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-11 09:24 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-11 09:24 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-10-11 09:24 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-11 09:24 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-11 09:24 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-10-11 09:24 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-11 09:24 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-10-11 09:24 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-11 09:24 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-11 09:24 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-10-11 09:24 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-10-11 09:24 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-11 09:24 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-10-11 09:24 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-11 09:24 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-10-11 09:24 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-10-11 09:24 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-10-09 17:32 - 2013-10-09 17:32 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2013-10-09 11:11 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-10-09 11:11 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-10-09 11:11 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2013-10-09 11:11 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

2013-10-09 11:11 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-10-09 11:11 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-10-09 11:11 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2013-10-09 11:11 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-10-09 11:11 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2013-10-09 11:11 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-10-09 11:11 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-10-09 11:11 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-10-09 11:11 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2013-10-09 11:11 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-10-09 11:11 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2013-10-09 11:11 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-10-09 11:11 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-10-09 11:11 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-10-09 11:11 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-10-09 11:11 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-09 11:11 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys

2013-10-09 11:11 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2013-10-09 11:11 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2013-10-09 11:11 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-09 11:11 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2013-10-09 11:11 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

2013-10-09 11:11 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

2013-10-09 11:11 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2013-10-09 11:11 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2013-10-09 11:11 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2013-10-09 11:11 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-09 11:11 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-09 11:11 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2013-10-09 11:11 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2013-10-09 11:11 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2013-10-09 11:11 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-09 11:11 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2013-10-09 11:11 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2013-10-09 11:11 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2013-10-09 11:11 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-09 11:11 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2013-10-09 11:11 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2013-10-09 11:10 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2013-10-09 11:10 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2013-10-09 11:10 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2013-10-09 11:10 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2013-10-09 11:10 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2013-10-09 11:10 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2013-10-09 11:10 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2013-10-09 11:10 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2013-10-09 11:10 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-09 11:10 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 11:10 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 11:00 - 2013-10-09 11:00 - 00003086 _____ C:\Windows\System32\Tasks\{5C34603E-F373-428C-9BDE-0FED978405AF}

2013-10-01 14:57 - 2013-10-01 14:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-09-26 17:34 - 2013-09-26 17:34 - 00000000 ____D C:\Users\nektarum\AppData\Local\Microsoft Help

2013-09-26 17:34 - 2013-09-26 17:34 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-09-13 14:35 - 2013-09-14 14:41 - 00000000 ___SD C:\Program Files (x86)\PTBSync

2013-09-13 12:21 - 2013-10-12 14:47 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog

2013-09-13 12:21 - 2013-10-12 14:47 - 00000000 ____D C:\Program Files (x86)\Iminent

2013-09-13 12:21 - 2013-09-13 12:21 - 00000000 ____D C:\Program Files (x86)\FoxyDeal

2013-09-13 12:20 - 2013-09-13 12:23 - 00000000 ____D C:\Program Files (x86)\Rainlendar2

2013-09-13 09:27 - 2013-09-13 09:27 - 00000000 __RHD C:\MSOCache

2013-09-12 16:08 - 2013-09-12 16:08 - 01232763 _____ C:\Users\nektarum\Downloads\Gansessen1.rar

2013-09-12 16:08 - 2013-09-12 16:08 - 01232763 _____ C:\Users\nektarum\Desktop\Gansessen1.rar

2013-09-12 16:08 - 2013-09-12 16:08 - 00603271 _____ C:\Users\nektarum\Desktop\Gansessen2.rar
 

==================== One Month Modified Files and Folders =======
 

2013-10-12 15:11 - 2013-10-12 15:11 - 00000000 ____D C:\FRST

2013-10-12 15:11 - 2009-07-14 06:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-12 15:11 - 2009-07-14 06:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-12 15:10 - 2013-10-12 15:10 - 01954124 _____ (Farbar) C:\Users\nektarum\Downloads\FRST64.exe

2013-10-12 15:10 - 2013-10-12 15:10 - 01087213 _____ (Farbar) C:\Users\nektarum\Downloads\FRST.exe

2013-10-12 15:07 - 2013-08-01 20:22 - 00697534 _____ C:\Windows\system32\perfh007.dat

2013-10-12 15:07 - 2013-08-01 20:22 - 00148540 _____ C:\Windows\system32\perfc007.dat

2013-10-12 15:07 - 2013-08-01 19:28 - 01140386 _____ C:\Windows\WindowsUpdate.log

2013-10-12 15:07 - 2009-07-14 07:13 - 01614892 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-12 15:05 - 2013-08-07 20:44 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0A5373DE-C14F-4AB2-B374-0B1857CC31FD}

2013-10-12 15:03 - 2013-08-12 08:46 - 00012422 _____ C:\Windows\setupact.log

2013-10-12 15:03 - 2013-08-08 16:06 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-12 15:03 - 2013-08-01 19:47 - 00000000 ____D C:\ProgramData\NVIDIA

2013-10-12 15:03 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-12 15:02 - 2013-08-15 17:32 - 00009764 _____ C:\Windows\PFRO.log

2013-10-12 14:50 - 2013-10-12 14:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\nektarum\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-12 14:50 - 2013-10-12 14:50 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-12 14:50 - 2013-10-12 14:50 - 00000000 ____D C:\Users\nektarum\AppData\Roaming\Malwarebytes

2013-10-12 14:50 - 2013-10-12 14:50 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-12 14:50 - 2013-10-12 14:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-12 14:47 - 2013-09-13 12:21 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog

2013-10-12 14:47 - 2013-09-13 12:21 - 00000000 ____D C:\Program Files (x86)\Iminent

2013-10-12 14:32 - 2013-08-07 22:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-12 14:27 - 2013-08-08 16:06 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-12 11:27 - 2013-08-07 21:27 - 00000000 ____D C:\Users\nektarum\AppData\Roaming\Skype

2013-10-12 09:22 - 2013-08-08 16:06 - 00004110 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-10-12 09:22 - 2013-08-08 16:06 - 00003858 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-10-11 16:36 - 2013-10-11 16:34 - 00000000 ____D C:\Users\nektarum\Desktop\Neuer Ordner

2013-10-11 16:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache

2013-10-11 12:07 - 2009-07-14 06:45 - 00301536 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-11 12:06 - 2013-08-08 09:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-11 12:06 - 2013-08-08 09:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-10-11 09:22 - 2011-02-11 01:03 - 01592786 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-10-11 09:17 - 2013-08-14 11:36 - 00000000 ____D C:\Windows\system32\MRT

2013-10-11 09:15 - 2013-08-08 22:27 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-10-09 17:32 - 2013-10-09 17:32 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2013-10-09 17:32 - 2013-08-07 22:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-10-09 17:32 - 2013-08-07 22:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-10-09 17:32 - 2013-08-07 22:07 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-10-09 12:03 - 2013-09-08 09:55 - 00072369 _____ C:\test.xml

2013-10-09 11:00 - 2013-10-09 11:00 - 00003086 _____ C:\Windows\System32\Tasks\{5C34603E-F373-428C-9BDE-0FED978405AF}

2013-10-09 10:57 - 2009-07-14 07:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-02 09:00 - 2013-09-04 11:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-10-01 16:46 - 2013-09-04 11:49 - 00000000 ____D C:\Users\nektarum\AppData\Local\Mozilla

2013-10-01 15:06 - 2013-08-08 16:09 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-10-01 15:06 - 2013-08-08 16:07 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-10-01 15:06 - 2013-08-08 16:07 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-10-01 15:06 - 2013-08-08 16:07 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2013-10-01 14:57 - 2013-10-01 14:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-09-27 15:54 - 2013-08-07 21:39 - 00000000 ____D C:\Users\nektarum\AppData\Roaming\SoftGrid Client

2013-09-26 17:34 - 2013-09-26 17:34 - 00000000 ____D C:\Users\nektarum\AppData\Local\Microsoft Help

2013-09-26 17:34 - 2013-09-26 17:34 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-09-23 22:05 - 2013-08-08 14:51 - 00000000 ____D C:\Users\nektarum\AppData\Local\CrashDumps

2013-09-23 01:28 - 2013-10-11 09:24 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-09-23 01:28 - 2013-10-11 09:24 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-09-23 00:55 - 2013-10-11 09:24 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-09-23 00:55 - 2013-10-11 09:24 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-09-23 00:55 - 2013-10-11 09:24 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-09-23 00:54 - 2013-10-11 09:24 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-09-23 00:54 - 2013-10-11 09:24 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-09-23 00:54 - 2013-10-11 09:24 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-09-23 00:54 - 2013-10-11 09:24 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-09-23 00:54 - 2013-10-11 09:24 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-09-23 00:54 - 2013-10-11 09:24 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-09-23 00:54 - 2013-10-11 09:24 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-09-23 00:54 - 2013-10-11 09:24 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-09-23 00:54 - 2013-10-11 09:24 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-09-23 00:54 - 2013-10-11 09:24 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-09-23 00:54 - 2013-10-11 09:24 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-09-21 05:38 - 2013-10-11 09:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-09-21 05:30 - 2013-10-11 09:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-09-21 04:48 - 2013-10-11 09:24 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-09-21 04:39 - 2013-10-11 09:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-09-14 14:41 - 2013-09-13 14:35 - 00000000 ___SD C:\Program Files (x86)\PTBSync

2013-09-14 03:10 - 2013-10-09 11:11 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-09-13 14:44 - 2013-08-07 20:40 - 00066104 _____ C:\Users\nektarum\AppData\Local\GDIPFONTCACHEV1.DAT

2013-09-13 12:23 - 2013-09-13 12:20 - 00000000 ____D C:\Program Files (x86)\Rainlendar2

2013-09-13 12:23 - 2013-08-07 20:40 - 00000000 ____D C:\Users\nektarum

2013-09-13 12:21 - 2013-09-13 12:21 - 00000000 ____D C:\Program Files (x86)\FoxyDeal

2013-09-13 09:27 - 2013-09-13 09:27 - 00000000 __RHD C:\MSOCache

2013-09-12 16:08 - 2013-09-12 16:08 - 01232763 _____ C:\Users\nektarum\Downloads\Gansessen1.rar

2013-09-12 16:08 - 2013-09-12 16:08 - 01232763 _____ C:\Users\nektarum\Desktop\Gansessen1.rar

2013-09-12 16:08 - 2013-09-12 16:08 - 00603271 _____ C:\Users\nektarum\Desktop\Gansessen2.rar

2013-09-12 13:21 - 2013-08-07 20:43 - 00000000 ___RD C:\Users\nektarum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-12 13:21 - 2013-08-07 20:43 - 00000000 ___RD C:\Users\nektarum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-12 12:55 - 2013-08-07 21:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
 

Files to move or delete:

====================

C:\Users\Public\AlexaNSISPlugin.2012.dll
 
 

Some content of TEMP:

====================

C:\Users\nektarum\AppData\Local\Temp\avgnt.exe

C:\Users\nektarum\AppData\Local\Temp\FoxyDeal_Setup.exe

C:\Users\nektarum\AppData\Local\Temp\Quarantine.exe

C:\Users\nektarum\AppData\Local\Temp\SkypeSetup.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-10-11 15:15
 

==================== End Of Log ============================

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013

Ran by nektarum at 2013-10-12 15:11:55

Running from C:\Users\nektarum\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

ActiveX контрола на Windows Live Mesh за отдалечени връзки (x32 Version: 15.4.5722.2)

ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (x32 Version: 15.4.5722.2)

Adobe AIR (x32 Version: 2.5.1.17730)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)

Adobe Reader X MUI (x32 Version: 10.0.0)

Alps Pointing-device for VAIO

ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.1.142)

ArcSoft WebCam Companion 4 (x32 Version: 4.0.21.392)

Avira Free Antivirus (x32 Version: 14.0.0.383)

Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.2.663)

Bing Bar (x32 Version: 7.0.850.0)

Bluetooth Win7 Suite (64) (Version: 7.3.0.100)

CCleaner (Version: 4.04)

Conexant HD Audio (Version: 8.54.0.53)

Control ActiveX Windows Live Mesh pentru conexiuni la distanță (x32 Version: 15.4.5722.2)

Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)

Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)

D3DX10 (x32 Version: 15.4.2368.0902)

Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2)

FoxyDeal (x32 Version: 1.1.0)

Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)

Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)

Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)

Galerie foto Windows Live (x32 Version: 15.4.3502.0922)

GMX MailCheck für Internet Explorer (x32 Version: 2.3.0.2)

GMX Softwareaktualisierung (x32 Version: 3.0.0.55)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0)

Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)

Google Update Helper (x32 Version: 1.3.21.165)

Intel(R) Control Center (x32 Version: 1.2.1.1007)

Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)

Intel(R) Rapid Storage Technology (x32 Version: 10.0.0.1046)

Java Auto Updater (x32 Version: 2.0.2.4)

Java(TM) 6 Update 22 (64-bit) (Version: 6.0.220)

Java(TM) 6 Update 22 (x32 Version: 6.0.220)

Junk Mail filter update (x32 Version: 15.4.3502.0922)

Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Media Gallery (Version: 1.5.0.16020)

Mesh Runtime (x32 Version: 15.4.5722.2)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)

Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)

Mozilla Maintenance Service (x32 Version: 24.0)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)

MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)

NVIDIA 3D Vision Treiber 267.21 (Version: 267.21)

NVIDIA Grafiktreiber 267.21 (Version: 267.21)

NVIDIA HD-Audiotreiber 1.2.19.0 (Version: 1.2.19.0)

NVIDIA Install Application (Version: 2.265.39.0)

NVIDIA PhysX (x32 Version: 9.10.0514)

NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514)

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6721)

NVIDIA Systemsteuerung 267.21 (Version: 267.21)

Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (x32 Version: 15.4.5722.2)

Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (x32 Version: 15.4.5722.2)

PMB (x32 Version: 5.5.02.12220)

PMB VAIO Edition Plug-in (Version: 1.5.10.05300)

PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06010)

Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)

Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)

Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)

Realtek PCIE Card Reader (x32 Version: 6.1.7600.77)

Remote Keyboard (x32 Version: 1.1.1.03020)

Remote Play with PlayStation 3 (x32 Version: 1.1.0.15070)

Skype™ 6.7 (x32 Version: 6.7.102)

Sony Corporation (Version: 1.0.0)

SSLx64 (Version: 1.0.0)

SSLx86 (x32 Version: 1.0.0)

TubeSaver (x32)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)

Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2)

VAIO - Media Gallery (x32 Version: 1.5.0.16020)

VAIO - PMB VAIO Edition Guide (x32 Version: 1.6.00.06030)

VAIO - PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06140)

VAIO - Remote Play mit PlayStation®3 (x32 Version: 1.1.0.15070)

VAIO - Remote-Tastatur  (x32 Version: 1.0.1.03020)

VAIO Care (x32 Version: 6.4.0.15030)

VAIO Control Center (x32 Version: 4.5.0.03040)

VAIO Data Restore Tool (x32 Version: 1.6.0.13140)

VAIO Easy Connect (x32 Version: 1.1.1.12200)

VAIO Event Service (x32 Version: 5.5.0.03040)

VAIO Gate (x32 Version: 2.3.0.11090)

VAIO Gate Default (x32 Version: 2.4.0.10090)

VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280)

VAIO Hero Screensaver - Summer 2011 Screensaver (x32)

VAIO Improvement (x32 Version: 1.0.0.14150)

VAIO Improvement Validation (Version: 1.0.4.01190)

VAIO Quick Web Access (x32 Version: 1.4.5.3)

VAIO Sample Contents (x32 Version: 1.4.2.09010)

VAIO Smart Network (x32 Version: 3.5.0.02280)

VAIO Update (x32 Version: 5.4.0.15300)

VAIO-Handbuch (x32 Version: 2.0.0.02250)

VAIO-Support für Übertragungen (x32 Version: 1.4.0.14230)

VCCx86 (x32 Version: 1.0.0)

VESx64 (Version: 1.0.0)

VESx86 (x32 Version: 1.0.0)

VIx64 (Version: 1.0.0)

VIx86 (x32 Version: 1.0.0)

VSNx64 (Version: 1.0.0)

VWSTx86 (x32 Version: 1.0.0)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3508.1109)

Windows Live Fotogaléria (x32 Version: 15.4.3502.0922)

Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)

Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)

Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)

Windows Live Fotótár (x32 Version: 15.4.3502.0922)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)

Windows Live Installer (x32 Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3508.1109)

Windows Live Mail (x32 Version: 15.4.3502.0922)

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)

Windows Live Mesh (x32 Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)

Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)

Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (x32 Version: 15.4.5722.2)

Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2)

Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2)

Windows Live Meshin etäyhteyksien ActiveX-komponentti (x32 Version: 15.4.5722.2)

Windows Live Messenger (x32 Version: 15.4.3502.0922)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (x32 Version: 15.4.3502.0922)

Windows Live Photo Common (x32 Version: 15.4.3502.0922)

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (x32 Version: 15.4.3502.0922)

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)

Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)

Windows Live UX Platform (x32 Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)

Windows Live Writer (x32 Version: 15.4.3502.0922)

Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)

Windows Liven sähköposti (x32 Version: 15.4.3502.0922)

Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)

Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2)

Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)

Елемент керування Windows Live Mesh ActiveX для віддалених підключень (x32 Version: 15.4.5722.2)

Основи Windows Live (x32 Version: 15.4.3502.0922)

Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)

Почта Windows Live (x32 Version: 15.4.3502.0922)

Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)

Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922)

Фотоколекція Windows Live (x32 Version: 15.4.3502.0922)

Элемент управления Windows Live Mesh ActiveX для удаленных подключений (x32 Version: 15.4.5722.2)
 

==================== Restore Points  =========================
 

12-09-2013 10:47:58 Windows Update

14-09-2013 11:11:49 Windows Update

21-09-2013 15:14:04 Geplanter Prüfpunkt

30-09-2013 14:30:00 Geplanter Prüfpunkt

08-10-2013 09:44:16 Geplanter Prüfpunkt

11-10-2013 07:07:47 Windows Update
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {2167452D-D467-4917-9975-F8702EC809C0} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-11-16] (Sony Corporation)

Task: {33B11749-81C5-4759-9A81-3B4DF1872367} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2011-03-30] (Sony Corporation)

Task: {4261D6A8-3F11-44B8-A0F4-860602BF5CD6} - \BrowserDefendert No Task File

Task: {5AE841CA-EB75-4891-AA21-3823732D4564} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)

Task: {632EEDE3-5C0B-4DDB-A516-9E3E09670C0D} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [2011-01-20] (Sony Corporation)

Task: {6A3EA779-754B-4DE4-A1EF-16E11CBA3893} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-02-15] (Sony Corporation)

Task: {74732C8B-1936-4C5F-A169-C6B8846D9266} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-08] (Google Inc.)

Task: {7C53A8B4-7E2C-47EE-B816-654E92C7B565} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient

Task: {8879D2AF-9EF6-4DAD-828A-6BEBB46E804E} - System32\Tasks\{5C34603E-F373-428C-9BDE-0FED978405AF} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?page=tsProgressBar

Task: {9289A049-EF3F-499A-8173-C770A89CCA44} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)

Task: {9D432E8D-0F76-4396-B9A8-497559827B49} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-11-16] (Sony Corporation)

Task: {C1E68D5A-E6CA-4066-BF09-A063343DBF74} - \TubeSaver Update No Task File

Task: {C597DA4E-B42E-4A8D-85DC-43D7E4BECA85} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-08] (Google Inc.)

Task: {CBA6C3CF-BC7F-4219-8C33-520D3AD6984F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {D1670ED0-7442-4598-A0BD-392F72A9CF51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)

Task: {D2808234-8785-45FC-BEBE-35DFB119684B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)

Task: {DE08CE4A-C160-460B-B14C-6EE1FD05EA1F} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)

Task: {E97EFEEC-80A4-4BD9-8FC2-BCBE311D6E1B} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-08-08 16:07 - 2013-07-18 08:02 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2013-08-01 19:55 - 2011-03-05 16:42 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll

2013-08-17 12:39 - 2013-08-17 12:39 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\cd9a4b4dbc1a4b564ebed696e18cadb6\IsdiInterop.ni.dll

2013-08-01 19:38 - 2010-09-13 18:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

2013-10-01 14:57 - 2013-10-01 14:57 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2011-02-18 11:18 - 2011-02-18 11:18 - 00235112 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (10/12/2013 03:04:36 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/12/2013 02:47:26 PM) (Source: Application Hang) (User: )

Description: Programm Bootstrapper.exe, Version 1.14.1.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 15ac
 

Startzeit: 01cec748bfbae0bc
 

Endzeit: 0
 

Anwendungspfad: C:\Program Files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe
 

Berichts-ID:
 

Error: (10/12/2013 02:47:09 PM) (Source: Microsoft-Windows-RestartManager) (User: nektarum-VAIO)

Description: Die Anwendung oder der Dienst "IAStorIcon" konnte nicht heruntergefahren werden.
 

Error: (10/12/2013 08:59:55 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/11/2013 00:07:39 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/11/2013 09:05:29 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/09/2013 10:59:36 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/07/2013 09:42:59 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/06/2013 08:35:46 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/06/2013 04:20:28 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============

Error: (10/12/2013 03:03:14 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%3
 

Error: (10/12/2013 02:19:32 PM) (Source: BTHUSB) (User: )

Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
 

Error: (10/12/2013 11:27:28 AM) (Source: BTHUSB) (User: )

Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
 

Error: (10/12/2013 11:27:19 AM) (Source: DCOM) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 

Error: (10/12/2013 08:58:20 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%3
 

Error: (10/12/2013 08:58:14 AM) (Source: BTHUSB) (User: )

Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
 

Error: (10/11/2013 04:29:29 PM) (Source: BTHUSB) (User: )

Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
 

Error: (10/11/2013 01:53:02 PM) (Source: BTHUSB) (User: )

Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
 

Error: (10/11/2013 00:06:57 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%3
 

Error: (10/11/2013 00:06:42 PM) (Source: BTHUSB) (User: )

Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
 
 

Microsoft Office Sessions:

=========================

Error: (10/12/2013 03:04:36 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/12/2013 02:47:26 PM) (Source: Application Hang)(User: )

Description: Bootstrapper.exe1.14.1.015ac01cec748bfbae0bc0C:\Program Files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe
 

Error: (10/12/2013 02:47:09 PM) (Source: Microsoft-Windows-RestartManager)(User: nektarum-VAIO)

Description: 1C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exeIAStorIcon0211732480
 

Error: (10/12/2013 08:59:55 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/11/2013 00:07:39 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/11/2013 09:05:29 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/09/2013 10:59:36 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/07/2013 09:42:59 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/06/2013 08:35:46 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (10/06/2013 04:20:28 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 39%

Total physical RAM: 4077.86 MB

Available physical RAM: 2478.8 MB

Total Pagefile: 8153.9 MB

Available Pagefile: 6099.05 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:451.54 GB) (Free:407.22 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 74DF669F)

Partition 1: (Not Active) - (Size=14 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.10.12.03
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16721

nektarum :: NEKTARUM-VAIO [Administrator]
 

Schutz: Aktiviert
 

12.10.2013 16:41:31

mbam-log-2013-10-12 (16-41-31).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 318521

Laufzeit: 33 Minute(n), 38 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 5

C:\AdwCleaner\Quarantine\C\Program Files (x86)\tubesaver\tbsUd.exe.vir (PUP.Optional.AdLyrics) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\nektarum\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F5WBV3KJ\MinibarChrome[1].exe (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\nektarum\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MR5G313Q\IminentMinibarIE[1].exe (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\nektarum\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P30P4H81\iminent[1].msi (PUP.Optional.Iminent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\nektarum\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFBBP7AS\MinibarFirefox[1].exe (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Code:

# AdwCleaner v3.007 - Bericht erstellt am 12/10/2013 um 17:30:23

# Updated 09/10/2013 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzername : nektarum - NEKTARUM-VAIO

# Gestartet von : C:\Users\nektarum\Downloads\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\Program Files (x86)\FoxyDeal

Ordner Gelöscht : C:\Program Files (x86)\Iminent

Datei Gelöscht : C:\Users\nektarum\AppData\Roaming\Mozilla\Firefox\Profiles\recthfxd.default\foxydeal.sqlite

Datei Gelöscht : C:\Users\nektarum\AppData\Roaming\Mozilla\Firefox\Profiles\recthfxd.default\searchplugins\iminent.xml

Datei Gelöscht : C:\Users\nektarum\AppData\Roaming\Mozilla\Firefox\Profiles\recthfxd.default\user.js
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Schlüssel Gelöscht : HKCU\Software\FoxyDeal

Schlüssel Gelöscht : HKCU\Software\Softonic

Schlüssel Gelöscht : HKCU\Software\AppDataLow\FoxyDeal

Schlüssel Gelöscht : HKLM\Software\Iminent

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxyDeal

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
 

***** [ Browser ] *****
 

-\\ Internet Explorer v10.0.9200.16720
 
 

-\\ Mozilla Firefox v24.0 (de)
 

[ Datei : C:\Users\nektarum\AppData\Roaming\Mozilla\Firefox\Profiles\recthfxd.default\prefs.js ]
 
 

*************************
 

AdwCleaner[R0].txt - [4320 octets] - [04/09/2013 12:49:55]

AdwCleaner[R1].txt - [11344 octets] - [12/10/2013 17:29:53]

AdwCleaner[S0].txt - [3937 octets] - [04/09/2013 12:51:21]

AdwCleaner[S1].txt - [10982 octets] - [12/10/2013 17:30:23]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [11043 octets] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.4 (10.06.2013:1)

OS: Windows 7 Home Premium x64

Ran by nektarum on 13.10.2013 at 15:13:29,92

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f336028d-158a-481f-9dd7-cd19734173c1}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{f336028d-158a-481f-9dd7-cd19734173c1}
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\ProgramData\apn"
 
 
 

~~~ FireFox
 

Successfully deleted the following from C:\Users\nektarum\AppData\Roaming\mozilla\firefox\profiles\recthfxd.default\prefs.js
 

user_pref("browser.newtab.url", "hxxp://start.iminent.com/?ref=NewTab&appId=8E9A383C-010C-46F3-B12E-65DF2CC41BED");

user_pref("extensions.iminent.admin", false);

user_pref("extensions.iminent.aflt", "orgnl");

user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");

user_pref("extensions.iminent.autoRvrt", "false");

user_pref("extensions.iminent.dfltLng", "");

user_pref("extensions.iminent.excTlbr", false);

user_pref("extensions.iminent.ffxUnstlRst", false);

user_pref("extensions.iminent.id", "b417e61700000000000008edb9c7a3ed");

user_pref("extensions.iminent.instlDay", "15961");

user_pref("extensions.iminent.instlRef", "");

user_pref("extensions.iminent.newTab", false);

user_pref("extensions.iminent.prdct", "iminent");

user_pref("extensions.iminent.prtnrId", "iminent");

user_pref("extensions.iminent.rvrt", "false");

user_pref("extensions.iminent.smplGrp", "none");

user_pref("extensions.iminent.tlbrId", "base");

user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");

user_pref("extensions.iminent.vrsn", "1.8.25.0");

user_pref("extensions.iminent.vrsnTs", "1.8.25.012:21:56");

user_pref("extensions.iminent.vrsni", "1.8.25.0");

user_pref("iminent.LayoutId", "28");

user_pref("iminent.ShowThankyouPixel", "0");

user_pref("iminent.registerToolbarEvent101", "1381580869233");

user_pref("iminent.registerToolbarEvent102", "1381580764305");

user_pref("iminent.registerToolbarEvent109", "1381048803027");

user_pref("iminent.registerToolbarEvent111", "1381048803042");

user_pref("iminent.registerToolbarEvent112", "1381048803307");

user_pref("iminent.registerToolbarEvent122", "1381048803058");

user_pref("iminent.registerToolbarEvent140", "1381346934715");

user_pref("iminent.version", "7.41.2.1");

user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.36.1.1\",\"InstallEventCTime\":1379067728120,\"InstallEvent\":\"True\",\"UpdateEventCTime\":1381581679292}");

Emptied folder: C:\Users\nektarum\AppData\Roaming\mozilla\firefox\profiles\recthfxd.default\minidumps [10 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 13.10.2013 at 15:19:52,67

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013

Ran by nektarum (administrator) on NEKTARUM-VAIO on 13-10-2013 15:22:28

Running from C:\Users\nektarum\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Sony Corporation) c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

(1und1 Mail und Media GmbH) C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe

(ALPS) C:\Program Files\Apoint\Apvfb.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe

(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe

(Microsoft Corporation) C:\Windows\System32\vds.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VUAgent.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\Admload.exe

(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-29] (Conexant Systems, Inc.)

HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790688 2011-04-29] (Atheros Communications)

HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-04-29] (Atheros Commnucations)

HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-10-17] (Alps Electric Co., Ltd.)

HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-08-08] (Google Inc.)

HKCU\...\Run: [Rainlendar2] - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe

HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)

HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)

HKLM-x32\...\Run: [PMBVolumeWatcher] - c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)

HKLM-x32\...\Run: [MailCheck IE Broker] - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [1481280 2013-07-01] (1und1 Mail und Media GmbH)

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/

SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

SearchScopes: HKCU - {04EF6A70-3BC6-4482-B6DB-0EFDAD96C21B} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {1A6097A7-3498-4E03-BEA3-A1F22528D7EC} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie

SearchScopes: HKCU - {3CFD213A-FD11-4C43-9042-05103AE3EAFE} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {6197DA52-83DB-4560-894A-D4029C22A7E8} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices

SearchScopes: HKCU - {67986C53-5956-4D02-84B2-71DC482E29BD} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q311&_nkw={searchTerms}

SearchScopes: HKCU - {7B40797C-6F89-4E21-A913-06BFACFDD4EA} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File

BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)

Toolbar: HKLM-x32 -  No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - GMX MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU -  No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File

Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)

Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\nektarum\AppData\Roaming\Mozilla\Firefox\Profiles\recthfxd.default

FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");

FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: FoxyDeal - C:\Users\nektarum\AppData\Roaming\Mozilla\Firefox\Profiles\recthfxd.default\Extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D}

FF Extension: nosquint - C:\Users\nektarum\AppData\Roaming\Mozilla\Firefox\Profiles\recthfxd.default\Extensions\nosquint@urandom.ca.xpi

FF Extension: No Name - C:\Users\nektarum\AppData\Roaming\Mozilla\Firefox\Profiles\recthfxd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF HKCU\...\Firefox\Extensions: [{9d98c11e-02f4-4775-8299-faaaa81f3865}] - C:\Program Files (x86)\TubeSaver\130.xpi
 

Chrome: 

=======

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx

CHR HKLM-x32\...\Chrome\Extension: [ojcdnngpmbenohhjlickdajclhbcaada] - C:\Program Files (x86)\TubeSaver\130.crx
 

==================== Services (Whitelisted) =================
 

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)

R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)

S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)

R3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1021112 2011-03-30] (Sony Corporation)

S2 McAfee SiteAdvisor Service; 
 

==================== Drivers (Whitelisted) ====================
 

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-01] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-01] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)

S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)

U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-13 15:19 - 2013-10-13 15:21 - 00003527 _____ C:\Users\nektarum\Desktop\JRT.txt

2013-10-13 15:13 - 2013-10-13 15:13 - 00000000 ____D C:\Windows\ERUNT

2013-10-13 15:12 - 2013-10-13 15:12 - 01032220 _____ (Thisisu) C:\Users\nektarum\Downloads\JRT.exe

2013-10-12 20:41 - 2013-10-12 20:41 - 00000000 ____D C:\Users\nektarum\Desktop\Chanel

2013-10-12 17:41 - 2013-10-12 17:41 - 00011308 _____ C:\Users\nektarum\Desktop\AdwCleaner[S1].txt

2013-10-12 17:29 - 2013-10-12 17:29 - 01048960 _____ C:\Users\nektarum\Downloads\adwcleaner.exe

2013-10-12 15:11 - 2013-10-12 15:13 - 00023922 _____ C:\Users\nektarum\Downloads\Addition.txt

2013-10-12 15:11 - 2013-10-12 15:11 - 00000000 ____D C:\FRST

2013-10-12 15:10 - 2013-10-12 15:10 - 01954124 _____ (Farbar) C:\Users\nektarum\Downloads\FRST64.exe

2013-10-12 15:10 - 2013-10-12 15:10 - 01087213 _____ (Farbar) C:\Users\nektarum\Downloads\FRST.exe

2013-10-12 14:50 - 2013-10-12 14:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\nektarum\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-12 14:50 - 2013-10-12 14:50 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-12 14:50 - 2013-10-12 14:50 - 00000000 ____D C:\Users\nektarum\AppData\Roaming\Malwarebytes

2013-10-12 14:50 - 2013-10-12 14:50 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-12 14:50 - 2013-10-12 14:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-12 14:50 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-11 16:34 - 2013-10-11 16:36 - 00000000 ____D C:\Users\nektarum\Desktop\Neuer Ordner

2013-10-11 09:24 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-10-11 09:24 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-10-11 09:24 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-10-11 09:24 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-11 09:24 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-11 09:24 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-10-11 09:24 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-11 09:24 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-11 09:24 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-10-11 09:24 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-11 09:24 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-10-11 09:24 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-11 09:24 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-11 09:24 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-10-11 09:24 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-10-11 09:24 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-11 09:24 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-10-11 09:24 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-11 09:24 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-10-11 09:24 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-10-11 09:24 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-10-09 17:32 - 2013-10-09 17:32 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2013-10-09 11:11 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-10-09 11:11 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-10-09 11:11 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2013-10-09 11:11 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

2013-10-09 11:11 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-10-09 11:11 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-10-09 11:11 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2013-10-09 11:11 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-10-09 11:11 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2013-10-09 11:11 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-10-09 11:11 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-10-09 11:11 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-10-09 11:11 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2013-10-09 11:11 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-10-09 11:11 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2013-10-09 11:11 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-10-09 11:11 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-10-09 11:11 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-10-09 11:11 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-10-09 11:11 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-09 11:11 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys

2013-10-09 11:11 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2013-10-09 11:11 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2013-10-09 11:11 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-09 11:11 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2013-10-09 11:11 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

2013-10-09 11:11 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

2013-10-09 11:11 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2013-10-09 11:11 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2013-10-09 11:11 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2013-10-09 11:11 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-09 11:11 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-09 11:11 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2013-10-09 11:11 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2013-10-09 11:11 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2013-10-09 11:11 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-09 11:11 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2013-10-09 11:11 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2013-10-09 11:11 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2013-10-09 11:11 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-09 11:11 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2013-10-09 11:11 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2013-10-09 11:10 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2013-10-09 11:10 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2013-10-09 11:10 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2013-10-09 11:10 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2013-10-09 11:10 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2013-10-09 11:10 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2013-10-09 11:10 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2013-10-09 11:10 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2013-10-09 11:10 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-09 11:10 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 11:10 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 11:00 - 2013-10-09 11:00 - 00003086 _____ C:\Windows\System32\Tasks\{5C34603E-F373-428C-9BDE-0FED978405AF}

2013-10-01 14:57 - 2013-10-01 14:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-09-26 17:34 - 2013-09-26 17:34 - 00000000 ____D C:\Users\nektarum\AppData\Local\Microsoft Help

2013-09-26 17:34 - 2013-09-26 17:34 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-09-13 14:35 - 2013-09-14 14:41 - 00000000 ___SD C:\Program Files (x86)\PTBSync

2013-09-13 12:21 - 2013-10-12 14:47 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog

2013-09-13 12:20 - 2013-09-13 12:23 - 00000000 ____D C:\Program Files (x86)\Rainlendar2

2013-09-13 09:27 - 2013-09-13 09:27 - 00000000 __RHD C:\MSOCache
 

==================== One Month Modified Files and Folders =======
 

2013-10-13 15:21 - 2013-10-13 15:19 - 00003527 _____ C:\Users\nektarum\Desktop\JRT.txt

2013-10-13 15:13 - 2013-10-13 15:13 - 00000000 ____D C:\Windows\ERUNT

2013-10-13 15:12 - 2013-10-13 15:12 - 01032220 _____ (Thisisu) C:\Users\nektarum\Downloads\JRT.exe

2013-10-13 14:32 - 2013-08-07 22:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-13 14:27 - 2013-08-08 16:06 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-13 11:27 - 2013-08-01 19:28 - 01164886 _____ C:\Windows\WindowsUpdate.log

2013-10-12 20:44 - 2009-07-14 06:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-12 20:44 - 2009-07-14 06:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-12 20:41 - 2013-10-12 20:41 - 00000000 ____D C:\Users\nektarum\Desktop\Chanel

2013-10-12 20:41 - 2013-08-01 20:22 - 00697534 _____ C:\Windows\system32\perfh007.dat

2013-10-12 20:41 - 2013-08-01 20:22 - 00148540 _____ C:\Windows\system32\perfc007.dat

2013-10-12 20:41 - 2009-07-14 07:13 - 01614892 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-12 20:40 - 2013-08-07 20:44 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0A5373DE-C14F-4AB2-B374-0B1857CC31FD}

2013-10-12 20:37 - 2013-08-12 08:46 - 00013443 _____ C:\Windows\setupact.log

2013-10-12 20:36 - 2013-08-08 16:06 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-12 20:36 - 2013-08-01 19:47 - 00000000 ____D C:\ProgramData\NVIDIA

2013-10-12 20:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-12 17:41 - 2013-10-12 17:41 - 00011308 _____ C:\Users\nektarum\Desktop\AdwCleaner[S1].txt

2013-10-12 17:30 - 2013-09-04 12:49 - 00000000 ____D C:\AdwCleaner

2013-10-12 17:29 - 2013-10-12 17:29 - 01048960 _____ C:\Users\nektarum\Downloads\adwcleaner.exe

2013-10-12 17:26 - 2013-08-15 17:32 - 00013824 _____ C:\Windows\PFRO.log

2013-10-12 15:13 - 2013-10-12 15:11 - 00023922 _____ C:\Users\nektarum\Downloads\Addition.txt

2013-10-12 15:11 - 2013-10-12 15:11 - 00000000 ____D C:\FRST

2013-10-12 15:10 - 2013-10-12 15:10 - 01954124 _____ (Farbar) C:\Users\nektarum\Downloads\FRST64.exe

2013-10-12 15:10 - 2013-10-12 15:10 - 01087213 _____ (Farbar) C:\Users\nektarum\Downloads\FRST.exe

2013-10-12 14:50 - 2013-10-12 14:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\nektarum\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-12 14:50 - 2013-10-12 14:50 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-12 14:50 - 2013-10-12 14:50 - 00000000 ____D C:\Users\nektarum\AppData\Roaming\Malwarebytes

2013-10-12 14:50 - 2013-10-12 14:50 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-12 14:50 - 2013-10-12 14:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-12 14:47 - 2013-09-13 12:21 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog

2013-10-12 11:27 - 2013-08-07 21:27 - 00000000 ____D C:\Users\nektarum\AppData\Roaming\Skype

2013-10-12 09:22 - 2013-08-08 16:06 - 00004110 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-10-12 09:22 - 2013-08-08 16:06 - 00003858 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-10-11 16:36 - 2013-10-11 16:34 - 00000000 ____D C:\Users\nektarum\Desktop\Neuer Ordner

2013-10-11 16:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache

2013-10-11 12:07 - 2009-07-14 06:45 - 00301536 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-11 12:06 - 2013-08-08 09:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-11 12:06 - 2013-08-08 09:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-10-11 09:22 - 2011-02-11 01:03 - 01592786 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-10-11 09:17 - 2013-08-14 11:36 - 00000000 ____D C:\Windows\system32\MRT

2013-10-11 09:15 - 2013-08-08 22:27 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-10-09 17:32 - 2013-10-09 17:32 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2013-10-09 17:32 - 2013-08-07 22:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-10-09 17:32 - 2013-08-07 22:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-10-09 17:32 - 2013-08-07 22:07 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-10-09 12:03 - 2013-09-08 09:55 - 00072369 _____ C:\test.xml

2013-10-09 11:00 - 2013-10-09 11:00 - 00003086 _____ C:\Windows\System32\Tasks\{5C34603E-F373-428C-9BDE-0FED978405AF}

2013-10-09 10:57 - 2009-07-14 07:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-02 09:00 - 2013-09-04 11:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-10-01 16:46 - 2013-09-04 11:49 - 00000000 ____D C:\Users\nektarum\AppData\Local\Mozilla

2013-10-01 15:06 - 2013-08-08 16:09 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-10-01 15:06 - 2013-08-08 16:07 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-10-01 15:06 - 2013-08-08 16:07 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-10-01 15:06 - 2013-08-08 16:07 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2013-10-01 14:57 - 2013-10-01 14:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-09-27 15:54 - 2013-08-07 21:39 - 00000000 ____D C:\Users\nektarum\AppData\Roaming\SoftGrid Client

2013-09-26 17:34 - 2013-09-26 17:34 - 00000000 ____D C:\Users\nektarum\AppData\Local\Microsoft Help

2013-09-26 17:34 - 2013-09-26 17:34 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-09-23 22:05 - 2013-08-08 14:51 - 00000000 ____D C:\Users\nektarum\AppData\Local\CrashDumps

2013-09-23 01:28 - 2013-10-11 09:24 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-09-23 01:28 - 2013-10-11 09:24 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-09-23 01:27 - 2013-10-11 09:24 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-09-23 00:55 - 2013-10-11 09:24 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-09-23 00:55 - 2013-10-11 09:24 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-09-23 00:55 - 2013-10-11 09:24 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-09-23 00:54 - 2013-10-11 09:24 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-09-23 00:54 - 2013-10-11 09:24 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-09-23 00:54 - 2013-10-11 09:24 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-09-23 00:54 - 2013-10-11 09:24 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-09-23 00:54 - 2013-10-11 09:24 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-09-23 00:54 - 2013-10-11 09:24 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-09-23 00:54 - 2013-10-11 09:24 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-09-23 00:54 - 2013-10-11 09:24 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-09-23 00:54 - 2013-10-11 09:24 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-09-23 00:54 - 2013-10-11 09:24 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-09-23 00:54 - 2013-10-11 09:24 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-09-21 05:38 - 2013-10-11 09:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-09-21 05:30 - 2013-10-11 09:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-09-21 04:48 - 2013-10-11 09:24 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-09-21 04:39 - 2013-10-11 09:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-09-14 14:41 - 2013-09-13 14:35 - 00000000 ___SD C:\Program Files (x86)\PTBSync

2013-09-14 03:10 - 2013-10-09 11:11 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-09-13 14:44 - 2013-08-07 20:40 - 00066104 _____ C:\Users\nektarum\AppData\Local\GDIPFONTCACHEV1.DAT

2013-09-13 12:23 - 2013-09-13 12:20 - 00000000 ____D C:\Program Files (x86)\Rainlendar2

2013-09-13 12:23 - 2013-08-07 20:40 - 00000000 ____D C:\Users\nektarum

2013-09-13 09:27 - 2013-09-13 09:27 - 00000000 __RHD C:\MSOCache
 

Files to move or delete:

====================

C:\Users\Public\AlexaNSISPlugin.2012.dll
 
 

Some content of TEMP:

====================

C:\Users\nektarum\AppData\Local\Temp\avgnt.exe

C:\Users\nektarum\AppData\Local\Temp\FoxyDeal_Setup.exe

C:\Users\nektarum\AppData\Local\Temp\Quarantine.exe

C:\Users\nektarum\AppData\Local\Temp\SkypeSetup.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-10-11 15:15
 

==================== End Of Log ============================

--- --- ---